From 78e248d8265b586faa4779363eab7896e4cf2ed0 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Sun, 19 Nov 2023 16:06:47 -0600 Subject: [PATCH 001/124] python3Packages.numpy: remove reference to build Python The full path of the build Python intepreter gets stored in numpy/__config__.py and thus the built wheel. Leaving the reference is annoying for regular builds but fatal for cross builds. (cherry picked from commit 4104fe93c076af4f208362b7c9cd1b9a9f9386e1) --- pkgs/development/python-modules/numpy/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index 82ceee47d066d..0d26c6ffd4c48 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -83,6 +83,10 @@ in buildPythonPackage rec { rm numpy/core/tests/test_cython.py patchShebangs numpy/_build_utils/*.py + + # remove needless reference to full Python path stored in built wheel + substituteInPlace numpy/meson.build \ + --replace 'py.full_path()' "'python'" ''; nativeBuildInputs = [ From 43c623e66054df89bc84dabf03aafdfb14ce6afb Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Sun, 19 Nov 2023 16:10:11 -0600 Subject: [PATCH 002/124] python3Packages.numpy: fix cross compilation Add mesonEmulatorHook, along with a small hack to make it function properly with meson-python. (cherry picked from commit bad887d92620c8b1673bd0f7e8d966ae0e642664) --- pkgs/development/python-modules/numpy/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index 0d26c6ffd4c48..62ffc91e87677 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -11,6 +11,7 @@ , cython_3 , gfortran , meson-python +, mesonEmulatorHook , pkg-config , xcbuild @@ -96,6 +97,8 @@ in buildPythonPackage rec { pkg-config ] ++ lib.optionals (stdenv.isDarwin) [ xcbuild.xcrun + ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ + mesonEmulatorHook ]; buildInputs = [ @@ -114,6 +117,11 @@ in buildPythonPackage rec { export OMP_NUM_THREADS=$((NIX_BUILD_CORES > 64 ? 64 : NIX_BUILD_CORES)) ''; + # HACK: copy mesonEmulatorHook's flags to the variable used by meson-python + postConfigure = '' + mesonFlags="$mesonFlags ''${mesonFlagsArray[@]}" + ''; + preBuild = '' ln -s ${cfg} site.cfg ''; From 861b757019db214bb98878c1711494984d13e374 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 22 Nov 2023 16:02:24 -0500 Subject: [PATCH 003/124] http-parser: Build on windows It actually does without modification, but what it installs isn't quite right. This fixes that. Specifying `uname` is in general more robust for cross, and specifying those other variables always (when we just need to for Windows) helps keep cross/native more similar for maintainability's sake. The package is no longer maintained, so there isn't really anything to upstream here. (cherry picked from commit 966e7af193c8c5c0c3df1a9e0b0deab8b7bc0585) --- .../libraries/http-parser/default.nix | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/http-parser/default.nix b/pkgs/development/libraries/http-parser/default.nix index 327121dc6b1bc..a499f6bf207b4 100644 --- a/pkgs/development/libraries/http-parser/default.nix +++ b/pkgs/development/libraries/http-parser/default.nix @@ -12,6 +12,7 @@ stdenv.mkDerivation rec { }; env.NIX_CFLAGS_COMPILE = "-Wno-error"; + patches = [ ./build-shared.patch ] ++ lib.optionals stdenv.isAarch32 [ @@ -21,18 +22,36 @@ stdenv.mkDerivation rec { sha256 = "sha256-rZZMJeow3V1fTnjadRaRa+xTq3pdhZn/eJ4xjxEDoU4="; }) ]; - makeFlags = [ "DESTDIR=" "PREFIX=$(out)" ]; + + makeFlags = [ + "DESTDIR=" + "PREFIX=$(out)" + "SOEXT=${lib.strings.removePrefix "." stdenv.hostPlatform.extensions.sharedLibrary}" + "BINEXT=${stdenv.hostPlatform.extensions.executable}" + "Platform=${lib.toLower stdenv.hostPlatform.uname.system}" + ] ++ lib.optionals stdenv.hostPlatform.isWindows [ + "SONAME=$(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT)" + "LIBNAME=$(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOREV).$(SOEXT)" + "LDFLAGS=-Wl,--out-implib=$(LIBNAME).a" + ]; + buildFlags = [ "library" ]; + doCheck = true; checkTarget = "test"; enableParallelBuilding = true; + postInstall = lib.optionalString stdenv.hostPlatform.isWindows '' + install -D *.dll.a $out/lib + ln -sf libhttp_parser.${version}.dll.a $out/lib/libhttp_parser.dll.a + ''; + meta = with lib; { description = "An HTTP message parser written in C"; homepage = "https://github.com/nodejs/http-parser"; maintainers = with maintainers; [ matthewbauer ]; license = licenses.mit; - platforms = platforms.unix; + platforms = platforms.all; }; } From 908eafc841b08452955715ee9b7dd597315d49a3 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 22 Nov 2023 17:54:51 -0500 Subject: [PATCH 004/124] libgit2: Fix build on Windows (cherry picked from commit 2ba280859c9612236fb7cb6f37d726d3009d6fc5) --- pkgs/development/libraries/libgit2/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/libgit2/default.nix b/pkgs/development/libraries/libgit2/default.nix index 085c4c79bdc94..d21dbcb7ac0a0 100644 --- a/pkgs/development/libraries/libgit2/default.nix +++ b/pkgs/development/libraries/libgit2/default.nix @@ -33,6 +33,10 @@ stdenv.mkDerivation rec { "-DUSE_HTTP_PARSER=system" "-DUSE_SSH=ON" "-DBUILD_SHARED_LIBS=${if staticBuild then "OFF" else "ON"}" + ] ++ lib.optionals stdenv.hostPlatform.isWindows [ + "-DDLLTOOL=${stdenv.cc.bintools.targetPrefix}dlltool" + # For ws2_32, refered to by a `*.pc` file + "-DCMAKE_LIBRARY_PATH=${stdenv.cc.libc}/lib" ]; nativeBuildInputs = [ cmake python3 pkg-config ]; From fc2bb91fb13cb4a35e450a52c0a9cb2b52a209e0 Mon Sep 17 00:00:00 2001 From: wyndon Date: Sat, 25 Nov 2023 16:25:43 +0100 Subject: [PATCH 005/124] zeromq: fix paths in pkg-config file (cherry picked from commit 283960913a1eff83bfa8ad578cf4754f94bf4227) --- pkgs/development/libraries/zeromq/4.x.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/libraries/zeromq/4.x.nix b/pkgs/development/libraries/zeromq/4.x.nix index 6a0e173db3a90..2a4119e0fe225 100644 --- a/pkgs/development/libraries/zeromq/4.x.nix +++ b/pkgs/development/libraries/zeromq/4.x.nix @@ -26,6 +26,12 @@ stdenv.mkDerivation rec { cmakeFlags = lib.optional enableDrafts "-DENABLE_DRAFTS=ON"; + postPatch = '' + substituteInPlace CMakeLists.txt \ + --replace '$'{prefix}/'$'{CMAKE_INSTALL_LIBDIR} '$'{CMAKE_INSTALL_FULL_LIBDIR} \ + --replace '$'{prefix}/'$'{CMAKE_INSTALL_INCLUDEDIR} '$'{CMAKE_INSTALL_FULL_INCLUDEDIR} + ''; + meta = with lib; { branch = "4"; homepage = "http://www.zeromq.org"; From 154eddc6f3eb40d0fc902acad8b96ead0c726257 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 26 Nov 2023 14:12:21 +0300 Subject: [PATCH 006/124] roc-toolkit: 0.2.5 -> 0.3.0 Diff: https://github.com/roc-streaming/roc-toolkit/compare/v0.2.5...v0.3.0 (cherry picked from commit f3ee548e96fae8919ab8ca0944e08fa64f6314d3) --- pkgs/development/libraries/audio/roc-toolkit/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/audio/roc-toolkit/default.nix b/pkgs/development/libraries/audio/roc-toolkit/default.nix index c2cdd5285aa3a..cbb580413c2b0 100644 --- a/pkgs/development/libraries/audio/roc-toolkit/default.nix +++ b/pkgs/development/libraries/audio/roc-toolkit/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { pname = "roc-toolkit"; - version = "0.2.5"; + version = "0.3.0"; outputs = [ "out" "dev" ]; @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { owner = "roc-streaming"; repo = "roc-toolkit"; rev = "v${version}"; - hash = "sha256-vosw4H3YTTCXdDOnQQYRNZgufPo1BxUtfg6jutArzTI="; + hash = "sha256-tC0rjb3eDtEciUk0NmVye+N//Y/RFsi5d3kFS031y8I="; }; nativeBuildInputs = [ From 3d0f4478b3612ad6d8f3ccd51d23d0153f3a5423 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 26 Nov 2023 14:18:59 +0300 Subject: [PATCH 007/124] pipewire: 0.3.85 -> 1.0.0 (cherry picked from commit 32c52236b2d84280395e2115191ed8411a93a049) --- pkgs/development/libraries/pipewire/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index b1c987342da81..5d0ffee503b82 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -81,7 +81,7 @@ let self = stdenv.mkDerivation rec { pname = "pipewire"; - version = "0.3.85"; + version = "1.0.0"; outputs = [ "out" @@ -97,7 +97,7 @@ let owner = "pipewire"; repo = "pipewire"; rev = version; - sha256 = "sha256-V7I+HXC9558RaHfpWQbo4aOjpMzPqgWHoPyg9OUq6/g="; + sha256 = "sha256-mfnMluxJAxDbB6JlIM6HJ0zg7e1q3ia3uFbht6zeHCk="; }; patches = [ @@ -189,6 +189,7 @@ let "-Dsdl2=disabled" # required only to build examples, causes dependency loop "-Drlimits-install=false" # installs to /etc, we won't use this anyway "-Dcompress-offload=enabled" + "-Dman=enabled" ]; # Fontconfig error: Cannot load default config file @@ -197,7 +198,7 @@ let doCheck = true; postUnpack = '' - patchShebangs source/doc/input-filter.sh + patchShebangs source/doc/*.py patchShebangs source/doc/input-filter-h.sh ''; From eaccb945413623789359dc51e318e4b9b2e84be9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 24 Nov 2023 03:48:50 +0000 Subject: [PATCH 008/124] mupdf: 1.23.5 -> 1.23.6 (cherry picked from commit 6073e62bb540fe29ea476d274efeb56de9e998c4) --- pkgs/applications/misc/mupdf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index db08bd5c14ce7..e4bf829191e30 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -60,12 +60,12 @@ let in stdenv.mkDerivation rec { - version = "1.23.5"; + version = "1.23.6"; pname = "mupdf"; src = fetchurl { url = "https://mupdf.com/downloads/archive/${pname}-${version}-source.tar.gz"; - sha256 = "sha256-blZ5zfqu+cfoniljlSIM4sEz7T3K1RpHhmczbG6uxwY="; + sha256 = "sha256-rBHrhZ3UBEiOUVPNyWUbtDQeW6r007Pyfir8gvmq3Ck="; }; patches = [ ./0001-Use-command-v-in-favor-of-which.patch From 856baf418ad4f1520855fab5e12e8cd4b881e774 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Wed, 15 Nov 2023 10:23:03 +0100 Subject: [PATCH 009/124] stdenv: consistent phases header Make phases header consistent for all phases. `Running phase:` is from an old nix ux doc from 2020 https://github.com/tweag/nix-ux/blob/master/first_steps_with_nix_v2.md Co-authored-by: Artturin (cherry picked from commit 3b4b805561f11699c3597564ef34077e1e2ef719) --- pkgs/stdenv/generic/setup.sh | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 37c10fb2957b1..780ef709683be 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -1495,17 +1495,7 @@ distPhase() { showPhaseHeader() { local phase="$1" - case "$phase" in - unpackPhase) echo "unpacking sources";; - patchPhase) echo "patching sources";; - configurePhase) echo "configuring";; - buildPhase) echo "building";; - checkPhase) echo "running tests";; - installPhase) echo "installing";; - fixupPhase) echo "post-installation fixup";; - installCheckPhase) echo "running install tests";; - *) echo "$phase";; - esac + echo "Running phase: $phase" } From 784d879a48b8ef2fd853961411071d356ff60774 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 29 Nov 2023 23:35:57 -0500 Subject: [PATCH 010/124] http-parser: Delete unused patch Since 4056c436c983763ed848d0e35ffafc7509d07b73 a Make not Gyp build system has been in use. (cherry picked from commit fa58b67d7ac3db8b1ba27c4a4bf531f5d6935ec1) --- .../libraries/http-parser/build-shared.patch | 30 ------------------- .../libraries/http-parser/default.nix | 1 - 2 files changed, 31 deletions(-) delete mode 100644 pkgs/development/libraries/http-parser/build-shared.patch diff --git a/pkgs/development/libraries/http-parser/build-shared.patch b/pkgs/development/libraries/http-parser/build-shared.patch deleted file mode 100644 index 5922cdfb5848b..0000000000000 --- a/pkgs/development/libraries/http-parser/build-shared.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -Naur http-parser-2.1-orig/http_parser.gyp http-parser-2.1/http_parser.gyp ---- http-parser-2.1-orig/http_parser.gyp 2013-03-26 18:35:20.000000000 -0400 -+++ http-parser-2.1/http_parser.gyp 2013-05-23 16:47:49.280488341 -0400 -@@ -21,7 +21,7 @@ - }, - 'Release': { - 'defines': [ 'NDEBUG' ], -- 'cflags': [ '-Wall', '-Wextra', '-O3' ], -+ 'cflags': [ '-Wall', '-Wextra', '-O3', '-fPIC' ], - 'msvs_settings': { - 'VCCLCompilerTool': { - 'RuntimeLibrary': 0, # static release -@@ -50,7 +50,7 @@ - 'targets': [ - { - 'target_name': 'http_parser', -- 'type': 'static_library', -+ 'type': 'shared_library', - 'include_dirs': [ '.' ], - 'direct_dependent_settings': { - 'defines': [ 'HTTP_PARSER_STRICT=0' ], -@@ -73,7 +73,7 @@ - - { - 'target_name': 'http_parser_strict', -- 'type': 'static_library', -+ 'type': 'shared_library', - 'include_dirs': [ '.' ], - 'direct_dependent_settings': { - 'defines': [ 'HTTP_PARSER_STRICT=1' ], diff --git a/pkgs/development/libraries/http-parser/default.nix b/pkgs/development/libraries/http-parser/default.nix index a499f6bf207b4..a256f40555965 100644 --- a/pkgs/development/libraries/http-parser/default.nix +++ b/pkgs/development/libraries/http-parser/default.nix @@ -14,7 +14,6 @@ stdenv.mkDerivation rec { env.NIX_CFLAGS_COMPILE = "-Wno-error"; patches = [ - ./build-shared.patch ] ++ lib.optionals stdenv.isAarch32 [ # https://github.com/nodejs/http-parser/pull/510 (fetchpatch { From e9ff57ab810da09f6da931d40998190eddde9bc9 Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Fri, 8 Sep 2023 17:38:42 +0200 Subject: [PATCH 011/124] http_parser: fix copying outputs for static build Co-Authored-By: John Ericson (cherry picked from commit 33f464b661f939689aa56af6b6e27b504c5afb93) --- .../libraries/http-parser/default.nix | 19 +++- .../http-parser/enable-static-shared.patch | 93 +++++++++++++++++++ 2 files changed, 108 insertions(+), 4 deletions(-) create mode 100644 pkgs/development/libraries/http-parser/enable-static-shared.patch diff --git a/pkgs/development/libraries/http-parser/default.nix b/pkgs/development/libraries/http-parser/default.nix index a256f40555965..65ac1fe92c130 100644 --- a/pkgs/development/libraries/http-parser/default.nix +++ b/pkgs/development/libraries/http-parser/default.nix @@ -1,4 +1,7 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch }: +{ lib, stdenv, fetchFromGitHub, fetchpatch +, enableShared ? !stdenv.hostPlatform.isStatic +, enableStatic ? stdenv.hostPlatform.isStatic +}: stdenv.mkDerivation rec { pname = "http-parser"; @@ -14,6 +17,7 @@ stdenv.mkDerivation rec { env.NIX_CFLAGS_COMPILE = "-Wno-error"; patches = [ + ./enable-static-shared.patch ] ++ lib.optionals stdenv.isAarch32 [ # https://github.com/nodejs/http-parser/pull/510 (fetchpatch { @@ -25,16 +29,23 @@ stdenv.mkDerivation rec { makeFlags = [ "DESTDIR=" "PREFIX=$(out)" - "SOEXT=${lib.strings.removePrefix "." stdenv.hostPlatform.extensions.sharedLibrary}" "BINEXT=${stdenv.hostPlatform.extensions.executable}" "Platform=${lib.toLower stdenv.hostPlatform.uname.system}" - ] ++ lib.optionals stdenv.hostPlatform.isWindows [ + "AEXT=${lib.strings.removePrefix "." stdenv.hostPlatform.extensions.staticLibrary}" + "ENABLE_SHARED=${if enableShared then "1" else "0"}" + "ENABLE_STATIC=${if enableStatic then "1" else "0"}" + ] ++ lib.optionals enableShared [ + "SOEXT=${lib.strings.removePrefix "." stdenv.hostPlatform.extensions.sharedLibrary}" + ] ++ lib.optionals enableStatic [ + "AEXT=${lib.strings.removePrefix "." stdenv.hostPlatform.extensions.staticLibrary}" + ] ++ lib.optionals (enableShared && stdenv.hostPlatform.isWindows) [ "SONAME=$(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT)" "LIBNAME=$(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOREV).$(SOEXT)" "LDFLAGS=-Wl,--out-implib=$(LIBNAME).a" ]; - buildFlags = [ "library" ]; + buildFlags = lib.optional enableShared "library" + ++ lib.optional enableStatic "package"; doCheck = true; checkTarget = "test"; diff --git a/pkgs/development/libraries/http-parser/enable-static-shared.patch b/pkgs/development/libraries/http-parser/enable-static-shared.patch new file mode 100644 index 0000000000000..42f11d4c817f4 --- /dev/null +++ b/pkgs/development/libraries/http-parser/enable-static-shared.patch @@ -0,0 +1,93 @@ +commit abcb3cca9452779e91380b7636f32745166af3de +Author: John Ericson +Date: Wed Nov 29 23:55:38 2023 -0500 + + Make build system: enable/disable shared/static support + + This allows building this package in static-lib-only distros. + +diff --git a/Makefile b/Makefile +index 5d21221..cbc7914 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,6 +18,9 @@ + # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + # IN THE SOFTWARE. + ++ENABLE_SHARED ?= 1 ++ENABLE_STATIC ?= ++ + PLATFORM ?= $(shell sh -c 'uname -s | tr "[A-Z]" "[a-z]"') + HELPER ?= + BINEXT ?= +@@ -25,6 +28,8 @@ SOLIBNAME = libhttp_parser + SOMAJOR = 2 + SOMINOR = 9 + SOREV = 4 ++AEXT = a ++STATICLIBNAME = $(SOLIBNAME).$(AEXT) + ifeq (darwin,$(PLATFORM)) + SOEXT ?= dylib + SONAME ?= $(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT) +@@ -109,11 +114,17 @@ test-valgrind: test_g + libhttp_parser.o: http_parser.c http_parser.h Makefile + $(CC) $(CPPFLAGS_FAST) $(CFLAGS_LIB) -c http_parser.c -o libhttp_parser.o + +-library: libhttp_parser.o +- $(CC) $(LDFLAGS_LIB) -o $(LIBNAME) $< ++.PHONY: library ++library: $(LIBNAME) ++ ++$(LIBNAME): libhttp_parser.o ++ $(CC) $(LDFLAGS_LIB) -o $@ $< + +-package: http_parser.o +- $(AR) rcs libhttp_parser.a http_parser.o ++.PHONY: package ++package: $(STATICLIBNAME) ++ ++$(STATICLIBNAME): http_parser.o ++ $(AR) rcs $@ $< + + url_parser: http_parser.o contrib/url_parser.c + $(CC) $(CPPFLAGS_FAST) $(CFLAGS_FAST) $^ -o $@ +@@ -130,12 +141,30 @@ parsertrace_g: http_parser_g.o contrib/parsertrace.c + tags: http_parser.c http_parser.h test.c + ctags $^ + +-install: library ++.PHONY: install-headers ++install-headers: + $(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h ++ ++.PHONY: install-library ++install-library: library + $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) + ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) + ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT) + ++.PHONY: install-package ++install-package: package ++ $(INSTALL) -D $(STATICLIBNAME) $(DESTDIR)$(LIBDIR)/$(STATICLIBNAME) ++ ++.PHONY: install ++install: install-headers ++ifeq ($(ENABLE_SHARED),1) ++install: install-library ++endif ++ifeq ($(ENABLE_STATIC),1) ++install: install-package ++endif ++ ++.PHONY: install-strip + install-strip: library + $(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h + $(INSTALL) -D -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) +@@ -147,6 +176,7 @@ uninstall: + rm $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT) + rm $(DESTDIR)$(LIBDIR)/$(SONAME) + rm $(DESTDIR)$(LIBDIR)/$(LIBNAME) ++ rm $(DESTDIR)$(LIBDIR)/$(STATICLIBNAME) + + clean: + rm -f *.o *.a tags test test_fast test_g \ From fa71fc8d1881043aff27e569459d31da3c9ab740 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Sat, 25 Nov 2023 22:39:02 +0100 Subject: [PATCH 012/124] perl536: 5.36.1 -> 5.36.3 (cherry picked from commit a18b35ae5bba71286ecde1bf7abe157106fc69ab) --- pkgs/development/interpreters/perl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 502bd5522346d..0f8a5cd75a5e4 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -57,8 +57,8 @@ in rec { # Maint version perl536 = callPackage ./intepreter.nix { self = perl536; - version = "5.36.1"; - sha256 = "sha256-aCA2Zdjs4CmI/HfckvzLspeoOku0uNB1WEQvl42lTME="; + version = "5.36.3"; + sha256 = "sha256-8qGtiBFjkaF2Ji3ULfxS7yKvtA9MDpgQ8V1WHm8ccmo="; inherit passthruFun; }; From 565539ed1ac0e605fa431e2efb2d788db54c6967 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Sat, 25 Nov 2023 22:45:02 +0100 Subject: [PATCH 013/124] perl538: 5.38.0 -> 5.38.2 (cherry picked from commit 8aac6da1c3df78bd6b53fd6811c7ceb82e2a912d) --- pkgs/development/interpreters/perl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 0f8a5cd75a5e4..50189a6213ba7 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -65,8 +65,8 @@ in rec { # Maint version perl538 = callPackage ./intepreter.nix { self = perl538; - version = "5.38.0"; - sha256 = "sha256-IT71gInS8sly6jU1F9xg7DZW8FDcwCdmbhGLUIQj5Rc="; + version = "5.38.2"; + sha256 = "sha256-oKMVNEUet7g8fWWUpJdUOlTUiLyQygD140diV39AZV4="; inherit passthruFun; }; } From eb771a8e35ea5f4e92161023a64b622796a4173a Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Tue, 28 Nov 2023 00:00:05 +0100 Subject: [PATCH 014/124] perl.perl-cross: 1.5 -> 84db4c71 (cherry picked from commit 962570502025732acf10f2101ae94cb882eca61e) --- pkgs/development/interpreters/perl/intepreter.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/perl/intepreter.nix b/pkgs/development/interpreters/perl/intepreter.nix index c16dffe3db697..8861a0ed0456f 100644 --- a/pkgs/development/interpreters/perl/intepreter.nix +++ b/pkgs/development/interpreters/perl/intepreter.nix @@ -236,14 +236,14 @@ stdenv.mkDerivation (rec { mainProgram = "perl"; }; } // lib.optionalAttrs (stdenv.buildPlatform != stdenv.hostPlatform) rec { - crossVersion = "1.5"; # Jul 03, 2023 + crossVersion = "84db4c71ae3d3b01fb2966cd15a060a7be334710"; # Nov 29, 2023 perl-cross-src = fetchFromGitHub { name = "perl-cross-${crossVersion}"; owner = "arsv"; repo = "perl-cross"; rev = crossVersion; - sha256 = "sha256-9nRFJinZUWUSpXXyyIVmhRLQ1B5LB3UmN2iAckmem58="; + sha256 = "sha256-1Zqw4sy/lD2nah0Z8rAE11tSpq1Ym9nBbatDczR+mxs="; }; depsBuildBuild = [ buildPackages.stdenv.cc makeWrapper ]; From 66ea8309aecc2942f498752f64ba4605284bf3bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Sun, 19 Nov 2023 17:31:45 +0100 Subject: [PATCH 015/124] vim: 9.0.2048 -> 9.0.2116 See also: https://www.openwall.com/lists/oss-security/2023/11/16/1 (cherry picked from commit 796079b2987b6910bd6f89e07c03da2196c3b706) --- pkgs/applications/editors/vim/common.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 83d61b37bfc67..b392cc0aa565e 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "9.0.2048"; + version = "9.0.2116"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - hash = "sha256-zR2iPiD4/gf5BnxYoe3cx2ebGWE1P2bY4Cg15gveFgg="; + hash = "sha256-ZKcNg/RrjvEsxpIcTjzQYi1xig3zLeTV+PXaBb4gUuM="; }; enableParallelBuilding = true; From 9453ca590497e4424471a10f8b7c3174c33db604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 28 Nov 2023 15:36:28 +0100 Subject: [PATCH 016/124] dns-root-data: update B.root-servers.net addresses https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1478 (cherry picked from commit e30be98231b26fd9277532d53803646716ed2d78) --- pkgs/data/misc/dns-root-data/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/misc/dns-root-data/default.nix b/pkgs/data/misc/dns-root-data/default.nix index abf945e9df555..1c6121473c748 100644 --- a/pkgs/data/misc/dns-root-data/default.nix +++ b/pkgs/data/misc/dns-root-data/default.nix @@ -6,11 +6,11 @@ let # Original source https://www.internic.net/domain/named.root # occasionally suffers from pointless hash changes, # and having stable sources for older versions has advantages, too. - urls = map (prefix: prefix + "cc5e14a264912/etc/root.hints") [ + urls = map (prefix: prefix + "d9c96ae96f066a85d7/etc/root.hints") [ "https://gitlab.nic.cz/knot/knot-resolver/raw/" "https://raw.githubusercontent.com/CZ-NIC/knot-resolver/" ]; - sha256 = "0vdrff4l8s8grif52dnh091s8qydhh88k25zqd9rj66sf1qwcwxl"; + hash = "sha256-4lG/uPnNHBNIZ/XIeDM1w3iukrpeW0JIjTnGSwkJ8U4="; }; rootKey = ./root.key; @@ -20,7 +20,7 @@ in stdenv.mkDerivation { pname = "dns-root-data"; - version = "2019-01-11"; + version = "2023-11-27"; buildCommand = '' mkdir $out From 4cd2b4eee0c3c58ef40f67abf5458b483386cdf0 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 12 Nov 2023 22:38:11 +0100 Subject: [PATCH 017/124] python311Packages.werkzeug: 2.3.7 -> 2.3.8 https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8 (cherry picked from commit 82d922a96660d988727f0f28a6b3844829c0a024) --- pkgs/development/python-modules/werkzeug/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index db045e77c52fe..35c5f943cb190 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -16,14 +16,14 @@ buildPythonPackage rec { pname = "werkzeug"; - version = "2.3.7"; + version = "2.3.8"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-K4wORHtLnbzIXdl7butNy69si2w74L1lTiVVPgohV9g="; + hash = "sha256-VUslfHS763oNJUFgpPj/4YUkP1KlIDUGC3Ycpi2XfwM="; }; nativeBuildInputs = [ From ff8543136c1a4d26ae28905170c879e0047a773b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Thu, 30 Nov 2023 11:51:37 +0100 Subject: [PATCH 018/124] netbox: Inherit gunicorn from the package I was using a 23.11 package on a NixOS 23.05 system and this caused the python that was used in gunicorn to differ from the python the postgres lib was linked against. (cherry picked from commit 018175ecab4555d7042f8d743445c797f4a27d07) --- nixos/modules/services/web-apps/netbox.nix | 2 +- pkgs/servers/web-apps/netbox/generic.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/netbox.nix b/nixos/modules/services/web-apps/netbox.nix index 3b9434e3d3456..88d40b3abc529 100644 --- a/nixos/modules/services/web-apps/netbox.nix +++ b/nixos/modules/services/web-apps/netbox.nix @@ -317,7 +317,7 @@ in { serviceConfig = defaultServiceConfig // { ExecStart = '' - ${pkgs.python3Packages.gunicorn}/bin/gunicorn netbox.wsgi \ + ${pkg.gunicorn}/bin/gunicorn netbox.wsgi \ --bind ${cfg.listenAddress}:${toString cfg.port} \ --pythonpath ${pkg}/opt/netbox/netbox ''; diff --git a/pkgs/servers/web-apps/netbox/generic.nix b/pkgs/servers/web-apps/netbox/generic.nix index afd02d7985351..ec544b1e87724 100644 --- a/pkgs/servers/web-apps/netbox/generic.nix +++ b/pkgs/servers/web-apps/netbox/generic.nix @@ -1,6 +1,5 @@ { lib , fetchFromGitHub -, fetchpatch , python3 , version , hash @@ -94,6 +93,7 @@ passthru = { # PYTHONPATH of all dependencies used by the package pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs; + gunicorn = python3.pkgs.gunicorn; inherit tests; }; From 484ab6cd35ed08e528e18e787069fdc0bf6b0925 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Nov 2023 06:45:58 +0000 Subject: [PATCH 019/124] libde265: 1.0.12 -> 1.0.14 Fixes CVE-2023-43887 and other security issues. (cherry picked from commit 87ebba1750ba09413507a28d8a827d17c1da0e1e) --- pkgs/development/libraries/libde265/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libde265/default.nix b/pkgs/development/libraries/libde265/default.nix index 9c1a10f9f5b10..de366da98b962 100644 --- a/pkgs/development/libraries/libde265/default.nix +++ b/pkgs/development/libraries/libde265/default.nix @@ -14,14 +14,14 @@ }: stdenv.mkDerivation (finalAttrs: rec { - version = "1.0.12"; + version = "1.0.14"; pname = "libde265"; src = fetchFromGitHub { owner = "strukturag"; repo = "libde265"; rev = "refs/tags/v${version}"; - hash = "sha256-pl1r3n4T4FcJ4My/wCE54R2fmTdrlJOvgb2U0MZf1BI="; + hash = "sha256-aZRtF4wYWxi/6ORNu7yVxFFdkvJTvBwPinL5lC0Mlqg="; }; nativeBuildInputs = [ autoreconfHook pkg-config ]; From 31ae5a3151de4d74c8ec6371d638dd86199dbe3c Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 26 Nov 2023 15:05:20 +0000 Subject: [PATCH 020/124] python3Packages.gevent: add patch for CVE-2023-41419 (cherry picked from commit 07226ee0f3a503fc4c9170654a5fea504604f541) --- .../gevent/22.10.2-CVE-2023-41419.patch | 648 ++++++++++++++++++ .../python-modules/gevent/default.nix | 1 + 2 files changed, 649 insertions(+) create mode 100644 pkgs/development/python-modules/gevent/22.10.2-CVE-2023-41419.patch diff --git a/pkgs/development/python-modules/gevent/22.10.2-CVE-2023-41419.patch b/pkgs/development/python-modules/gevent/22.10.2-CVE-2023-41419.patch new file mode 100644 index 0000000000000..cc773acb4ccda --- /dev/null +++ b/pkgs/development/python-modules/gevent/22.10.2-CVE-2023-41419.patch @@ -0,0 +1,648 @@ +Based on upstream 2f53c851eaf926767fbac62385615efd4886221c with minor +adjustments to apply to 22.10.2 + +diff --git a/docs/changes/1989.bugfix b/docs/changes/1989.bugfix +new file mode 100644 +index 00000000..7ce4a93a +--- /dev/null ++++ b/docs/changes/1989.bugfix +@@ -0,0 +1,26 @@ ++Make ``gevent.pywsgi`` comply more closely with the HTTP specification ++for chunked transfer encoding. In particular, we are much stricter ++about trailers, and trailers that are invalid (too long or featuring ++disallowed characters) forcibly close the connection to the client ++*after* the results have been sent. ++ ++Trailers otherwise continue to be ignored and are not available to the ++WSGI application. ++ ++Previously, carefully crafted invalid trailers in chunked requests on ++keep-alive connections might appear as two requests to ++``gevent.pywsgi``. Because this was handled exactly as a normal ++keep-alive connection with two requests, the WSGI application should ++handle it normally. However, if you were counting on some upstream ++server to filter incoming requests based on paths or header fields, ++and the upstream server simply passed trailers through without ++validating them, then this embedded second request would bypass those ++checks. (If the upstream server validated that the trailers meet the ++HTTP specification, this could not occur, because characters that are ++required in an HTTP request, like a space, are not allowed in ++trailers.) CVE-2023-41419 was reserved for this. ++ ++Our thanks to the original reporters, Keran Mu ++(mkr22@mails.tsinghua.edu.cn) and Jianjun Chen ++(jianjun@tsinghua.edu.cn), from Tsinghua University and Zhongguancun ++Laboratory. +diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py +index 0ebe0954..837903f5 100644 +--- a/src/gevent/pywsgi.py ++++ b/src/gevent/pywsgi.py +@@ -8,6 +8,25 @@ WSGI work is handled by :class:`WSGIHandler` --- a new instance is + created for each request. The server can be customized to use + different subclasses of :class:`WSGIHandler`. + ++.. important:: ++ ++ This server is intended primarily for development and testing, and ++ secondarily for other "safe" scenarios where it will not be exposed to ++ potentially malicious input. The code has not been security audited, ++ and is not intended for direct exposure to the public Internet. For production ++ usage on the Internet, either choose a production-strength server such as ++ gunicorn, or put a reverse proxy between gevent and the Internet. ++ ++.. versionchanged:: NEXT ++ ++ Complies more closely with the HTTP specification for chunked transfer encoding. ++ In particular, we are much stricter about trailers, and trailers that ++ are invalid (too long or featuring disallowed characters) forcibly close ++ the connection to the client *after* the results have been sent. ++ ++ Trailers otherwise continue to be ignored and are not available to the ++ WSGI application. ++ + """ + from __future__ import absolute_import + +@@ -22,10 +41,7 @@ import time + import traceback + from datetime import datetime + +-try: +- from urllib import unquote +-except ImportError: +- from urllib.parse import unquote # python 2 pylint:disable=import-error,no-name-in-module ++from urllib.parse import unquote + + from gevent import socket + import gevent +@@ -53,29 +69,52 @@ __all__ = [ + + MAX_REQUEST_LINE = 8192 + # Weekday and month names for HTTP date/time formatting; always English! +-_WEEKDAYNAME = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"] +-_MONTHNAME = [None, # Dummy so we can use 1-based month numbers ++_WEEKDAYNAME = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun") ++_MONTHNAME = (None, # Dummy so we can use 1-based month numbers + "Jan", "Feb", "Mar", "Apr", "May", "Jun", +- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"] ++ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec") + + # The contents of the "HEX" grammar rule for HTTP, upper and lowercase A-F plus digits, + # in byte form for comparing to the network. + _HEX = string.hexdigits.encode('ascii') + ++# The characters allowed in "token" rules. ++ ++# token = 1*tchar ++# tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" ++# / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" ++# / DIGIT / ALPHA ++# ; any VCHAR, except delimiters ++# ALPHA = %x41-5A / %x61-7A ; A-Z / a-z ++_ALLOWED_TOKEN_CHARS = frozenset( ++ # Remember we have to be careful because bytestrings ++ # inexplicably iterate as integers, which are not equal to bytes. ++ ++ # explicit chars then DIGIT ++ (c.encode('ascii') for c in "!#$%&'*+-.^_`|~0123456789") ++ # Then we add ALPHA ++) | {c.encode('ascii') for c in string.ascii_letters} ++assert b'A' in _ALLOWED_TOKEN_CHARS ++ ++ + # Errors + _ERRORS = {} + _INTERNAL_ERROR_STATUS = '500 Internal Server Error' + _INTERNAL_ERROR_BODY = b'Internal Server Error' +-_INTERNAL_ERROR_HEADERS = [('Content-Type', 'text/plain'), +- ('Connection', 'close'), +- ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))] ++_INTERNAL_ERROR_HEADERS = ( ++ ('Content-Type', 'text/plain'), ++ ('Connection', 'close'), ++ ('Content-Length', str(len(_INTERNAL_ERROR_BODY))) ++) + _ERRORS[500] = (_INTERNAL_ERROR_STATUS, _INTERNAL_ERROR_HEADERS, _INTERNAL_ERROR_BODY) + + _BAD_REQUEST_STATUS = '400 Bad Request' + _BAD_REQUEST_BODY = '' +-_BAD_REQUEST_HEADERS = [('Content-Type', 'text/plain'), +- ('Connection', 'close'), +- ('Content-Length', str(len(_BAD_REQUEST_BODY)))] ++_BAD_REQUEST_HEADERS = ( ++ ('Content-Type', 'text/plain'), ++ ('Connection', 'close'), ++ ('Content-Length', str(len(_BAD_REQUEST_BODY))) ++) + _ERRORS[400] = (_BAD_REQUEST_STATUS, _BAD_REQUEST_HEADERS, _BAD_REQUEST_BODY) + + _REQUEST_TOO_LONG_RESPONSE = b"HTTP/1.1 414 Request URI Too Long\r\nConnection: close\r\nContent-length: 0\r\n\r\n" +@@ -204,23 +243,32 @@ class Input(object): + # Read and return the next integer chunk length. If no + # chunk length can be read, raises _InvalidClientInput. + +- # Here's the production for a chunk: +- # (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html) +- # chunk = chunk-size [ chunk-extension ] CRLF +- # chunk-data CRLF +- # chunk-size = 1*HEX +- # chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] ) +- # chunk-ext-name = token +- # chunk-ext-val = token | quoted-string +- +- # To cope with malicious or broken clients that fail to send valid +- # chunk lines, the strategy is to read character by character until we either reach +- # a ; or newline. If at any time we read a non-HEX digit, we bail. If we hit a +- # ;, indicating an chunk-extension, we'll read up to the next +- # MAX_REQUEST_LINE characters +- # looking for the CRLF, and if we don't find it, we bail. If we read more than 16 hex characters, +- # (the number needed to represent a 64-bit chunk size), we bail (this protects us from +- # a client that sends an infinite stream of `F`, for example). ++ # Here's the production for a chunk (actually the whole body): ++ # (https://www.rfc-editor.org/rfc/rfc7230#section-4.1) ++ ++ # chunked-body = *chunk ++ # last-chunk ++ # trailer-part ++ # CRLF ++ # ++ # chunk = chunk-size [ chunk-ext ] CRLF ++ # chunk-data CRLF ++ # chunk-size = 1*HEXDIG ++ # last-chunk = 1*("0") [ chunk-ext ] CRLF ++ # trailer-part = *( header-field CRLF ) ++ # chunk-data = 1*OCTET ; a sequence of chunk-size octets ++ ++ # To cope with malicious or broken clients that fail to send ++ # valid chunk lines, the strategy is to read character by ++ # character until we either reach a ; or newline. If at any ++ # time we read a non-HEX digit, we bail. If we hit a ;, ++ # indicating an chunk-extension, we'll read up to the next ++ # MAX_REQUEST_LINE characters ("A server ought to limit the ++ # total length of chunk extensions received") looking for the ++ # CRLF, and if we don't find it, we bail. If we read more than ++ # 16 hex characters, (the number needed to represent a 64-bit ++ # chunk size), we bail (this protects us from a client that ++ # sends an infinite stream of `F`, for example). + + buf = BytesIO() + while 1: +@@ -228,16 +276,20 @@ class Input(object): + if not char: + self._chunked_input_error = True + raise _InvalidClientInput("EOF before chunk end reached") +- if char == b'\r': +- break +- if char == b';': ++ ++ if char in ( ++ b'\r', # Beginning EOL ++ b';', # Beginning extension ++ ): + break + +- if char not in _HEX: ++ if char not in _HEX: # Invalid data. + self._chunked_input_error = True + raise _InvalidClientInput("Non-hex data", char) ++ + buf.write(char) +- if buf.tell() > 16: ++ ++ if buf.tell() > 16: # Too many hex bytes + self._chunked_input_error = True + raise _InvalidClientInput("Chunk-size too large.") + +@@ -257,11 +309,72 @@ class Input(object): + if char == b'\r': + # We either got here from the main loop or from the + # end of an extension ++ self.__read_chunk_size_crlf(rfile, newline_only=True) ++ result = int(buf.getvalue(), 16) ++ if result == 0: ++ # The only time a chunk size of zero is allowed is the final ++ # chunk. It is either followed by another \r\n, or some trailers ++ # which are then followed by \r\n. ++ while self.__read_chunk_trailer(rfile): ++ pass ++ return result ++ ++ # Trailers have the following production (they are a header-field followed by CRLF) ++ # See above for the definition of "token". ++ # ++ # header-field = field-name ":" OWS field-value OWS ++ # field-name = token ++ # field-value = *( field-content / obs-fold ) ++ # field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] ++ # field-vchar = VCHAR / obs-text ++ # obs-fold = CRLF 1*( SP / HTAB ) ++ # ; obsolete line folding ++ # ; see Section 3.2.4 ++ ++ ++ def __read_chunk_trailer(self, rfile, ): ++ # With rfile positioned just after a \r\n, read a trailer line. ++ # Return a true value if a non-empty trailer was read, and ++ # return false if an empty trailer was read (meaning the trailers are ++ # done). ++ # If a single line exceeds the MAX_REQUEST_LINE, raise an exception. ++ # If the field-name portion contains invalid characters, raise an exception. ++ ++ i = 0 ++ empty = True ++ seen_field_name = False ++ while i < MAX_REQUEST_LINE: + char = rfile.read(1) +- if char != b'\n': ++ if char == b'\r': ++ # Either read the next \n or raise an error. ++ self.__read_chunk_size_crlf(rfile, newline_only=True) ++ break ++ # Not a \r, so we are NOT an empty chunk. ++ empty = False ++ if char == b':' and i > 0: ++ # We're ending the field-name part; stop validating characters. ++ # Unless : was the first character... ++ seen_field_name = True ++ if not seen_field_name and char not in _ALLOWED_TOKEN_CHARS: ++ raise _InvalidClientInput('Invalid token character: %r' % (char,)) ++ i += 1 ++ else: ++ # We read too much ++ self._chunked_input_error = True ++ raise _InvalidClientInput("Too large chunk trailer") ++ return not empty ++ ++ def __read_chunk_size_crlf(self, rfile, newline_only=False): ++ # Also for safety, correctly verify that we get \r\n when expected. ++ if not newline_only: ++ char = rfile.read(1) ++ if char != b'\r': + self._chunked_input_error = True +- raise _InvalidClientInput("Line didn't end in CRLF") +- return int(buf.getvalue(), 16) ++ raise _InvalidClientInput("Line didn't end in CRLF: %r" % (char,)) ++ char = rfile.read(1) ++ if char != b'\n': ++ self._chunked_input_error = True ++ raise _InvalidClientInput("Line didn't end in LF: %r" % (char,)) + + def _chunked_read(self, length=None, use_readline=False): + # pylint:disable=too-many-branches +@@ -294,7 +407,7 @@ class Input(object): + + self.position += datalen + if self.chunk_length == self.position: +- rfile.readline() ++ self.__read_chunk_size_crlf(rfile) + + if length is not None: + length -= datalen +@@ -307,9 +420,9 @@ class Input(object): + # determine the next size to read + self.chunk_length = self.__read_chunk_length(rfile) + self.position = 0 +- if self.chunk_length == 0: +- # Last chunk. Terminates with a CRLF. +- rfile.readline() ++ # If chunk_length was 0, we already read any trailers and ++ # validated that we have ended with \r\n\r\n. ++ + return b''.join(response) + + def read(self, length=None): +@@ -532,7 +645,8 @@ class WSGIHandler(object): + elif len(words) == 2: + self.command, self.path = words + if self.command != "GET": +- raise _InvalidClientRequest('Expected GET method: %r' % (raw_requestline,)) ++ raise _InvalidClientRequest('Expected GET method; Got command=%r; path=%r; raw=%r' % ( ++ self.command, self.path, raw_requestline,)) + self.request_version = "HTTP/0.9" + # QQQ I'm pretty sure we can drop support for HTTP/0.9 + else: +@@ -1000,14 +1114,28 @@ class WSGIHandler(object): + finally: + try: + self.wsgi_input._discard() +- except (socket.error, IOError): +- # Don't let exceptions during discarding ++ except _InvalidClientInput: ++ # This one is deliberately raised to the outer ++ # scope, because, with the incoming stream in some bad state, ++ # we can't be sure we can synchronize and properly parse the next ++ # request. ++ raise ++ except socket.error: ++ # Don't let socket exceptions during discarding + # input override any exception that may have been + # raised by the application, such as our own _InvalidClientInput. + # In the general case, these aren't even worth logging (see the comment + # just below) + pass +- except _InvalidClientInput: ++ except _InvalidClientInput as ex: ++ # DO log this one because: ++ # - Some of the data may have been read and acted on by the ++ # application; ++ # - The response may or may not have been sent; ++ # - It's likely that the client is bad, or malicious, and ++ # users might wish to take steps to block the client. ++ self._handle_client_error(ex) ++ self.close_connection = True + self._send_error_response_if_possible(400) + except socket.error as ex: + if ex.args[0] in self.ignored_socket_errors: +@@ -1054,17 +1182,22 @@ class WSGIHandler(object): + def _handle_client_error(self, ex): + # Called for invalid client input + # Returns the appropriate error response. +- if not isinstance(ex, ValueError): ++ if not isinstance(ex, (ValueError, _InvalidClientInput)): + # XXX: Why not self._log_error to send it through the loop's + # handle_error method? ++ # _InvalidClientRequest is a ValueError; _InvalidClientInput is an IOError. + traceback.print_exc() + if isinstance(ex, _InvalidClientRequest): + # No formatting needed, that's already been handled. In fact, because the + # formatted message contains user input, it might have a % in it, and attempting + # to format that with no arguments would be an error. +- self.log_error(ex.formatted_message) ++ # However, the error messages do not include the requesting IP ++ # necessarily, so we do add that. ++ self.log_error('(from %s) %s', self.client_address, ex.formatted_message) + else: +- self.log_error('Invalid request: %s', str(ex) or ex.__class__.__name__) ++ self.log_error('Invalid request (from %s): %s', ++ self.client_address, ++ str(ex) or ex.__class__.__name__) + return ('400', _BAD_REQUEST_RESPONSE) + + def _headers(self): +diff --git a/src/gevent/subprocess.py b/src/gevent/subprocess.py +index 46a82f60..a135d8aa 100644 +--- a/src/gevent/subprocess.py ++++ b/src/gevent/subprocess.py +@@ -370,10 +370,11 @@ def check_output(*popenargs, **kwargs): + + To capture standard error in the result, use ``stderr=STDOUT``:: + +- >>> print(check_output(["/bin/sh", "-c", ++ >>> output = check_output(["/bin/sh", "-c", + ... "ls -l non_existent_file ; exit 0"], +- ... stderr=STDOUT).decode('ascii').strip()) +- ls: non_existent_file: No such file or directory ++ ... stderr=STDOUT).decode('ascii').strip() ++ >>> print(output.rsplit(':', 1)[1].strip()) ++ No such file or directory + + There is an additional optional argument, "input", allowing you to + pass a string to the subprocess's stdin. If you use this argument +diff --git a/src/gevent/testing/testcase.py b/src/gevent/testing/testcase.py +index 47484094..862e46ee 100644 +--- a/src/gevent/testing/testcase.py ++++ b/src/gevent/testing/testcase.py +@@ -225,7 +225,7 @@ class TestCaseMetaClass(type): + classDict.pop(key) + # XXX: When did we stop doing this? + #value = wrap_switch_count_check(value) +- value = _wrap_timeout(timeout, value) ++ #value = _wrap_timeout(timeout, value) + error_fatal = getattr(value, 'error_fatal', error_fatal) + if error_fatal: + value = errorhandler.wrap_error_fatal(value) +diff --git a/src/gevent/tests/test__pywsgi.py b/src/gevent/tests/test__pywsgi.py +index d2125a86..d46030bf 100644 +--- a/src/gevent/tests/test__pywsgi.py ++++ b/src/gevent/tests/test__pywsgi.py +@@ -25,21 +25,11 @@ from gevent import monkey + monkey.patch_all() + + from contextlib import contextmanager +-try: +- from urllib.parse import parse_qs +-except ImportError: +- # Python 2 +- from urlparse import parse_qs ++from urllib.parse import parse_qs + import os + import sys +-try: +- # On Python 2, we want the C-optimized version if +- # available; it has different corner-case behaviour than +- # the Python implementation, and it used by socket.makefile +- # by default. +- from cStringIO import StringIO +-except ImportError: +- from io import BytesIO as StringIO ++from io import BytesIO as StringIO ++ + import weakref + import unittest + from wsgiref.validate import validator +@@ -156,6 +146,10 @@ class Response(object): + @classmethod + def read(cls, fd, code=200, reason='default', version='1.1', + body=None, chunks=None, content_length=None): ++ """ ++ Read an HTTP response, optionally perform assertions, ++ and return the Response object. ++ """ + # pylint:disable=too-many-branches + _status_line, headers = read_headers(fd) + self = cls(_status_line, headers) +@@ -716,7 +710,14 @@ class TestNegativeReadline(TestCase): + + class TestChunkedPost(TestCase): + ++ calls = 0 ++ ++ def setUp(self): ++ super().setUp() ++ self.calls = 0 ++ + def application(self, env, start_response): ++ self.calls += 1 + self.assertTrue(env.get('wsgi.input_terminated')) + start_response('200 OK', [('Content-Type', 'text/plain')]) + if env['PATH_INFO'] == '/a': +@@ -730,6 +731,8 @@ class TestChunkedPost(TestCase): + if env['PATH_INFO'] == '/c': + return list(iter(lambda: env['wsgi.input'].read(1), b'')) + ++ return [b'We should not get here', env['PATH_INFO'].encode('ascii')] ++ + def test_014_chunked_post(self): + data = (b'POST /a HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n' + b'Transfer-Encoding: chunked\r\n\r\n' +@@ -797,6 +800,170 @@ class TestChunkedPost(TestCase): + fd.write(data) + read_http(fd, code=400) + ++ def test_trailers_keepalive_ignored(self): ++ # Trailers after a chunk are ignored. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ b'trailer1: value1\r\n' ++ b'trailer2: value2\r\n' ++ b'\r\n' # Really terminate the chunk. ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: close\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n bye\r\n' ++ b'0\r\n' # last-chunk ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ read_http(fd, body='oh bye') ++ ++ self.assertEqual(self.calls, 2) ++ ++ def test_trailers_too_long(self): ++ # Trailers after a chunk are ignored. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ b'trailer2: value2' # not lack of \r\n ++ ) ++ data += b't' * pywsgi.MAX_REQUEST_LINE ++ # No termination, because we detect the trailer as being too ++ # long and abort the connection. ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd, body='oh bye') ++ ++ def test_trailers_request_smuggling_missing_last_chunk_keep_alive(self): ++ # When something that looks like a request line comes in the trailer ++ # as the first line, immediately after an invalid last chunk. ++ # We detect this and abort the connection, because the ++ # whitespace in the GET line isn't a legal part of a trailer. ++ # If we didn't abort the connection, then, because we specified ++ # keep-alive, the server would be hanging around waiting for more input. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0' # last-chunk, but missing the \r\n ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ # b'\r\n' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd) ++ ++ self.assertEqual(self.calls, 1) ++ ++ def test_trailers_request_smuggling_missing_last_chunk_close(self): ++ # Same as the above, except the trailers are actually valid ++ # and since we ask to close the connection we don't get stuck ++ # waiting for more input. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: close\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ # b'\r\n' ++ b'GETpath2a:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd) ++ ++ def test_trailers_request_smuggling_header_first(self): ++ # When something that looks like a header comes in the first line. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk, but only one CRLF ++ b'Header: value\r\n' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd, code=400) ++ ++ self.assertEqual(self.calls, 1) ++ ++ def test_trailers_request_smuggling_request_terminates_then_header(self): ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ b'\r\n' ++ b'Header: value' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ read_http(fd, code=400) ++ ++ self.assertEqual(self.calls, 1) ++ + + class TestUseWrite(TestCase): + diff --git a/pkgs/development/python-modules/gevent/default.nix b/pkgs/development/python-modules/gevent/default.nix index 938cb99cf8fa1..bb534d6b9cb5a 100644 --- a/pkgs/development/python-modules/gevent/default.nix +++ b/pkgs/development/python-modules/gevent/default.nix @@ -29,6 +29,7 @@ buildPythonPackage rec { }; patches = [ + ./22.10.2-CVE-2023-41419.patch # Replace deprecated pkg_resources with importlib-metadata (fetchpatch { url = "https://github.com/gevent/gevent/commit/bd96d8e14dc99f757de22ab4bb98439f912dab1e.patch"; From 0f6ba7d1a5b53cf132e5c3ad5d7c3f2808004948 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 26 Nov 2023 17:18:52 +0000 Subject: [PATCH 021/124] python3Packages.gevent: add some key reverse-dependencies to passthru.tests (cherry picked from commit 96cb82f81bdfa757a062729f026ef5401f9529a9) --- pkgs/development/python-modules/gevent/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/development/python-modules/gevent/default.nix b/pkgs/development/python-modules/gevent/default.nix index bb534d6b9cb5a..a82e6472057c7 100644 --- a/pkgs/development/python-modules/gevent/default.nix +++ b/pkgs/development/python-modules/gevent/default.nix @@ -14,6 +14,12 @@ , zope_event , zope_interface , pythonOlder + +# for passthru.tests +, dulwich +, gunicorn +, opentracing +, pika }: buildPythonPackage rec { @@ -66,6 +72,14 @@ buildPythonPackage rec { "gevent.events" ]; + passthru.tests = { + inherit + dulwich + gunicorn + opentracing + pika; + } // lib.filterAttrs (k: v: lib.hasInfix "gevent" k) python.pkgs; + meta = with lib; { description = "Coroutine-based networking library"; homepage = "http://www.gevent.org/"; From 9ce730064c4545122671d09d2065448a79b746ef Mon Sep 17 00:00:00 2001 From: Randy Eckenrode Date: Fri, 1 Dec 2023 09:39:16 -0500 Subject: [PATCH 022/124] x264: fix runtime crash due to llvm-strip args This is a similar issue to https://github.com/NixOS/nixpkgs/pull/234868, but it crashes instead of failing to link. The same fix applies (using `-S` instead of `-x` with `llvm-strip`). (cherry picked from commit 0f0b89fc7bcea595d006f8323f40bb75c8a230af) --- pkgs/development/libraries/x264/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/x264/default.nix b/pkgs/development/libraries/x264/default.nix index e5ca1fc58edc6..3f41657b23578 100644 --- a/pkgs/development/libraries/x264/default.nix +++ b/pkgs/development/libraries/x264/default.nix @@ -28,6 +28,10 @@ stdenv.mkDerivation rec { postPatch = '' patchShebangs . + '' + # Darwin uses `llvm-strip`, which results in a crash at runtime in assembly-based routines when `-x` is specified. + + lib.optionalString stdenv.isDarwin '' + substituteInPlace Makefile --replace '$(if $(STRIP), $(STRIP) -x $@)' '$(if $(STRIP), $(STRIP) -S $@)' ''; enableParallelBuilding = true; From 5c56571a5787d61ebab935b53fcc2a584f0456cb Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 2 Dec 2023 12:48:43 +0000 Subject: [PATCH 023/124] =?UTF-8?q?gtk4:=204.12.3=20=E2=86=92=204.12.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gtk/-/compare/4.12.3...4.12.4 (cherry picked from commit 325920e11edfd67ebe62da1287fccbba86c5060e) --- pkgs/development/libraries/gtk/4.x.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/gtk/4.x.nix b/pkgs/development/libraries/gtk/4.x.nix index 218efb6559fb0..2d14823accf40 100644 --- a/pkgs/development/libraries/gtk/4.x.nix +++ b/pkgs/development/libraries/gtk/4.x.nix @@ -3,7 +3,6 @@ , buildPackages , substituteAll , fetchurl -, fetchpatch , pkg-config , gettext , graphene @@ -69,7 +68,7 @@ in stdenv.mkDerivation rec { pname = "gtk4"; - version = "4.12.3"; + version = "4.12.4"; outputs = [ "out" "dev" ] ++ lib.optionals x11Support [ "devdoc" ]; outputBin = "dev"; @@ -81,19 +80,12 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnome/sources/gtk/${lib.versions.majorMinor version}/gtk-${version}.tar.xz"; - sha256 = "FIziYvbIZIdFX7HZeTw/WLw+HaR3opYX+tsEIPWHCok="; + sha256 = "umfGSY5Vmfko7a+54IoyCt+qUKsvDab8arIlL8LVdSA="; }; patches = [ # https://github.com/NixOS/nixpkgs/pull/218143#issuecomment-1501059486 ./patches/4.0-fix-darwin-build.patch - - # gdk: Fix compilation on macos - # https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/6208 - (fetchpatch { - url = "https://gitlab.gnome.org/GNOME/gtk/-/commit/aa888c0b3f775776fe3b71028396b7a8c6adb1d6.patch"; - sha256 = "sha256-Jw6BvWDX0wIs4blUiX3qdQCR574yhcaO06Vy/IqfbJo="; - }) ]; depsBuildBuild = [ From d63c6c91dfd9fd1d13204c4521562bac1a5575c9 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Tue, 5 Dec 2023 00:19:35 -0500 Subject: [PATCH 024/124] python311Packages.awkward: unbreak on darwin (cherry picked from commit ab18d1eae2a0c6a2d750536e4cff386624b31d13) --- pkgs/development/python-modules/awkward/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/awkward/default.nix b/pkgs/development/python-modules/awkward/default.nix index b4e4774af8ce1..da217b4496bb5 100644 --- a/pkgs/development/python-modules/awkward/default.nix +++ b/pkgs/development/python-modules/awkward/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildPythonPackage , pythonOlder , fetchFromGitHub @@ -57,8 +58,6 @@ buildPythonPackage rec { nativeCheckInputs = [ fsspec - jax - jaxlib numba setuptools numexpr @@ -66,6 +65,10 @@ buildPythonPackage rec { pyarrow pytest-xdist pytestCheckHook + ] ++ lib.optionals (!stdenv.isDarwin) [ + # no support for darwin + jax + jaxlib ]; # The following tests have been disabled because they need to be run on a GPU platform. From 380c1bb7352b1b81813dc1943b8e4cd9c1a60cb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 5 Dec 2023 22:48:17 +0100 Subject: [PATCH 025/124] go: 1.21.4 -> 1.21.5 Changelog: https://go.dev/doc/devel/release#go1.21 fixes 3 CVEs: https://www.openwall.com/lists/oss-security/2023/12/05/2 (cherry picked from commit 1f13eabcd6f5b00fe9de9575ac52c66a0e887ce6) --- pkgs/development/compilers/go/1.21.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/go/1.21.nix b/pkgs/development/compilers/go/1.21.nix index c12af4db34c56..715050cc0a739 100644 --- a/pkgs/development/compilers/go/1.21.nix +++ b/pkgs/development/compilers/go/1.21.nix @@ -46,11 +46,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "go"; - version = "1.21.4"; + version = "1.21.5"; src = fetchurl { url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-R7Jqg9K2WjwcG8rOJztpvuSaentRaKdgTe09JqN714c="; + hash = "sha256-KFy730tubmLtWPNw8/bYwwgl1uVsWFPGbTwjvNsJ2xk="; }; strictDeps = true; From 08640c3508667e30d542f273a1f38ec8f6539c3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 5 Dec 2023 22:49:30 +0100 Subject: [PATCH 026/124] go_1_20: 1.20.11 -> 1.20.12 Changelog: https://go.dev/doc/devel/release#go1.20 fixes 3 CVEs: https://www.openwall.com/lists/oss-security/2023/12/05/2 (cherry picked from commit 10f62d348bea474cf95abdb91457ab497e664a6f) --- pkgs/development/compilers/go/1.20.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/go/1.20.nix b/pkgs/development/compilers/go/1.20.nix index 06002f4930ef0..8a0b86864b9dd 100644 --- a/pkgs/development/compilers/go/1.20.nix +++ b/pkgs/development/compilers/go/1.20.nix @@ -46,11 +46,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "go"; - version = "1.20.11"; + version = "1.20.12"; src = fetchurl { url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-01XFrjqPd2PJ7J3CUVOq43OVjLy2DdCekai1bHYhsvw="; + hash = "sha256-xb+TR1HTHDFcHQu1+wIpZUX6bQiSNWb3pa/sgfLtJ9Y="; }; strictDeps = true; From dbac175b72534aa5794092a2c8e444e3cfe88f88 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 3 Dec 2023 16:54:24 +0000 Subject: [PATCH 027/124] gjs: 1.78.0 -> 1.78.1 Changes: https://gitlab.gnome.org/GNOME/gjs/-/compare/1.78.0...1.78.1?from_project_id=106&straight=false (cherry picked from commit 3c5e88f539969670634cc48fea63c5633a2d7769) --- pkgs/development/libraries/gjs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gjs/default.nix b/pkgs/development/libraries/gjs/default.nix index edcb29f3ccb71..07a9202e19e93 100644 --- a/pkgs/development/libraries/gjs/default.nix +++ b/pkgs/development/libraries/gjs/default.nix @@ -31,13 +31,13 @@ let ]; in stdenv.mkDerivation rec { pname = "gjs"; - version = "1.78.0"; + version = "1.78.1"; outputs = [ "out" "dev" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/gjs/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "sha256-+6og4JF2aIMIAPkpUWiPn8CPASlq/9XNtLNfdQvifck="; + hash = "sha256-fpBRHEKRJ8OerABoxKyaNT335vu8ZG9fGOiWKILBhkE="; }; patches = [ From 8fb1486901a3f4e7cbdee5616f7d1a39a5dc7a99 Mon Sep 17 00:00:00 2001 From: Leona Maroni Date: Thu, 7 Dec 2023 13:44:59 +0100 Subject: [PATCH 028/124] bluez: apply patch for CVE-2023-45866 (cherry picked from commit 7d7f66dfba9f239f15aaec6512afb3443bbae915) --- pkgs/os-specific/linux/bluez/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index c6c7d9d0f509b..af3e4391f75db 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -36,6 +36,12 @@ in stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/main/bluez/max-input.patch?id=32b31b484cb13009bd8081c4106e4cf064ec2f1f"; sha256 = "sha256-SczbXtsxBkCO+izH8XOBcrJEO2f7MdtYVT3+2fCV8wU="; }) + # CVE-2023-45866 / https://github.com/skysafe/reblog/tree/main/cve-2023-45866 + (fetchpatch { + name = "CVE-2023-45866.patch"; + url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"; + sha256 = "sha256-IuPQ18yN0EO/PkqdT/JETyOxdZCKewBiDjGN4CG2GLo="; + }) ]; buildInputs = [ From 11c36227d404505ce2cba22aab2340e756943c3e Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Thu, 7 Dec 2023 13:02:15 -0500 Subject: [PATCH 029/124] mesa: use upstreamed patches for macOS fixes There should be no functional difference, except using patches from main slightly reduces risk of the patches becoming unavailable for download. (cherry picked from commit 6fe9a866d91219a496a9bb9115bbc27711c88173) --- pkgs/development/libraries/mesa/default.nix | 24 ++++++--------------- 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index b4b70fcab4f55..139aaaee023a1 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -134,28 +134,16 @@ self = stdenv.mkDerivation { ./opencl.patch ./disk_cache-include-dri-driver-path-in-cache-key.patch ] ++ lib.optionals stdenv.isDarwin [ - # https://gitlab.freedesktop.org/mesa/mesa/-/issues/8634 - (fetchpatch { - url = "https://gitlab.freedesktop.org/robclark/mesa/-/commit/44734d1fe98ef47019fe2c56d867d1645c526e4e.diff"; - hash = "sha256-ipaISEY5xcnGvrwFxNY80JVlYWddfiHofkYEBuPkyDY="; - }) - (fetchpatch { - url = "https://gitlab.freedesktop.org/robclark/mesa/-/commit/d2a46afbfc44121aa491a2b4d1a3249d26fc6a11.diff"; - hash = "sha256-i00s9oUhZXXf/A4cHwWN6uRDP70cHjz+kgVpiDM/eMw="; - }) - (fetchpatch { - url = "https://gitlab.freedesktop.org/robclark/mesa/-/commit/17cde1ee87cc0cbb896ca81949b8f192d5496271.diff"; - hash = "sha256-ao2pWQwMBskOjWJsjWqwFYAeqpTWAyJbEtSryDO+xyo="; - }) - (fetchpatch { - url = "https://gitlab.freedesktop.org/robclark/mesa/-/commit/4489d737d5c12eb0a3441ed0b303f9f1100a7166.diff"; - hash = "sha256-WxqwEngd79NHLedQOWMjjroaN0gr6Upd96uteSvr4Yw="; - }) - # fixes a linking error + # Fix build on macOS + # Last two commits from https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25992 (fetchpatch { url = "https://gitlab.freedesktop.org/mesa/mesa/-/commit/c8b64452c076c1768beb23280de25faf2bcbe2c8.diff"; hash = "sha256-mqivdzyoLtkfkAb+r57gjPwg8d7whgFAahiUhGVOOvo="; }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/mesa/mesa/-/commit/96d55d784cb4f047a4b58cd08330f42208641ea7.diff"; + hash = "sha256-SkWdvqltfByFiKlhr9YILA6qWQxuyKz/YTanVp/NMzg="; + }) ]; postPatch = '' From 7a2335e0a108ac0ddccbc5c95979df50aa832c73 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 10 Dec 2023 14:55:28 +0100 Subject: [PATCH 030/124] nss_esr: 3.90 -> 3.90.1 https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_90_1.rst (cherry picked from commit d896ef6c803c706821fcdc103aa093767a7cab63) --- pkgs/development/libraries/nss/esr.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nss/esr.nix b/pkgs/development/libraries/nss/esr.nix index 55e09511aab15..63308f385036d 100644 --- a/pkgs/development/libraries/nss/esr.nix +++ b/pkgs/development/libraries/nss/esr.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "3.90"; - hash = "sha256-ZEG6ZcEymQ8Yw02ziT2LFWuvwZ1rRuT93rRHGYM22yQ="; + version = "3.90.1"; + hash = "sha256-5Fx0p2WP/LbGIqfhm6+zEab71UZPWBubCUGBEKQIsX8="; } From ec1a8b259835a9ccf3de9c3c72d0d7a49e790d51 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 10 Dec 2023 19:54:14 +0000 Subject: [PATCH 031/124] libsecret: 0.21.1 -> 0.21.2 Changes: https://gitlab.gnome.org/GNOME/libsecret/-/compare/0.21.1...0.21.2?from_project_id=1696&straight=false (cherry picked from commit d8c9c776b52a7827a7160b3dcc6aadd6bb1a1d51) --- pkgs/development/libraries/libsecret/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libsecret/default.nix b/pkgs/development/libraries/libsecret/default.nix index 2818e27ae4cf2..733fcafaf2904 100644 --- a/pkgs/development/libraries/libsecret/default.nix +++ b/pkgs/development/libraries/libsecret/default.nix @@ -24,13 +24,13 @@ stdenv.mkDerivation rec { pname = "libsecret"; - version = "0.21.1"; + version = "0.21.2"; outputs = [ "out" "dev" ] ++ lib.optional withIntrospection "devdoc"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "Z09RMjpfdOTLfjJ32mi1r93TM+yiW8n9LYIKkpcvkLE="; + hash = "sha256-5KNBSWoIFeZMjTuPq6sz17rn796rd7hDZpcx1bGB3O4="; }; depsBuildBuild = [ From 1e578d931b35b23ffbe8a634aca0429ac6a78822 Mon Sep 17 00:00:00 2001 From: Josh Hoffer Date: Sun, 19 Nov 2023 18:36:21 -0700 Subject: [PATCH 032/124] ipu6-drivers: unstable-2023-08-28 -> unstable-2023-11-15 (cherry picked from commit 8837ce7d664b11c9ffe002b46640625e50000bc8) --- pkgs/os-specific/linux/ipu6-drivers/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/ipu6-drivers/default.nix b/pkgs/os-specific/linux/ipu6-drivers/default.nix index bc85ffd9aa32c..d29770661172a 100644 --- a/pkgs/os-specific/linux/ipu6-drivers/default.nix +++ b/pkgs/os-specific/linux/ipu6-drivers/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation { pname = "ipu6-drivers"; - version = "unstable-2023-08-28"; + version = "unstable-2023-11-15"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-drivers"; - rev = "7c3d6ab1e9e234563a0af51286b0a8d60445f2a3"; - hash = "sha256-D782v6hIqAl2EO1+zKeakURD3UGVP3c7p3ba/61yfW4="; + rev = "067270ff020aaec9456085c217f1c2747c8c5ef5"; + hash = "sha256-fK5WTO1wfu3nVBsUfKiAgrxwH9DSaludNLBtMxMhG+A="; }; postPatch = '' From 8d8c26417368ac31c36667a515d941714099e93f Mon Sep 17 00:00:00 2001 From: Josh Hoffer Date: Sun, 19 Nov 2023 23:47:40 -0700 Subject: [PATCH 033/124] ipu6-camera-bin: unstable-2023-02-08 -> unstable-2023-10-26 Upgrade to latest commit of upstream main branch: unstable-2023-10-26 Switch to building for all platforms like upstream does now. (cherry picked from commit bfca0a849ea31e1076b47672458b7b208a1f18cb) --- .../firmware/ipu6-camera-bins/default.nix | 32 +++++-------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix index a4bbd6d2bb6bf..b3a1474dc4308 100644 --- a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix +++ b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix @@ -4,26 +4,19 @@ , autoPatchelfHook , expat , zlib - -# Pick one of -# - ipu6 (Tiger Lake) -# - ipu6ep (Alder Lake) -, ipuVersion ? "ipu6" }: stdenv.mkDerivation (finalAttrs: { - pname = "${ipuVersion}-camera-bin"; - version = "unstable-2023-02-08"; + pname = "ipu6-camera-bin"; + version = "unstable-2023-10-26"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-camera-bins"; - rev = "276859fc6de83918a32727d676985ec40f31af2b"; - hash = "sha256-QnedM2UBbGyd2wIF762Mi+VkDZYtC6MifK4XGGxlUzw="; + rev = "af5ba0cb4a763569ac7514635013e9d870040bcf"; + hash = "sha256-y0pT5M7AKACbquQWLZPYpTPXRC5hipLNL61nhs+cst4="; }; - sourceRoot = "${finalAttrs.src.name}/${ipuVersion}"; - nativeBuildInputs = [ autoPatchelfHook stdenv.cc.cc.lib @@ -40,13 +33,13 @@ stdenv.mkDerivation (finalAttrs: { include \ $out/ - install -m 0644 -D ../LICENSE $out/share/doc/LICENSE + install -m 0644 -D LICENSE $out/share/doc/LICENSE runHook postInstall ''; postFixup = '' - for pcfile in $out/lib/pkgconfig/*.pc; do + for pcfile in $out/lib/*/pkgconfig/*.pc; do substituteInPlace $pcfile \ --replace 'exec_prefix=/usr' 'exec_prefix=''${prefix}' \ --replace 'prefix=/usr' "prefix=$out" \ @@ -55,17 +48,8 @@ stdenv.mkDerivation (finalAttrs: { done ''; - passthru = { - inherit ipuVersion; - }; - - meta = let - generation = { - ipu6 = "Tiger Lake"; - ipu6ep = "Alder Lake"; - }.${ipuVersion}; - in with lib; { - description = "${generation} IPU firmware and proprietary image processing libraries"; + meta = with lib; { + description = "IPU firmware and proprietary image processing libraries"; homepage = "https://github.com/intel/ipu6-camera-bins"; license = licenses.issl; sourceProvenance = with sourceTypes; [ From 20b8da007c997735f6375154ecced9e2a3d575a6 Mon Sep 17 00:00:00 2001 From: Josh Hoffer Date: Mon, 20 Nov 2023 00:21:41 -0700 Subject: [PATCH 034/124] ipu6-camera-hal and icamerasrc updates ipu6-camera-hal: unstable-2023-03-09 -> unstable-2023-03-09 icamerasrc: unstable-2023-03-09 -> unstable-2023-10-23 Moved ipu6 platform "versioning" to ipu6-camera-hal to match upstream build process. Not ideal but too unclear ATM if ipu6-camera-bin firmware could be a multi-output derivation. Specifically which platform owns `ipu6epadln_fw.bin` is unknown. Added ipu6epmtl "Meteor Lake" platform entries. TODO: I think there is one more fix that upstream nixpkgs is missing in order for firmware to actualy load/work (check Dell laptop config for that fix). (cherry picked from commit 6835a72af649f4b0720cc005d458ddf7234b9630) --- .../libraries/gstreamer/default.nix | 4 +++ .../gstreamer/icamerasrc/default.nix | 6 ++-- .../libraries/ipu6-camera-hal/default.nix | 30 +++++++++++++------ pkgs/top-level/all-packages.nix | 6 ++-- 4 files changed, 31 insertions(+), 15 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/default.nix b/pkgs/development/libraries/gstreamer/default.nix index 662009005e36b..1bfdf5b24de35 100644 --- a/pkgs/development/libraries/gstreamer/default.nix +++ b/pkgs/development/libraries/gstreamer/default.nix @@ -14,6 +14,7 @@ , Security , VideoToolbox , ipu6ep-camera-hal +, ipu6epmtl-camera-hal }: { @@ -47,6 +48,9 @@ icamerasrc-ipu6ep = callPackage ./icamerasrc { ipu6-camera-hal = ipu6ep-camera-hal; }; + icamerasrc-ipu6epmtl = callPackage ./icamerasrc { + ipu6-camera-hal = ipu6epmtl-camera-hal; + }; # note: gst-python is in ../../python-modules/gst-python - called under python3Packages } diff --git a/pkgs/development/libraries/gstreamer/icamerasrc/default.nix b/pkgs/development/libraries/gstreamer/icamerasrc/default.nix index b03dd953e1407..24c16ecd0ff5b 100644 --- a/pkgs/development/libraries/gstreamer/icamerasrc/default.nix +++ b/pkgs/development/libraries/gstreamer/icamerasrc/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "icamerasrc-${ipu6-camera-hal.ipuVersion}"; - version = "unstable-2023-03-09"; + version = "unstable-2023-10-23"; src = fetchFromGitHub { owner = "intel"; repo = "icamerasrc"; - rev = "17841ab6249aaa69bd9b3959262bf182dee74111"; - hash = "sha256-j8ZYe4nyy5yfo10CGeXDwbAaAPvdr0ptMWB8hQDyESQ="; + rev = "528a6f177732def4d5ebc17927220d8823bc8fdc"; + hash = "sha256-Ezcm5OpF/NKvJf5sFeJyvNc2Uq0166GukC9MuNUV2Fs="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/ipu6-camera-hal/default.nix b/pkgs/development/libraries/ipu6-camera-hal/default.nix index 7fce11d21a43d..3c8847c700234 100644 --- a/pkgs/development/libraries/ipu6-camera-hal/default.nix +++ b/pkgs/development/libraries/ipu6-camera-hal/default.nix @@ -11,17 +11,29 @@ , ipu6-camera-bin , libtool , gst_all_1 -}: +# Pick one of +# - ipu6 (Tiger Lake) +# - ipu6ep (Alder Lake) +# - ipu6epmtl (Meteor Lake) +, ipuVersion ? "ipu6" +}: +let + ipuTarget = { + "ipu6" = "ipu_tgl"; + "ipu6ep" = "ipu_adl"; + "ipu6epmtl" = "ipu_mtl"; + }.${ipuVersion}; +in stdenv.mkDerivation { - pname = "${ipu6-camera-bin.ipuVersion}-camera-hal"; - version = "unstable-2023-02-08"; + pname = "${ipuVersion}-camera-hal"; + version = "unstable-2023-09-25"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-camera-hal"; - rev = "884b81aae0ea19a974eb8ccdaeef93038136bdd4"; - hash = "sha256-AePL7IqoOhlxhfPRLpCman5DNh3wYS4MUcLgmgBUcCM="; + rev = "9fa05a90886d399ad3dda4c2ddc990642b3d20c9"; + hash = "sha256-yS1D7o6dsQ4FQkjfwcisOxcP7Majb+4uQ/iW5anMb5c="; }; nativeBuildInputs = [ @@ -29,8 +41,10 @@ stdenv.mkDerivation { pkg-config ]; + PKG_CONFIG_PATH = "${lib.getDev ipu6-camera-bin}/lib/${ipuTarget}/pkgconfig"; + cmakeFlags = [ - "-DIPU_VER=${ipu6-camera-bin.ipuVersion}" + "-DIPU_VER=${ipuVersion}" # missing libiacss "-DUSE_PG_LITE_PIPE=ON" # missing libipu4 @@ -39,8 +53,6 @@ stdenv.mkDerivation { NIX_CFLAGS_COMPILE = [ "-Wno-error" - "-I${lib.getDev ipu6-camera-bin}/include/ia_imaging" - "-I${lib.getDev ipu6-camera-bin}/include/ia_camera" ]; enableParallelBuilding = true; @@ -64,7 +76,7 @@ stdenv.mkDerivation { ''; passthru = { - inherit (ipu6-camera-bin) ipuVersion; + inherit ipuVersion; }; meta = with lib; { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 99fa3821e5fe0..ff187c7bf6047 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28005,12 +28005,12 @@ with pkgs; ipu6-camera-hal = callPackage ../development/libraries/ipu6-camera-hal {}; - ipu6ep-camera-bin = callPackage ../os-specific/linux/firmware/ipu6-camera-bins { + ipu6ep-camera-hal = callPackage ../development/libraries/ipu6-camera-hal { ipuVersion = "ipu6ep"; }; - ipu6ep-camera-hal = callPackage ../development/libraries/ipu6-camera-hal { - ipu6-camera-bin = ipu6ep-camera-bin; + ipu6epmtl-camera-hal = callPackage ../development/libraries/ipu6-camera-hal { + ipuVersion = "ipu6epmtl"; }; ivsc-firmware = callPackage ../os-specific/linux/firmware/ivsc-firmware { }; From ee6b471b53caaf4a25763f5e4f914499928b55e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:44:50 +0000 Subject: [PATCH 035/124] v4l2loopback: unstable-2023-02-19 -> unstable-2023-11-23 (cherry picked from commit 0da017634639700c0a0e46bfd84cbc1a5005beba) --- pkgs/os-specific/linux/v4l2loopback/default.nix | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index e17fda67218e1..3d16748f05a2e 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -1,21 +1,16 @@ { lib, stdenv, fetchFromGitHub, kernel, kmod }: -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "v4l2loopback"; - version = "unstable-2023-02-19-${kernel.version}"; + version = "unstable-2023-11-23-${kernel.version}"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; - rev = "fb410fc7af40e972058809a191fae9517b9313af"; - hash = "sha256-gLFtR7s+3LUQ0BZxHbmaArHbufuphbtAX99nxJU3c84="; + rev = "850a2e36849f6ad3c9bf74f2ae3f603452bd8a71"; + hash = "sha256-LqP5R3oKbjUQUfDZUWpkrmyopWhOt4wlgSgGywTPJXM="; }; - patches = [ - # fix bug https://github.com/umlaeute/v4l2loopback/issues/535 - ./revert-pr518.patch - ]; - hardeningDisable = [ "format" "pic" ]; preBuild = '' From 7124bd0b20e4f6d8905c57427374fd0bf264d783 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:45:33 +0000 Subject: [PATCH 036/124] ipu6-drivers: unstable-2023-11-15 -> unstable-2023-11-24 (cherry picked from commit 1381007a828e52f932d8542c1fb4d9bd4727625a) --- pkgs/os-specific/linux/ipu6-drivers/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/ipu6-drivers/default.nix b/pkgs/os-specific/linux/ipu6-drivers/default.nix index d29770661172a..fe9cb1da018c6 100644 --- a/pkgs/os-specific/linux/ipu6-drivers/default.nix +++ b/pkgs/os-specific/linux/ipu6-drivers/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation { pname = "ipu6-drivers"; - version = "unstable-2023-11-15"; + version = "unstable-2023-11-24"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-drivers"; - rev = "067270ff020aaec9456085c217f1c2747c8c5ef5"; - hash = "sha256-fK5WTO1wfu3nVBsUfKiAgrxwH9DSaludNLBtMxMhG+A="; + rev = "07f0612eabfdc31df36f5e316a9eae115807804f"; + hash = "sha256-8JRZG6IKJT0qtoqJHm8641kSQMLc4Z+DRzK6FpL9Euk="; }; postPatch = '' From 54243cee3cc29b7a9f4b1debff3fa11c2b91f9ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:46:17 +0000 Subject: [PATCH 037/124] ivsc-driver: unstable-2023-03-10 -> unstable-2023-11-09 (cherry picked from commit 25659148ef4200e0c53a189dd89898602f95bb26) --- pkgs/os-specific/linux/ivsc-driver/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/ivsc-driver/default.nix b/pkgs/os-specific/linux/ivsc-driver/default.nix index 0491b1d548b46..72173de49baa5 100644 --- a/pkgs/os-specific/linux/ivsc-driver/default.nix +++ b/pkgs/os-specific/linux/ivsc-driver/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation { pname = "ivsc-driver"; - version = "unstable-2023-03-10"; + version = "unstable-2023-11-09"; src = fetchFromGitHub { owner = "intel"; repo = "ivsc-driver"; - rev = "c8db12b907e2e455d4d5586e5812d1ae0eebd571"; - hash = "sha256-OM9PljvaMKrk72BFeSCqaABFeAws+tOdd3oC2jyNreE="; + rev = "73a044d9633212fac54ea96cdd882ff5ab40573e"; + hash = "sha256-vE5pOtVqjiWovlUMSEoBKTk/qvs8K8T5oY2r7njh0wQ="; }; nativeBuildInputs = kernel.moduleBuildDependencies; From cdf54e432dc9baca41542500d0a9be33c69b25e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 19:29:24 +0000 Subject: [PATCH 038/124] ivsc-firmware: unstable-2022-11-02 -> unstable-2023-08-11 (cherry picked from commit ad8dfeabe7bf852ea938592bcd2fad76db1f92ee) --- pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix b/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix index fb2f940ddce63..1a90380838a91 100644 --- a/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix +++ b/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation { pname = "ivsc-firmware"; - version = "unstable-2022-11-02"; + version = "unstable-2023-08-11"; src = fetchFromGitHub { owner = "intel"; repo = "ivsc-firmware"; - rev = "29c5eff4cdaf83e90ef2dcd2035a9cdff6343430"; - hash = "sha256-GuD1oTnDEs0HslJjXx26DkVQIe0eS+js4UoaTDa77ME="; + rev = "10c214fea5560060d387fbd2fb8a1af329cb6232"; + hash = "sha256-kEoA0yeGXuuB+jlMIhNm+SBljH+Ru7zt3PzGb+EPBPw="; }; dontBuild = true; From 37ee37382e2f1b6bfe182dc216913ac2f1b0a902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:50:12 +0000 Subject: [PATCH 039/124] ipu6-camera-bins: rename from ipu6-camera-bin (cherry picked from commit fc2013e3ebe0e4f2c3ff87159b7784216d26c6b7) --- nixos/modules/hardware/video/webcam/ipu6.nix | 4 +--- pkgs/development/libraries/ipu6-camera-hal/default.nix | 6 +++--- .../os-specific/linux/firmware/ipu6-camera-bins/default.nix | 2 +- pkgs/top-level/all-packages.nix | 2 +- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/nixos/modules/hardware/video/webcam/ipu6.nix b/nixos/modules/hardware/video/webcam/ipu6.nix index fce78cda34c71..acfacfbf114d7 100644 --- a/nixos/modules/hardware/video/webcam/ipu6.nix +++ b/nixos/modules/hardware/video/webcam/ipu6.nix @@ -29,9 +29,7 @@ in ipu6-drivers ]; - hardware.firmware = with pkgs; [ ] - ++ optional (cfg.platform == "ipu6") ipu6-camera-bin - ++ optional (cfg.platform == "ipu6ep") ipu6ep-camera-bin; + hardware.firmware = [ pkgs.ipu6-camera-bins ]; services.udev.extraRules = '' SUBSYSTEM=="intel-ipu6-psys", MODE="0660", GROUP="video" diff --git a/pkgs/development/libraries/ipu6-camera-hal/default.nix b/pkgs/development/libraries/ipu6-camera-hal/default.nix index 3c8847c700234..a760399542594 100644 --- a/pkgs/development/libraries/ipu6-camera-hal/default.nix +++ b/pkgs/development/libraries/ipu6-camera-hal/default.nix @@ -8,7 +8,7 @@ # runtime , expat -, ipu6-camera-bin +, ipu6-camera-bins , libtool , gst_all_1 @@ -41,7 +41,7 @@ stdenv.mkDerivation { pkg-config ]; - PKG_CONFIG_PATH = "${lib.getDev ipu6-camera-bin}/lib/${ipuTarget}/pkgconfig"; + PKG_CONFIG_PATH = "${lib.getDev ipu6-camera-bins}/lib/${ipuTarget}/pkgconfig"; cmakeFlags = [ "-DIPU_VER=${ipuVersion}" @@ -59,7 +59,7 @@ stdenv.mkDerivation { buildInputs = [ expat - ipu6-camera-bin + ipu6-camera-bins libtool gst_all_1.gstreamer gst_all_1.gst-plugins-base diff --git a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix index b3a1474dc4308..7aeb338862549 100644 --- a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix +++ b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix @@ -7,7 +7,7 @@ }: stdenv.mkDerivation (finalAttrs: { - pname = "ipu6-camera-bin"; + pname = "ipu6-camera-bins"; version = "unstable-2023-10-26"; src = fetchFromGitHub { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ff187c7bf6047..d908c937e50f3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28001,7 +28001,7 @@ with pkgs; iproute2 = callPackage ../os-specific/linux/iproute { }; - ipu6-camera-bin = callPackage ../os-specific/linux/firmware/ipu6-camera-bins {}; + ipu6-camera-bins = callPackage ../os-specific/linux/firmware/ipu6-camera-bins {}; ipu6-camera-hal = callPackage ../development/libraries/ipu6-camera-hal {}; From d6f65252d160dd4672a8402c5b5a1687ad9957d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:50:41 +0000 Subject: [PATCH 040/124] ipu6-camera-bins: remove unnecessary post-fixup steps these were fixed upstream and are no longer needed (cherry picked from commit a541b15ffe27e2b31af2642f8cf2cad4aeca461f) --- pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix index 7aeb338862549..71a7cd9e947b5 100644 --- a/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix +++ b/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix @@ -41,10 +41,7 @@ stdenv.mkDerivation (finalAttrs: { postFixup = '' for pcfile in $out/lib/*/pkgconfig/*.pc; do substituteInPlace $pcfile \ - --replace 'exec_prefix=/usr' 'exec_prefix=''${prefix}' \ - --replace 'prefix=/usr' "prefix=$out" \ - --replace 'libdir=/usr/lib' 'libdir=''${prefix}/lib' \ - --replace 'includedir=/usr/include' 'includedir=''${prefix}/include' + --replace 'prefix=/usr' "prefix=$out" done ''; From 7cd55987a5c023ed7a0a4a51fe6ae7087ee02bc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:51:42 +0000 Subject: [PATCH 041/124] ipu6-camera-hal: remove unnecessary post-fixup and cmake flag (cherry picked from commit ae5f61ea9eab9699847a1ce9f433a2ce34dc63fa) --- pkgs/development/libraries/ipu6-camera-hal/default.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkgs/development/libraries/ipu6-camera-hal/default.nix b/pkgs/development/libraries/ipu6-camera-hal/default.nix index a760399542594..759baa61605b4 100644 --- a/pkgs/development/libraries/ipu6-camera-hal/default.nix +++ b/pkgs/development/libraries/ipu6-camera-hal/default.nix @@ -47,8 +47,6 @@ stdenv.mkDerivation { "-DIPU_VER=${ipuVersion}" # missing libiacss "-DUSE_PG_LITE_PIPE=ON" - # missing libipu4 - "-DENABLE_VIRTUAL_IPU_PIPE=OFF" ]; NIX_CFLAGS_COMPILE = [ @@ -70,11 +68,6 @@ stdenv.mkDerivation { --replace '/usr/share/' "${placeholder "out"}/share/" ''; - postFixup = '' - substituteInPlace $out/lib/pkgconfig/libcamhal.pc \ - --replace 'prefix=/usr' "prefix=$out" - ''; - passthru = { inherit ipuVersion; }; From bd7b81d53f672f52a524eb793b37bafa202014e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 19:16:11 +0000 Subject: [PATCH 042/124] ipu6-camera-hal: patch libs to find platform-specific ipu6-camera-bins (cherry picked from commit 74f7417eacd20713ec67582c26718d5d3943eebc) --- pkgs/development/libraries/ipu6-camera-hal/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ipu6-camera-hal/default.nix b/pkgs/development/libraries/ipu6-camera-hal/default.nix index 759baa61605b4..3ec63fd0807d3 100644 --- a/pkgs/development/libraries/ipu6-camera-hal/default.nix +++ b/pkgs/development/libraries/ipu6-camera-hal/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation { pkg-config ]; - PKG_CONFIG_PATH = "${lib.getDev ipu6-camera-bins}/lib/${ipuTarget}/pkgconfig"; + PKG_CONFIG_PATH = "${lib.makeLibraryPath [ ipu6-camera-bins ]}/${ipuTarget}/pkgconfig"; cmakeFlags = [ "-DIPU_VER=${ipuVersion}" @@ -68,6 +68,12 @@ stdenv.mkDerivation { --replace '/usr/share/' "${placeholder "out"}/share/" ''; + postFixup = '' + for lib in $out/lib/*.so; do + patchelf --add-rpath "${lib.makeLibraryPath [ ipu6-camera-bins ]}/${ipuTarget}" $lib + done + ''; + passthru = { inherit ipuVersion; }; From a4a4100246a3196697a8ee7a2ffa56b8d1945f62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:52:34 +0000 Subject: [PATCH 043/124] icamerasrc: remove unnecessary rec (cherry picked from commit 5adf1a2f48e793c310978880a4b861da1ba6891e) --- pkgs/development/libraries/gstreamer/icamerasrc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/gstreamer/icamerasrc/default.nix b/pkgs/development/libraries/gstreamer/icamerasrc/default.nix index 24c16ecd0ff5b..4d6c5671f0e28 100644 --- a/pkgs/development/libraries/gstreamer/icamerasrc/default.nix +++ b/pkgs/development/libraries/gstreamer/icamerasrc/default.nix @@ -8,7 +8,7 @@ , libdrm }: -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "icamerasrc-${ipu6-camera-hal.ipuVersion}"; version = "unstable-2023-10-23"; From d70968cece0d57034f4f74de459316e26aaace07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Thu, 7 Dec 2023 11:54:10 +0000 Subject: [PATCH 044/124] nixos/ipu6: add support for ipu6epmtl (cherry picked from commit 85169ed61cb1a7bca075084e3ebe3cb96e359205) --- nixos/modules/hardware/video/webcam/ipu6.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos/modules/hardware/video/webcam/ipu6.nix b/nixos/modules/hardware/video/webcam/ipu6.nix index acfacfbf114d7..c2dbdc217bd60 100644 --- a/nixos/modules/hardware/video/webcam/ipu6.nix +++ b/nixos/modules/hardware/video/webcam/ipu6.nix @@ -13,11 +13,12 @@ in enable = mkEnableOption (lib.mdDoc "support for Intel IPU6/MIPI cameras"); platform = mkOption { - type = types.enum [ "ipu6" "ipu6ep" ]; + type = types.enum [ "ipu6" "ipu6ep" "ipu6epmtl" ]; description = lib.mdDoc '' Choose the version for your hardware platform. - Use `ipu6` for Tiger Lake and `ipu6ep` for Alder Lake respectively. + Use `ipu6` for Tiger Lake, `ipu6ep` for Alder Lake or Raptor Lake, + and `ipu6epmtl` for Meteor Lake. ''; }; @@ -42,14 +43,13 @@ in extraPackages = with pkgs.gst_all_1; [ ] ++ optional (cfg.platform == "ipu6") icamerasrc-ipu6 - ++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep; + ++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep + ++ optional (cfg.platform == "ipu6epmtl") icamerasrc-ipu6epmtl; input = { pipeline = "icamerasrc"; - format = mkIf (cfg.platform == "ipu6ep") (mkDefault "NV12"); + format = mkIf (cfg.platform != "ipu6") (mkDefault "NV12"); }; }; - }; - } From 867c84da3acdffe3d39d8720fea5e5e859f8d1be Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 14:39:48 +0000 Subject: [PATCH 045/124] opensubdiv: drop the cudatoolkit.run file, and respect cudaFlags (cherry picked from commit e5b174bedb0af5f8da2be151f241b6d0174f6bfb) --- .../libraries/opensubdiv/default.nix | 30 +++++++++++++------ 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/pkgs/development/libraries/opensubdiv/default.nix b/pkgs/development/libraries/opensubdiv/default.nix index b0ff4b528864b..b946d8ab718ae 100644 --- a/pkgs/development/libraries/opensubdiv/default.nix +++ b/pkgs/development/libraries/opensubdiv/default.nix @@ -1,9 +1,7 @@ { config, lib, stdenv, fetchFromGitHub, cmake, pkg-config, xorg, libGLU , libGL, glew, ocl-icd, python3 -, cudaSupport ? config.cudaSupport, cudatoolkit - # For visibility mostly. The whole approach to cuda architectures and capabilities - # will be reworked soon. -, cudaArch ? "compute_37" +, cudaSupport ? config.cudaSupport +, cudaPackages , openclSupport ? !cudaSupport , darwin }: @@ -21,7 +19,11 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - nativeBuildInputs = [ cmake pkg-config ]; + nativeBuildInputs = [ + cmake + pkg-config + cudaPackages.cuda_nvcc + ]; buildInputs = [ libGLU libGL python3 # FIXME: these are not actually needed, but the configure script wants them. @@ -30,21 +32,31 @@ stdenv.mkDerivation rec { ] ++ lib.optional (openclSupport && !stdenv.isDarwin) ocl-icd ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [OpenCL Cocoa CoreVideo IOKit AppKit AGL ]) - ++ lib.optional cudaSupport cudatoolkit; + ++ lib.optional cudaSupport [ + cudaPackages.cuda_cudart + ]; + + # It's important to set OSD_CUDA_NVCC_FLAGS, + # because otherwise OSD might piggyback unwanted architectures: + # https://github.com/PixarAnimationStudios/OpenSubdiv/blob/7d0ab5530feef693ac0a920585b5c663b80773b3/CMakeLists.txt#L602 + preConfigure = lib.optionalString cudaSupport '' + cmakeFlagsArray+=( + -DOSD_CUDA_NVCC_FLAGS="${lib.concatStringsSep " " cudaPackages.cudaFlags.gencode}" + ) + ''; cmakeFlags = [ "-DNO_TUTORIALS=1" "-DNO_REGRESSION=1" "-DNO_EXAMPLES=1" "-DNO_METAL=1" # don’t have metal in apple sdk + (lib.cmakeBool "NO_OPENCL" (!openclSupport)) + (lib.cmakeBool "NO_CUDA" (!cudaSupport)) ] ++ lib.optionals (!stdenv.isDarwin) [ "-DGLEW_INCLUDE_DIR=${glew.dev}/include" "-DGLEW_LIBRARY=${glew.dev}/lib" ] ++ lib.optionals cudaSupport [ - "-DOSD_CUDA_NVCC_FLAGS=--gpu-architecture=${cudaArch}" - "-DCUDA_HOST_COMPILER=${cudatoolkit.cc}/bin/cc" ] ++ lib.optionals (!openclSupport) [ - "-DNO_OPENCL=1" ]; preBuild = let maxBuildCores = 16; in lib.optionalString cudaSupport '' From 2d234b0c2c4f4343175158fc9ff404f1b0f4faaa Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Fri, 8 Dec 2023 12:55:49 -0500 Subject: [PATCH 046/124] opensubdiv: use cuda_nvcc only if cudaSupport (cherry picked from commit 3b2e32b5117e3da6fa3de1c8b67f9bf6660095b7) --- pkgs/development/libraries/opensubdiv/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/opensubdiv/default.nix b/pkgs/development/libraries/opensubdiv/default.nix index b946d8ab718ae..9c485949a5c09 100644 --- a/pkgs/development/libraries/opensubdiv/default.nix +++ b/pkgs/development/libraries/opensubdiv/default.nix @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkg-config + ] ++ lib.optional cudaSupport [ cudaPackages.cuda_nvcc ]; buildInputs = From c1ab852e6b37feba36a7fbd7ddae216a52f334c2 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sat, 9 Dec 2023 00:53:08 +0000 Subject: [PATCH 047/124] suitesparse: migrate to redist cuda also fix the incompatible gcc error by adding cuda_nvcc to nativeBuildInputs (cudaPackages.cudatoolkit in buildInputs is insufficient because that doesn't propagate the hook) (cherry picked from commit 7c97d5f5c441cce6ad717a85676eec7c7ff1b27e) --- .../science/math/suitesparse/default.nix | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index dd2eb9478f7f6..abc2ff9a37012 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -8,7 +8,7 @@ , mpfr , config , enableCuda ? config.cudaSupport -, cudatoolkit +, cudaPackages }: stdenv.mkDerivation rec { @@ -25,7 +25,11 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ - ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames; + ] ++ lib.optionals stdenv.isDarwin [ + fixDarwinDylibNames + ] ++ lib.optionals enableCuda [ + cudaPackages.cuda_nvcc + ]; # Use compatible indexing for lapack and blas used buildInputs = assert (blas.isILP64 == lapack.isILP64); [ @@ -34,7 +38,12 @@ stdenv.mkDerivation rec { gfortran.cc.lib gmp mpfr - ] ++ lib.optional enableCuda cudatoolkit; + ] ++ lib.optionals enableCuda [ + cudaPackages.cuda_cudart.dev + cudaPackages.cuda_cudart.lib + cudaPackages.libcublas.dev + cudaPackages.libcublas.lib + ]; preConfigure = '' # Mongoose and GraphBLAS are packaged separately @@ -49,9 +58,9 @@ stdenv.mkDerivation rec { ] ++ lib.optionals blas.isILP64 [ "CFLAGS=-DBLAS64" ] ++ lib.optionals enableCuda [ - "CUDA_PATH=${cudatoolkit}" - "CUDART_LIB=${cudatoolkit.lib}/lib/libcudart.so" - "CUBLAS_LIB=${cudatoolkit}/lib/libcublas.so" + "CUDA_PATH=${cudaPackages.cuda_nvcc}" + "CUDART_LIB=${cudaPackages.cuda_cudart.lib}/lib/libcudart.so" + "CUBLAS_LIB=${cudaPackages.libcublas.lib}/lib/libcublas.so" ] ++ lib.optionals stdenv.isDarwin [ # Unless these are set, the build will attempt to use `Accelerate` on darwin, see: # https://github.com/DrTimothyAldenDavis/SuiteSparse/blob/v5.13.0/SuiteSparse_config/SuiteSparse_config.mk#L368 From 0551e854d94e6c466d46e084757ed1c068b78511 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Fri, 24 Nov 2023 13:47:03 +0000 Subject: [PATCH 048/124] cudaPackagesGoogle: init, a package-set for jax and tf (cherry picked from commit 5bda2ec626a4107f8adc3a7e58c16c0594c40d2c) --- pkgs/development/python-modules/jaxlib/bin.nix | 8 ++++---- .../python-modules/jaxlib/default.nix | 4 ++-- .../python-modules/tensorflow/bin.nix | 6 +++--- .../python-modules/tensorflow/default.nix | 16 ++++++++-------- pkgs/top-level/all-packages.nix | 4 ++++ pkgs/top-level/python-packages.nix | 1 - 6 files changed, 21 insertions(+), 18 deletions(-) diff --git a/pkgs/development/python-modules/jaxlib/bin.nix b/pkgs/development/python-modules/jaxlib/bin.nix index d80cbc2a60183..e35b4759bd64f 100644 --- a/pkgs/development/python-modules/jaxlib/bin.nix +++ b/pkgs/development/python-modules/jaxlib/bin.nix @@ -29,11 +29,11 @@ , stdenv # Options: , cudaSupport ? config.cudaSupport -, cudaPackages ? {} +, cudaPackagesGoogle }: let - inherit (cudaPackages) cudatoolkit cudnn; + inherit (cudaPackagesGoogle) cudatoolkit cudnn; version = "0.4.20"; @@ -210,8 +210,8 @@ buildPythonPackage { maintainers = with maintainers; [ samuela ]; platforms = [ "aarch64-darwin" "x86_64-linux" "x86_64-darwin" ]; broken = - !(cudaSupport -> (cudaPackages ? cudatoolkit) && lib.versionAtLeast cudatoolkit.version "11.1") - || !(cudaSupport -> (cudaPackages ? cudnn) && lib.versionAtLeast cudnn.version "8.2") + !(cudaSupport -> (cudaPackagesGoogle ? cudatoolkit) && lib.versionAtLeast cudatoolkit.version "11.1") + || !(cudaSupport -> (cudaPackagesGoogle ? cudnn) && lib.versionAtLeast cudnn.version "8.2") || !(cudaSupport -> stdenv.isLinux); }; } diff --git a/pkgs/development/python-modules/jaxlib/default.nix b/pkgs/development/python-modules/jaxlib/default.nix index c70ab0ac2b327..a04d6973ca4be 100644 --- a/pkgs/development/python-modules/jaxlib/default.nix +++ b/pkgs/development/python-modules/jaxlib/default.nix @@ -44,14 +44,14 @@ , config # CUDA flags: , cudaSupport ? config.cudaSupport -, cudaPackages ? {} +, cudaPackagesGoogle # MKL: , mklSupport ? true }: let - inherit (cudaPackages) backendStdenv cudatoolkit cudaFlags cudnn nccl; + inherit (cudaPackagesGoogle) backendStdenv cudatoolkit cudaFlags cudnn nccl; pname = "jaxlib"; version = "0.4.20"; diff --git a/pkgs/development/python-modules/tensorflow/bin.nix b/pkgs/development/python-modules/tensorflow/bin.nix index dae6816a906c3..ac5bb7edf1a54 100644 --- a/pkgs/development/python-modules/tensorflow/bin.nix +++ b/pkgs/development/python-modules/tensorflow/bin.nix @@ -22,7 +22,7 @@ , tensorboard , config , cudaSupport ? config.cudaSupport -, cudaPackages ? {} +, cudaPackagesGoogle , zlib , python , keras-applications @@ -43,7 +43,7 @@ assert ! (stdenv.isDarwin && cudaSupport); let packages = import ./binary-hashes.nix; - inherit (cudaPackages) cudatoolkit cudnn; + inherit (cudaPackagesGoogle) cudatoolkit cudnn; in buildPythonPackage { pname = "tensorflow" + lib.optionalString cudaSupport "-gpu"; inherit (packages) version; @@ -198,7 +198,7 @@ in buildPythonPackage { ]; passthru = { - inherit cudaPackages; + cudaPackages = cudaPackagesGoogle; }; meta = with lib; { diff --git a/pkgs/development/python-modules/tensorflow/default.nix b/pkgs/development/python-modules/tensorflow/default.nix index c8e292e316744..be8b26f3d0e99 100644 --- a/pkgs/development/python-modules/tensorflow/default.nix +++ b/pkgs/development/python-modules/tensorflow/default.nix @@ -19,8 +19,8 @@ # https://groups.google.com/a/tensorflow.org/forum/#!topic/developers/iRCt5m4qUz0 , config , cudaSupport ? config.cudaSupport -, cudaPackages ? { } -, cudaCapabilities ? cudaPackages.cudaFlags.cudaCapabilities +, cudaPackagesGoogle +, cudaCapabilities ? cudaPackagesGoogle.cudaFlags.cudaCapabilities , mklSupport ? false, mkl , tensorboardSupport ? true # XLA without CUDA is broken @@ -50,15 +50,15 @@ let # __ZN4llvm11SmallPtrSetIPKNS_10AllocaInstELj8EED1Ev in any of the # translation units, so the build fails at link time stdenv = - if cudaSupport then cudaPackages.backendStdenv + if cudaSupport then cudaPackagesGoogle.backendStdenv else if originalStdenv.isDarwin then llvmPackages_11.stdenv else originalStdenv; - inherit (cudaPackages) cudatoolkit nccl; + inherit (cudaPackagesGoogle) cudatoolkit nccl; # use compatible cuDNN (https://www.tensorflow.org/install/source#gpu) # cudaPackages.cudnn led to this: # https://github.com/tensorflow/tensorflow/issues/60398 cudnnAttribute = "cudnn_8_6"; - cudnn = cudaPackages.${cudnnAttribute}; + cudnn = cudaPackagesGoogle.${cudnnAttribute}; gentoo-patches = fetchzip { url = "https://dev.gentoo.org/~perfinion/patches/tensorflow-patches-2.12.0.tar.bz2"; hash = "sha256-SCRX/5/zML7LmKEPJkcM5Tebez9vv/gmE4xhT/jyqWs="; @@ -486,8 +486,8 @@ let broken = stdenv.isDarwin || !(xlaSupport -> cudaSupport) - || !(cudaSupport -> builtins.hasAttr cudnnAttribute cudaPackages) - || !(cudaSupport -> cudaPackages ? cudatoolkit); + || !(cudaSupport -> builtins.hasAttr cudnnAttribute cudaPackagesGoogle) + || !(cudaSupport -> cudaPackagesGoogle ? cudatoolkit); } // lib.optionalAttrs stdenv.isDarwin { timeout = 86400; # 24 hours maxSilent = 14400; # 4h, double the default of 7200s @@ -590,7 +590,7 @@ in buildPythonPackage { # Regression test for #77626 removed because not more `tensorflow.contrib`. passthru = { - inherit cudaPackages; + cudaPackages = cudaPackagesGoogle; deps = bazel-build.deps; libtensorflow = bazel-build.out; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d908c937e50f3..4aef78c94d437 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7324,6 +7324,10 @@ with pkgs; cudaPackages_12_2 = callPackage ./cuda-packages.nix { cudaVersion = "12.2"; }; cudaPackages_12 = cudaPackages_12_0; + # Use the older cudaPackages for tensorflow and jax, as determined by cudnn + # compatibility: https://www.tensorflow.org/install/source#gpu + cudaPackagesGoogle = cudaPackages_11; + # TODO: try upgrading once there is a cuDNN release supporting CUDA 12. No # such cuDNN release as of 2023-01-10. cudaPackages = recurseIntoAttrs cudaPackages_11; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 2cc25bf403520..5e59a1fb3942e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13828,7 +13828,6 @@ self: super: with self; { callPackage ../development/python-modules/tensorflow { inherit (pkgs.darwin) cctools; inherit (pkgs.config) cudaSupport; - inherit (self.tensorflow-bin) cudaPackages; inherit (pkgs.darwin.apple_sdk.frameworks) Foundation Security; flatbuffers-core = pkgs.flatbuffers; flatbuffers-python = self.flatbuffers; From b774fda5b01d4e25c81e91f1df9447db4356c404 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Fri, 24 Nov 2023 22:46:28 +0000 Subject: [PATCH 049/124] tensorrt: dont break eval for unrelated packages (cherry picked from commit 3ee37e4356ef08d0a4b872e76031983288e40a80) --- .../science/math/tensorrt/extension.nix | 28 +++++++++++++++---- .../science/math/tensorrt/generic.nix | 15 ++++++---- pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 32 insertions(+), 13 deletions(-) diff --git a/pkgs/development/libraries/science/math/tensorrt/extension.nix b/pkgs/development/libraries/science/math/tensorrt/extension.nix index c6596dbaacde1..5ffa3910f1e5c 100644 --- a/pkgs/development/libraries/science/math/tensorrt/extension.nix +++ b/pkgs/development/libraries/science/math/tensorrt/extension.nix @@ -17,16 +17,32 @@ final: prev: let isSupported = fileData: elem cudaVersion fileData.supportedCudaVersions; # Return the first file that is supported. In practice there should only ever be one anyway. supportedFile = files: findFirst isSupported null files; - # Supported versions with versions as keys and file as value - supportedVersions = filterAttrs (version: file: file !=null ) (mapAttrs (version: files: supportedFile files) tensorRTVersions); + # Compute versioned attribute name to be used in this package set computeName = version: "tensorrt_${toUnderscore version}"; + + # Supported versions with versions as keys and file as value + supportedVersions = lib.recursiveUpdate + { + tensorrt = { + enable = false; + fileVersionCuda = null; + fileVersionCudnn = null; + fullVersion = "0.0.0"; + sha256 = null; + tarball = null; + supportedCudaVersions = [ ]; + }; + } + (mapAttrs' (version: attrs: nameValuePair (computeName version) attrs) + (filterAttrs (version: file: file != null) (mapAttrs (version: files: supportedFile files) tensorRTVersions))); + # Add all supported builds as attributes - allBuilds = mapAttrs' (version: file: nameValuePair (computeName version) (buildTensorRTPackage (removeAttrs file ["fileVersionCuda"]))) supportedVersions; + allBuilds = mapAttrs (name: file: buildTensorRTPackage (removeAttrs file ["fileVersionCuda"])) supportedVersions; + # Set the default attributes, e.g. tensorrt = tensorrt_8_4; - defaultBuild = { "tensorrt" = if allBuilds ? ${computeName tensorRTDefaultVersion} - then allBuilds.${computeName tensorRTDefaultVersion} - else throw "tensorrt-${tensorRTDefaultVersion} does not support your cuda version ${cudaVersion}"; }; + defaultName = computeName tensorRTDefaultVersion; + defaultBuild = lib.optionalAttrs (allBuilds ? ${defaultName}) { tensorrt = allBuilds.${computeName tensorRTDefaultVersion}; }; in { inherit buildTensorRTPackage; } // allBuilds // defaultBuild; diff --git a/pkgs/development/libraries/science/math/tensorrt/generic.nix b/pkgs/development/libraries/science/math/tensorrt/generic.nix index 165c6f356da89..2bcdd8e588cf0 100644 --- a/pkgs/development/libraries/science/math/tensorrt/generic.nix +++ b/pkgs/development/libraries/science/math/tensorrt/generic.nix @@ -8,20 +8,22 @@ , cudnn }: -{ fullVersion +{ enable ? true +, fullVersion , fileVersionCudnn ? null , tarball , sha256 , supportedCudaVersions ? [ ] }: -assert fileVersionCudnn == null || lib.assertMsg (lib.strings.versionAtLeast cudnn.version fileVersionCudnn) +assert !enable || fileVersionCudnn == null || lib.assertMsg (lib.strings.versionAtLeast cudnn.version fileVersionCudnn) "This version of TensorRT requires at least cuDNN ${fileVersionCudnn} (current version is ${cudnn.version})"; backendStdenv.mkDerivation rec { pname = "cudatoolkit-${cudatoolkit.majorVersion}-tensorrt"; version = fullVersion; - src = requireFile rec { + src = if !enable then null else + requireFile rec { name = tarball; inherit sha256; message = '' @@ -38,13 +40,13 @@ backendStdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - nativeBuildInputs = [ + nativeBuildInputs = lib.optionals enable [ autoPatchelfHook autoAddOpenGLRunpathHook ]; # Used by autoPatchelfHook - buildInputs = [ + buildInputs = lib.optionals enable [ backendStdenv.cc.cc.lib # libstdc++ cudatoolkit cudnn @@ -75,6 +77,7 @@ backendStdenv.mkDerivation rec { ''; passthru.stdenv = backendStdenv; + passthru.enable = enable; meta = with lib; { # Check that the cudatoolkit version satisfies our min/max constraints (both @@ -82,7 +85,7 @@ backendStdenv.mkDerivation rec { # official version constraints (as recorded in default.nix). In some cases # you _may_ be able to smudge version constraints, just know that you're # embarking into unknown and unsupported territory when doing so. - broken = !(elem cudaVersion supportedCudaVersions); + broken = !enable || !(elem cudaVersion supportedCudaVersions); description = "TensorRT: a high-performance deep learning interface"; homepage = "https://developer.nvidia.com/tensorrt"; license = licenses.unfree; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 5e59a1fb3942e..ef6bc8dfacba6 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13860,7 +13860,7 @@ self: super: with self; { tensorly = callPackage ../development/python-modules/tensorly { }; - tensorrt = callPackage ../development/python-modules/tensorrt { }; + tensorrt = callPackage ../development/python-modules/tensorrt { cudaPackages = pkgs.cudaPackages_11; }; tensorstore = callPackage ../development/python-modules/tensorstore { }; From 32b15d38aa669d8362d746a699b90846f295b712 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 14:46:41 +0000 Subject: [PATCH 050/124] blender: drop cudatoolkit.runfile (cherry picked from commit 238138417344ba277e80ed451ce5f80f47dd86f2) --- pkgs/applications/misc/blender/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix index 24ea7287160b7..bdfd867f55675 100644 --- a/pkgs/applications/misc/blender/default.nix +++ b/pkgs/applications/misc/blender/default.nix @@ -52,7 +52,10 @@ stdenv.mkDerivation (finalAttrs: rec { nativeBuildInputs = [ cmake makeWrapper python310Packages.wrapPython llvmPackages.llvm.dev ] - ++ lib.optionals cudaSupport [ addOpenGLRunpath ] + ++ lib.optionals cudaSupport [ + addOpenGLRunpath + cudaPackages.cuda_nvcc + ] ++ lib.optionals waylandSupport [ pkg-config ]; buildInputs = [ boost ffmpeg gettext glew ilmbase @@ -87,7 +90,7 @@ stdenv.mkDerivation (finalAttrs: rec { llvmPackages.openmp SDL Cocoa CoreGraphics ForceFeedback OpenAL OpenGL ]) ++ lib.optional jackaudioSupport libjack2 - ++ lib.optional cudaSupport cudaPackages.cudatoolkit + ++ lib.optionals cudaSupport [ cudaPackages.cuda_cudart ] ++ lib.optional colladaSupport opencollada ++ lib.optional spaceNavSupport libspnav; pythonPath = with python310Packages; [ numpy requests zstandard ]; From 65f38d5fdfcd99aad7536b59901c7768d3e8a997 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 15:19:17 +0000 Subject: [PATCH 051/124] catboost: downgrade to cudaPackages_11 because of unsupported architectures (compute_35) (cherry picked from commit 5c2a368f87f0f3b0585255aaa5a2d1547da4c29c) --- pkgs/top-level/all-packages.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4aef78c94d437..cd0a3eb17de16 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20806,6 +20806,9 @@ with pkgs; # catboost requires clang 12+ for build # after bumping the default version of llvm, check for compatibility with the cuda backend and pin it. inherit (llvmPackages_12) stdenv; + + # https://github.com/catboost/catboost/issues/2540 + cudaPackages = cudaPackages_11; }; ndn-cxx = callPackage ../development/libraries/ndn-cxx { }; From 1c3e40cd302af5622c3323e60496944e02545d11 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 15:42:46 +0000 Subject: [PATCH 052/124] ctranslate2: fix the cuda 12 build (cherry picked from commit 361d7da37f7bb945a026cb15dcb5ec548bf87e95) --- pkgs/development/libraries/ctranslate2/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/ctranslate2/default.nix b/pkgs/development/libraries/ctranslate2/default.nix index 722672d3a46b6..fa812432bd7ce 100644 --- a/pkgs/development/libraries/ctranslate2/default.nix +++ b/pkgs/development/libraries/ctranslate2/default.nix @@ -57,6 +57,7 @@ stdenv.mkDerivation rec { buildInputs = lib.optionals withMkl [ mkl ] ++ lib.optionals withCUDA [ + cudaPackages.cuda_cccl # required by the fp16 headers in cudart cudaPackages.cuda_cudart cudaPackages.libcublas cudaPackages.libcurand From 7532a0663fde1c5a9065e16af1c76f2f06b08566 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 17:35:08 +0000 Subject: [PATCH 053/124] cudaPackages.cuda_nvcc: fix (getExe cuda_nvcc) (cherry picked from commit 6c63202052bb23151ca77b613357c790c5542e42) --- pkgs/development/compilers/cudatoolkit/redist/overrides.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix index a0ac0b0fcb1fb..5cc560fa0fd22 100644 --- a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix +++ b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix @@ -51,7 +51,7 @@ in ] ); - cuda_nvcc = prev.cuda_nvcc.overrideAttrs (_: { + cuda_nvcc = prev.cuda_nvcc.overrideAttrs (oldAttrs: { # Required by cmake's enable_language(CUDA) to build a test program # When implementing cross-compilation support: this is # final.pkgs.targetPackages.cudaPackages.cuda_cudart @@ -82,6 +82,10 @@ in depsTargetTargetPropagated = [ final.setupCudaHook ]; + + meta = (oldAttrs.meta or { }) // { + mainProgram = "nvcc"; + }; }); cuda_nvprof = prev.cuda_nvprof.overrideAttrs (oldAttrs: { From ea94f71f50c2311ce9b9dd41ce4e12792b95834c Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 17:36:26 +0000 Subject: [PATCH 054/124] cudaPackages_12.cutensor: init and fix (cherry picked from commit 0dc161b2f806aa3d9dd7bee4f3dbb5289bc98eeb) --- .../science/math/cutensor/generic.nix | 29 ++++++++++++++----- pkgs/top-level/cuda-packages.nix | 15 +++++++++- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/science/math/cutensor/generic.nix b/pkgs/development/libraries/science/math/cutensor/generic.nix index c957fcdd99d4e..02fe13851620b 100644 --- a/pkgs/development/libraries/science/math/cutensor/generic.nix +++ b/pkgs/development/libraries/science/math/cutensor/generic.nix @@ -1,7 +1,11 @@ { stdenv , lib , libPath +, cuda_cudart +, cudaMajorVersion +, cuda_nvcc , cudatoolkit +, libcublas , fetchurl , autoPatchelfHook , addOpenGLRunpath @@ -17,7 +21,7 @@ let in stdenv.mkDerivation { - pname = "cudatoolkit-${cudatoolkit.majorVersion}-cutensor"; + pname = "cutensor-cu${cudaMajorVersion}"; inherit version; src = fetchurl { @@ -32,20 +36,27 @@ stdenv.mkDerivation { nativeBuildInputs = [ autoPatchelfHook addOpenGLRunpath + cuda_nvcc ]; buildInputs = [ stdenv.cc.cc.lib - ]; - - propagatedBuildInputs = [ - cudatoolkit + cuda_cudart + libcublas ]; # Set RUNPATH so that libcuda in /run/opengl-driver(-32)/lib can be found. # See the explanation in addOpenGLRunpath. installPhase = '' mkdir -p "$out" "$dev" + + if [[ ! -d "${libPath}" ]] ; then + echo "Cutensor: ${libPath} does not exist, only found:" >&2 + find "$(dirname ${libPath})"/ -maxdepth 1 >&2 + echo "This cutensor release might not support your cudatoolkit version" >&2 + exit 1 + fi + mv include "$dev" mv ${libPath} "$out/lib" @@ -58,7 +69,7 @@ stdenv.mkDerivation { ''; passthru = { - inherit cudatoolkit; + cudatoolkit = lib.warn "cutensor.passthru: cudaPackages.cudatoolkit is deprecated" cudatoolkit; majorVersion = lib.versions.major version; }; @@ -66,7 +77,11 @@ stdenv.mkDerivation { description = "cuTENSOR: A High-Performance CUDA Library For Tensor Primitives"; homepage = "https://developer.nvidia.com/cutensor"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - license = licenses.unfree; + license = licenses.unfreeRedistributable // { + shortName = "cuTENSOR EULA"; + name = "cuTENSOR SUPPLEMENT TO SOFTWARE LICENSE AGREEMENT FOR NVIDIA SOFTWARE DEVELOPMENT KITS"; + url = "https://docs.nvidia.com/cuda/cutensor/license.html"; + }; platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ obsidian-systems-maintenance ]; }; diff --git a/pkgs/top-level/cuda-packages.nix b/pkgs/top-level/cuda-packages.nix index a2f49a98ccd53..3912422785bc4 100644 --- a/pkgs/top-level/cuda-packages.nix +++ b/pkgs/top-level/cuda-packages.nix @@ -24,6 +24,7 @@ let buildCuTensorPackage = final.callPackage ../development/libraries/science/math/cutensor/generic.nix; + # FIXME: Include non-x86_64 platforms cuTensorVersions = { "1.2.2.5" = { hash = "sha256-lU7iK4DWuC/U3s1Ct/rq2Gr3w4F2U7RYYgpmF05bibY="; @@ -31,12 +32,24 @@ let "1.5.0.3" = { hash = "sha256-T96+lPC6OTOkIs/z3QWg73oYVSyidN0SVkBWmT9VRx0="; }; + "2.0.0.7" = { + hash = "sha256-32M4rtGOW2rgxJUhBT0WBtKkHhh9f17M+RgK9rvE72g="; + }; }; inherit (final) cudaMajorMinorVersion cudaMajorVersion; + cudaToCutensor = { + "10" = "1.2.25"; + "11" = "1.5.0.3"; + "12" = "2.0.0.7"; + }; + + versionNewer = lib.flip lib.versionOlder; + latestVersion = (builtins.head (lib.sort versionNewer (builtins.attrNames cuTensorVersions))); + cutensor = buildCuTensorPackage rec { - version = if cudaMajorMinorVersion == "10.1" then "1.2.2.5" else "1.5.0.3"; + version = cudaToCutensor.${cudaMajorVersion} or latestVersion; inherit (cuTensorVersions.${version}) hash; # This can go into generic.nix libPath = "lib/${if cudaMajorVersion == "10" then cudaMajorMinorVersion else cudaMajorVersion}"; From 10a73aa0c74b3add81eb0cf6d847788bdb105711 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 17:36:57 +0000 Subject: [PATCH 055/124] python3Packages.cupy: fix (use older cutensor) (cherry picked from commit ee108108fcbe21999ecc1f36ac730c15376dc824) --- .../python-modules/cupy/default.nix | 46 +++++++++++++++---- pkgs/top-level/python-packages.nix | 3 +- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/pkgs/development/python-modules/cupy/default.nix b/pkgs/development/python-modules/cupy/default.nix index e5de149fca14a..71defbb99b985 100644 --- a/pkgs/development/python-modules/cupy/default.nix +++ b/pkgs/development/python-modules/cupy/default.nix @@ -11,11 +11,34 @@ , cudaPackages , addOpenGLRunpath , pythonOlder +, symlinkJoin }: let - inherit (cudaPackages) cudatoolkit cudnn cutensor nccl; -in buildPythonPackage rec { + inherit (cudaPackages) cudnn cutensor nccl; + cudatoolkit-joined = symlinkJoin { + name = "cudatoolkit-joined-${cudaPackages.cudaVersion}"; + paths = with cudaPackages; [ + cuda_cccl # + cuda_cccl.dev + cuda_cudart + cuda_nvcc.dev # + cuda_nvprof + cuda_nvrtc + cuda_nvtx + cuda_profiler_api + libcublas + libcufft + libcurand + libcusolver + libcusparse + + # Missing: + # cusparselt + ]; + }; +in +buildPythonPackage rec { pname = "cupy"; version = "12.2.0"; @@ -32,27 +55,32 @@ in buildPythonPackage rec { # very short builds and a few extremely long ones, so setting both ends up # working nicely in practice. preConfigure = '' - export CUDA_PATH=${cudatoolkit} export CUPY_NUM_BUILD_JOBS="$NIX_BUILD_CORES" export CUPY_NUM_NVCC_THREADS="$NIX_BUILD_CORES" ''; nativeBuildInputs = [ + setuptools + wheel addOpenGLRunpath cython + cudaPackages.cuda_nvcc ]; - LDFLAGS = "-L${cudatoolkit}/lib/stubs"; - - propagatedBuildInputs = [ - cudatoolkit + buildInputs = [ + cudatoolkit-joined cudnn cutensor nccl + ]; + + NVCC = "${lib.getExe cudaPackages.cuda_nvcc}"; # FIXME: splicing/buildPackages + CUDA_PATH = "${cudatoolkit-joined}"; + LDFLAGS = "-L${cudaPackages.cuda_cudart}/lib/stubs"; + + propagatedBuildInputs = [ fastrlock numpy - setuptools - wheel ]; nativeCheckInputs = [ diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index ef6bc8dfacba6..326f59a8a08a1 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2447,7 +2447,8 @@ self: super: with self; { cufflinks = callPackage ../development/python-modules/cufflinks { }; - cupy = callPackage ../development/python-modules/cupy { }; + # cupy 12.2.0 possibly incompatible with cutensor 2.0 that comes with cudaPackages_12 + cupy = callPackage ../development/python-modules/cupy { cudaPackages = pkgs.cudaPackages_11; }; curio = callPackage ../development/python-modules/curio { }; From 525df0e1acd0c2d7b042f4c53a268c0933d6967c Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 27 Nov 2023 17:50:09 +0000 Subject: [PATCH 056/124] ucx: fix the cudaPackages_12 variant; drop the cudatoolkit runfile dependency (cherry picked from commit 58819d631edc8ffa5658ef025e1b1c04903cc43f) --- pkgs/development/libraries/ucx/default.nix | 32 ++++++++++++++-------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/pkgs/development/libraries/ucx/default.nix b/pkgs/development/libraries/ucx/default.nix index 627cac56bb737..3b923d8efdd2a 100644 --- a/pkgs/development/libraries/ucx/default.nix +++ b/pkgs/development/libraries/ucx/default.nix @@ -2,18 +2,12 @@ , rdma-core, libbfd, libiberty, perl, zlib, symlinkJoin, pkg-config , config , enableCuda ? config.cudaSupport -, cudatoolkit +, cudaPackages , enableRocm ? config.rocmSupport , rocmPackages }: let - # Needed for configure to find all libraries - cudatoolkit' = symlinkJoin { - inherit (cudatoolkit) name meta; - paths = [ cudatoolkit cudatoolkit.lib ]; - }; - rocmList = with rocmPackages; [ rocm-core rocm-runtime rocm-device-libs clr ]; rocm = symlinkJoin { @@ -35,7 +29,15 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "dev" ]; - nativeBuildInputs = [ autoreconfHook doxygen pkg-config ]; + nativeBuildInputs = [ + autoreconfHook + doxygen + pkg-config + ] + ++ lib.optionals enableCuda [ + cudaPackages.cuda_nvcc + cudaPackages.autoAddOpenGLRunpathHook + ]; buildInputs = [ libbfd @@ -44,8 +46,16 @@ stdenv.mkDerivation rec { perl rdma-core zlib - ] ++ lib.optional enableCuda cudatoolkit - ++ lib.optionals enableRocm rocmList; + ] ++ lib.optionals enableCuda [ + cudaPackages.cuda_cudart + cudaPackages.cuda_nvml_dev + + ] ++ lib.optionals enableRocm rocmList; + + LDFLAGS = lib.optionals enableCuda [ + # Fake libnvidia-ml.so (the real one is deployed impurely) + "-L${cudaPackages.cuda_nvml_dev}/lib/stubs" + ]; configureFlags = [ "--with-rdmacm=${lib.getDev rdma-core}" @@ -53,7 +63,7 @@ stdenv.mkDerivation rec { "--with-rc" "--with-dm" "--with-verbs=${lib.getDev rdma-core}" - ] ++ lib.optional enableCuda "--with-cuda=${cudatoolkit'}" + ] ++ lib.optionals enableCuda [ "--with-cuda=${cudaPackages.cuda_cudart}" ] ++ lib.optional enableRocm "--with-rocm=${rocm}"; postInstall = '' From 9bf80c5f21c9999811ab4306b9bb1fff713a6ab5 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 28 Nov 2023 00:12:07 +0000 Subject: [PATCH 057/124] gromacs: drop cudatoolkit.run (cherry picked from commit 31f1b517cdea429dc7a6c212ca650ea184c75a93) --- .../molecular-dynamics/gromacs/default.nix | 34 ++++++++++++++++--- pkgs/development/libraries/hwloc/default.nix | 5 +-- pkgs/top-level/all-packages.nix | 1 - 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/science/molecular-dynamics/gromacs/default.nix b/pkgs/applications/science/molecular-dynamics/gromacs/default.nix index 2ca47d812bbfe..429376b72d912 100644 --- a/pkgs/applications/science/molecular-dynamics/gromacs/default.nix +++ b/pkgs/applications/science/molecular-dynamics/gromacs/default.nix @@ -1,4 +1,14 @@ -{ lib, stdenv, fetchurl, cmake, hwloc, fftw, perl, blas, lapack, mpi, cudatoolkit +{ lib +, stdenv +, fetchurl +, cmake +, hwloc +, fftw +, perl +, blas +, lapack +, mpi +, cudaPackages , singlePrec ? true , config , enableMpi ? false @@ -7,6 +17,8 @@ }: let + inherit (cudaPackages.cudaFlags) cudaCapabilities dropDot; + # Select reasonable defaults for all major platforms # The possible values are defined in CMakeLists.txt: # AUTO None SSE2 SSE4.1 AVX_128_FMA AVX_256 AVX2_256 @@ -31,7 +43,9 @@ in stdenv.mkDerivation rec { outputs = [ "out" "dev" "man" ]; - nativeBuildInputs = [ cmake ]; + nativeBuildInputs = + [ cmake ] + ++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ]; buildInputs = [ fftw @@ -40,13 +54,17 @@ in stdenv.mkDerivation rec { blas lapack ] ++ lib.optional enableMpi mpi - ++ lib.optional enableCuda cudatoolkit - ; + ++ lib.optionals enableCuda [ + cudaPackages.cuda_cudart + cudaPackages.libcufft + cudaPackages.cuda_profiler_api + ]; propagatedBuildInputs = lib.optional enableMpi mpi; propagatedUserEnvPkgs = lib.optional enableMpi mpi; cmakeFlags = [ + (lib.cmakeBool "GMX_HWLOC" true) "-DGMX_SIMD:STRING=${SIMD cpuAcceleration}" "-DGMX_OPENMP:BOOL=TRUE" "-DBUILD_SHARED_LIBS=ON" @@ -66,7 +84,13 @@ in stdenv.mkDerivation rec { else [ "-DGMX_MPI:BOOL=FALSE" ] - ) ++ lib.optional enableCuda "-DGMX_GPU=CUDA"; + ) ++ lib.optionals enableCuda [ + "-DGMX_GPU=CUDA" + (lib.cmakeFeature "CMAKE_CUDA_ARCHITECTURES" (builtins.concatStringsSep ";" (map dropDot cudaCapabilities))) + + # Gromacs seems to ignore and override the normal variables, so we add this ad hoc: + (lib.cmakeFeature "GMX_CUDA_TARGET_COMPUTE" (builtins.concatStringsSep ";" (map dropDot cudaCapabilities))) + ]; postInstall = '' moveToOutput share/cmake $dev diff --git a/pkgs/development/libraries/hwloc/default.nix b/pkgs/development/libraries/hwloc/default.nix index 67048167d6bfa..626d0b7cca949 100644 --- a/pkgs/development/libraries/hwloc/default.nix +++ b/pkgs/development/libraries/hwloc/default.nix @@ -22,12 +22,13 @@ stdenv.mkDerivation rec { ]; # XXX: libX11 is not directly needed, but needed as a propagated dep of Cairo. - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ pkg-config ] + ++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ]; buildInputs = [ expat ncurses ] ++ lib.optionals x11Support [ cairo libX11 ] ++ lib.optionals stdenv.isLinux [ numactl ] - ++ lib.optional enableCuda cudaPackages.cudatoolkit; + ++ lib.optionals enableCuda [ cudaPackages.cuda_cudart ]; # Since `libpci' appears in `hwloc.pc', it must be propagated. propagatedBuildInputs = lib.optional stdenv.isLinux pciutils; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cd0a3eb17de16..3236dd164d357 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -39486,7 +39486,6 @@ with pkgs; singlePrec = true; enableMpi = true; enableCuda = true; - cudatoolkit = cudatoolkit_11; fftw = fftwSinglePrec; }); From f89fab85e9ce60071c2468ca6ec242dd1d3c1201 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 28 Nov 2023 09:46:47 +0000 Subject: [PATCH 058/124] openvino: opencvConfig.cmake attempts to find_package(CUDA) (cherry picked from commit 0c4b1fcfba531c8f33b416583053df2582a6843e) --- pkgs/development/libraries/opencv/4.x.nix | 2 ++ pkgs/development/libraries/openvino/default.nix | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 06360449c1ba9..4c1b13d1309e0 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -476,6 +476,8 @@ effectiveStdenv.mkDerivation { ''; passthru = { + cudaSupport = enableCuda; + tests = { inherit (gst_all_1) gst-plugins-bad; } diff --git a/pkgs/development/libraries/openvino/default.nix b/pkgs/development/libraries/openvino/default.nix index b3809f0953641..5761f9e7bb645 100644 --- a/pkgs/development/libraries/openvino/default.nix +++ b/pkgs/development/libraries/openvino/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , fetchurl , substituteAll +, cudaSupport ? opencv.cudaSupport or false # build , addOpenGLRunpath @@ -21,6 +22,7 @@ , protobuf , pugixml , tbb +, cudaPackages }: let @@ -68,6 +70,8 @@ stdenv.mkDerivation rec { setuptools ])) shellcheck + ] ++ lib.optionals cudaSupport [ + cudaPackages.cuda_nvcc ]; patches = [ @@ -133,6 +137,8 @@ stdenv.mkDerivation rec { protobuf pugixml tbb + ] ++ lib.optionals cudaSupport [ + cudaPackages.cuda_cudart ]; enableParallelBuilding = true; From 8e6c3caa12f01296ce676df00a95cf0d85969c65 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 28 Nov 2023 10:32:22 +0000 Subject: [PATCH 059/124] nvidia-thrust: rm as deprecated The GitHub repo has been archived, the new thing is [cccl](https://github.com/nvidia/cccl) (cherry picked from commit 9cc210a7839f4e2aeb13bcadc96981daf8bc6501) --- .../libraries/nvidia-thrust/default.nix | 102 ------------------ .../libraries/science/math/faiss/default.nix | 7 -- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 11 -- 4 files changed, 1 insertion(+), 120 deletions(-) delete mode 100644 pkgs/development/libraries/nvidia-thrust/default.nix diff --git a/pkgs/development/libraries/nvidia-thrust/default.nix b/pkgs/development/libraries/nvidia-thrust/default.nix deleted file mode 100644 index f68b57f193b79..0000000000000 --- a/pkgs/development/libraries/nvidia-thrust/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib -, config -, fetchFromGitHub -, stdenv -, cmake -, pkg-config -, cudaPackages ? { } -, symlinkJoin -, tbb -, hostSystem ? "CPP" -, deviceSystem ? if config.cudaSupport then "CUDA" else "OMP" -}: - -# Policy for device_vector -assert builtins.elem deviceSystem [ - "CPP" # Serial on CPU - "OMP" # Parallel with OpenMP - "TBB" # Parallel with Intel TBB - "CUDA" # Parallel on GPU -]; - -# Policy for host_vector -# Always lives on CPU, but execution can be made parallel -assert builtins.elem hostSystem [ "CPP" "OMP" "TBB" ]; - -let - pname = "nvidia-thrust"; - version = "1.16.0"; - - inherit (cudaPackages) backendStdenv cudaFlags; - cudaCapabilities = map cudaFlags.dropDot cudaFlags.cudaCapabilities; - - tbbSupport = builtins.elem "TBB" [ deviceSystem hostSystem ]; - cudaSupport = deviceSystem == "CUDA"; - - # TODO: Would like to use this: - cudaJoined = symlinkJoin { - name = "cuda-packages-unsplit"; - paths = with cudaPackages; [ - cuda_nvcc - cuda_nvrtc # symbols: cudaLaunchDevice, &c; notice postBuild - cuda_cudart # cuda_runtime.h - libcublas - ]; - postBuild = '' - ln -s $out/lib $out/lib64 - ''; - }; -in -stdenv.mkDerivation { - inherit pname version; - - src = fetchFromGitHub { - owner = "NVIDIA"; - repo = "thrust"; - rev = version; - fetchSubmodules = true; - hash = "sha256-/EyznxWKuHuvHNjq+SQg27IaRbtkjXR2zlo2YgCWmUQ="; - }; - - # NVIDIA's "compiler hacks" seem like work-arounds for legacy toolchains and - # cause us errors such as: - # > Thrust's test harness uses CMAKE_CXX_COMPILER for the CUDA host compiler. - # > Refusing to overwrite specified CMAKE_CUDA_HOST_COMPILER - # So we un-fix cmake after them: - postPatch = '' - echo > cmake/ThrustCompilerHacks.cmake - ''; - - buildInputs = lib.optionals tbbSupport [ tbb ]; - - nativeBuildInputs = [ - cmake - pkg-config - ] ++ lib.optionals cudaSupport [ - # Goes in native build inputs because thrust looks for headers - # in a path relative to nvcc... - cudaJoined - ]; - - cmakeFlags = [ - "-DTHRUST_INCLUDE_CUB_CMAKE=${if cudaSupport then "ON" else "OFF"}" - "-DTHRUST_DEVICE_SYSTEM=${deviceSystem}" - "-DTHRUST_HOST_SYSTEM=${hostSystem}" - "-DTHRUST_AUTO_DETECT_COMPUTE_ARCHS=OFF" - "-DTHRUST_DISABLE_ARCH_BY_DEFAULT=ON" - ] ++ lib.optionals cudaFlags.enableForwardCompat [ - "-DTHRUST_ENABLE_COMPUTE_FUTURE=ON" - ] ++ map (sm: "THRUST_ENABLE_COMPUTE_${sm}") cudaCapabilities; - - passthru = { - inherit cudaSupport cudaPackages cudaJoined; - }; - - meta = with lib; { - description = "A high-level C++ parallel algorithms library that builds on top of CUDA, TBB, OpenMP, etc"; - homepage = "https://github.com/NVIDIA/thrust"; - license = licenses.asl20; - platforms = platforms.unix; - maintainers = with maintainers; [ SomeoneSerge ]; - }; -} diff --git a/pkgs/development/libraries/science/math/faiss/default.nix b/pkgs/development/libraries/science/math/faiss/default.nix index 21e6cbf858cd5..25ac539e05f28 100644 --- a/pkgs/development/libraries/science/math/faiss/default.nix +++ b/pkgs/development/libraries/science/math/faiss/default.nix @@ -6,8 +6,6 @@ , cmake , cudaPackages ? { } , cudaSupport ? config.cudaSupport -, nvidia-thrust -, useThrustSourceBuild ? true , pythonSupport ? true , pythonPackages , llvmPackages @@ -27,8 +25,6 @@ , runCommand }@inputs: -assert cudaSupport -> nvidia-thrust.cudaSupport; - let pname = "faiss"; version = "1.7.4"; @@ -44,9 +40,6 @@ let cuda_cudart # cuda_runtime.h libcublas libcurand - ] ++ lib.optionals useThrustSourceBuild [ - nvidia-thrust - ] ++ lib.optionals (!useThrustSourceBuild) [ cuda_cccl ] ++ lib.optionals (cudaPackages ? cuda_profiler_api) [ cuda_profiler_api # cuda_profiler_api.h diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 5d1ae513ce4ca..340850200686b 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -644,6 +644,7 @@ mapAliases ({ noto-fonts-cjk = noto-fonts-cjk-sans; # Added 2021-12-16 noto-fonts-emoji = noto-fonts-color-emoji; # Added 2023-09-09 noto-fonts-extra = noto-fonts; # Added 2023-04-08 + nvidia-thrust = throw "nvidia-thrust has been removed because the project was deprecated; use cudaPackages.cuda_cccl"; ### O ### diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3236dd164d357..aff9967296248 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11282,16 +11282,6 @@ with pkgs; nvfetcher = haskell.lib.compose.justStaticExecutables haskellPackages.nvfetcher; - nvidia-thrust = callPackage ../development/libraries/nvidia-thrust { }; - - nvidia-thrust-intel = callPackage ../development/libraries/nvidia-thrust { - hostSystem = "TBB"; - deviceSystem = if config.cudaSupport then "CUDA" else "TBB"; - }; - - nvidia-thrust-cuda = callPackage ../development/libraries/nvidia-thrust { - deviceSystem = "CUDA"; - }; miller = callPackage ../tools/text/miller { }; @@ -40025,7 +40015,6 @@ with pkgs; faissWithCuda = faiss.override { cudaSupport = true; - nvidia-thrust = nvidia-thrust-cuda; }; fityk = callPackage ../applications/science/misc/fityk { }; From e1ec7475d451e05315d6d4bf6564d58fd22781ee Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sun, 3 Dec 2023 21:03:57 +0000 Subject: [PATCH 060/124] ucc: drop the cudatoolkit runfile (cherry picked from commit 3e37f3c9836da7cf6dd2c3d66a442cd8c74113b3) --- pkgs/development/libraries/ucc/default.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/ucc/default.nix b/pkgs/development/libraries/ucc/default.nix index a92c6bea37d70..a6e7e7710a97b 100644 --- a/pkgs/development/libraries/ucc/default.nix +++ b/pkgs/development/libraries/ucc/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchFromGitHub, libtool, automake, autoconf, ucx , config , enableCuda ? config.cudaSupport -, cudatoolkit +, cudaPackages , enableAvx ? stdenv.hostPlatform.avxSupport , enableSse41 ? stdenv.hostPlatform.sse4_1Support , enableSse42 ? stdenv.hostPlatform.sse4_2Support @@ -30,19 +30,23 @@ stdenv.mkDerivation rec { done ''; + nativeBuildInputs = [ libtool automake autoconf ] + ++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ]; + buildInputs = [ ucx ] + ++ lib.optionals enableCuda [ + cudaPackages.cuda_cccl + cudaPackages.cuda_cudart + ]; + + preConfigure = '' ./autogen.sh ''; - - nativeBuildInputs = [ libtool automake autoconf ]; - buildInputs = [ ucx ] - ++ lib.optional enableCuda cudatoolkit; - configureFlags = [ ] ++ lib.optional enableSse41 "--with-sse41" ++ lib.optional enableSse42 "--with-sse42" ++ lib.optional enableAvx "--with-avx" - ++ lib.optional enableCuda "--with-cuda=${cudatoolkit}"; + ++ lib.optional enableCuda "--with-cuda=${cudaPackages.cuda_cudart}"; postInstall = '' find $out/lib/ -name "*.la" -exec rm -f \{} \; From 6cc7ef30c376164e1a8425d148917bbcd89c30a3 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sun, 3 Dec 2023 21:04:11 +0000 Subject: [PATCH 061/124] ucc: respect cudaFlags (cherry picked from commit 0f047c2372f2ebfaf67fad4aaacc131f5d879583) --- pkgs/development/libraries/ucc/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/ucc/default.nix b/pkgs/development/libraries/ucc/default.nix index a6e7e7710a97b..68f358b3d3deb 100644 --- a/pkgs/development/libraries/ucc/default.nix +++ b/pkgs/development/libraries/ucc/default.nix @@ -41,6 +41,8 @@ stdenv.mkDerivation rec { preConfigure = '' ./autogen.sh + '' + lib.optionalString enableCuda '' + configureFlagsArray+=( "--with-nvcc-gencode=${builtins.concatStringsSep " " cudaPackages.cudaFlags.gencode}" ) ''; configureFlags = [ ] ++ lib.optional enableSse41 "--with-sse41" From f49ae138ef8eb3b91ed0c11da9e0bad4f468fe22 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sun, 3 Dec 2023 21:06:03 +0000 Subject: [PATCH 062/124] openmpi: drop the cudatoolkit runfile (cherry picked from commit 4c6d2b81cf4dd94398a6fc5b3727c685b439f4b3) --- pkgs/development/libraries/openmpi/default.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/openmpi/default.nix b/pkgs/development/libraries/openmpi/default.nix index 1c4955e2c51a4..a8bd8acacd595 100644 --- a/pkgs/development/libraries/openmpi/default.nix +++ b/pkgs/development/libraries/openmpi/default.nix @@ -3,7 +3,7 @@ , libpsm2, libfabric, pmix, ucx, ucc , config # Enable CUDA support -, cudaSupport ? config.cudaSupport, cudatoolkit +, cudaSupport ? config.cudaSupport, cudaPackages # Enable the Sun Grid Engine bindings , enableSGE ? false @@ -18,12 +18,7 @@ , fortranSupport ? true }: -let - cudatoolkit_joined = symlinkJoin { - name = "${cudatoolkit.name}-unsplit"; - paths = [ cudatoolkit.out cudatoolkit.lib ]; - }; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "openmpi"; version = "4.1.6"; @@ -47,12 +42,13 @@ in stdenv.mkDerivation rec { buildInputs = [ zlib ] ++ lib.optionals stdenv.isLinux [ libnl numactl pmix ucx ucc ] - ++ lib.optionals cudaSupport [ cudatoolkit ] + ++ lib.optionals cudaSupport [ cudaPackages.cuda_cudart ] ++ [ libevent hwloc ] ++ lib.optional (stdenv.isLinux || stdenv.isFreeBSD) rdma-core ++ lib.optionals fabricSupport [ libpsm2 libfabric ]; nativeBuildInputs = [ perl ] + ++ lib.optionals cudaSupport [ cudaPackages.cuda_nvcc ] ++ lib.optionals fortranSupport [ gfortran ]; configureFlags = lib.optional (!cudaSupport) "--disable-mca-dso" @@ -67,7 +63,7 @@ in stdenv.mkDerivation rec { # TODO: add UCX support, which is recommended to use with cuda for the most robust OpenMPI build # https://github.com/openucx/ucx # https://www.open-mpi.org/faq/?category=buildcuda - ++ lib.optionals cudaSupport [ "--with-cuda=${cudatoolkit_joined}" "--enable-dlopen" ] + ++ lib.optionals cudaSupport [ "--with-cuda=${cudaPackages.cuda_cudart}" "--enable-dlopen" ] ++ lib.optionals fabricSupport [ "--with-psm2=${lib.getDev libpsm2}" "--with-libfabric=${lib.getDev libfabric}" ] ; @@ -98,7 +94,8 @@ in stdenv.mkDerivation rec { doCheck = true; passthru = { - inherit cudaSupport cudatoolkit; + inherit cudaSupport; + cudatoolkit = cudaPackages.cudatoolkit; # For backward compatibility only }; meta = with lib; { From 923ead9f7543985449ae7ee1354bc54a58498dff Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 11:54:16 +0000 Subject: [PATCH 063/124] python311Packages.torchWithCuda: drop cuda_cudart.static at runtime (cherry picked from commit 9d729f260d023569a20c4339776e6b442a9f588c) --- pkgs/development/python-modules/torch/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/torch/default.nix b/pkgs/development/python-modules/torch/default.nix index 5523a87b6b5e8..a00e15f0518b8 100644 --- a/pkgs/development/python-modules/torch/default.nix +++ b/pkgs/development/python-modules/torch/default.nix @@ -334,7 +334,8 @@ in buildPythonPackage rec { buildInputs = [ blas blas.provider ] ++ lib.optionals cudaSupport (with cudaPackages; [ cuda_cccl.dev # - cuda_cudart # cuda_runtime.h and libraries + cuda_cudart.dev # cuda_runtime.h and libraries + cuda_cudart.lib cuda_cupti.dev # For kineto cuda_cupti.lib # For kineto cuda_nvcc.dev # crt/host_config.h; even though we include this in nativeBuildinputs, it's needed here too From b93a4e259b5c1e5330e1403dda647330f27d7692 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 16:29:18 +0000 Subject: [PATCH 064/124] cudaPackages.setupCudaHook: fix cudart flags (cherry picked from commit a7891f2adaf409a95b2c0d8e373270993951e69d) --- .../compilers/cudatoolkit/extension.nix | 13 +++++++++++++ .../compilers/cudatoolkit/redist/overrides.nix | 16 ---------------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/pkgs/development/compilers/cudatoolkit/extension.nix b/pkgs/development/compilers/cudatoolkit/extension.nix index 93800a0dbc6b1..be482e2cc7992 100644 --- a/pkgs/development/compilers/cudatoolkit/extension.nix +++ b/pkgs/development/compilers/cudatoolkit/extension.nix @@ -54,11 +54,24 @@ final: prev: let { name = "setup-cuda-hook"; + # Point NVCC at a compatible compiler substitutions.ccRoot = "${backendStdenv.cc}"; # Required in addition to ccRoot as otherwise bin/gcc is looked up # when building CMakeCUDACompilerId.cu substitutions.ccFullPath = "${backendStdenv.cc}/bin/${backendStdenv.cc.targetPrefix}c++"; + + # Required by cmake's enable_language(CUDA) to build a test program + # When implementing cross-compilation support: this is + # final.pkgs.targetPackages.cudaPackages.cuda_cudart + # Given the multiple-outputs each CUDA redist has, we can specify the exact components we + # need from the package. CMake requires: + # - the cuda_runtime.h header, which is in the dev output + # - the dynamic library, which is in the lib output + # - the static library, which is in the static output + substitutions.cudartInclude = "${final.cuda_cudart.dev}"; + substitutions.cudartLib = "${final.cuda_cudart.lib}"; + substitutions.cudartStatic = "${final.cuda_cudart.static}"; } ./hooks/setup-cuda-hook.sh) { }); diff --git a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix index 5cc560fa0fd22..16b03b93b1db6 100644 --- a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix +++ b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix @@ -52,22 +52,6 @@ in ); cuda_nvcc = prev.cuda_nvcc.overrideAttrs (oldAttrs: { - # Required by cmake's enable_language(CUDA) to build a test program - # When implementing cross-compilation support: this is - # final.pkgs.targetPackages.cudaPackages.cuda_cudart - env = { - # Given the multiple-outputs each CUDA redist has, we can specify the exact components we - # need from the package. CMake requires: - # - the cuda_runtime.h header, which is in the dev output - # - the dynamic library, which is in the lib output - # - the static library, which is in the static output - cudartInclude = "${final.cuda_cudart.dev}"; - cudartLib = "${final.cuda_cudart.lib}"; - cudartStatic = "${final.cuda_cudart.static}"; - }; - - # Point NVCC at a compatible compiler - # Desiredata: whenever a package (e.g. magma) adds cuda_nvcc to # nativeBuildInputs (offsets `(-1, 0)`), magma should also source the # setupCudaHook, i.e. we want it the hook to be propagated into the From c5e5690513f4740adc520300e102856eb6e3c3a7 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 18:56:55 +0000 Subject: [PATCH 065/124] cudaPackages.setupCudaHook: rewrite cudartFlags, remove infinite recursion in cudatoolkit We don't need to add the extra nvcc flags to locate cudart when using cudatoolkit because it comes in the merged layout and nvcc doesn't have any trouble locating dependencies in the same prefix (cherry picked from commit 182e6b41d08d37c8eb817212b88b37b671abfb22) --- pkgs/development/compilers/cudatoolkit/extension.nix | 10 +++++++--- .../compilers/cudatoolkit/hooks/setup-cuda-hook.sh | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/pkgs/development/compilers/cudatoolkit/extension.nix b/pkgs/development/compilers/cudatoolkit/extension.nix index be482e2cc7992..d75d288f5577e 100644 --- a/pkgs/development/compilers/cudatoolkit/extension.nix +++ b/pkgs/development/compilers/cudatoolkit/extension.nix @@ -69,9 +69,13 @@ final: prev: let # - the cuda_runtime.h header, which is in the dev output # - the dynamic library, which is in the lib output # - the static library, which is in the static output - substitutions.cudartInclude = "${final.cuda_cudart.dev}"; - substitutions.cudartLib = "${final.cuda_cudart.lib}"; - substitutions.cudartStatic = "${final.cuda_cudart.static}"; + substitutions.cudartFlags = let cudart = final.cuda_cudart; in + builtins.concatStringsSep " " (final.lib.optionals (final ? cuda_cudart) ([ + "-I${final.lib.getDev cudart}/include" + "-L${final.lib.getLib cudart}/lib" + ] ++ final.lib.optionals (builtins.elem "static" cudart.outputs) [ + "-L${cudart.static}/lib" + ])); } ./hooks/setup-cuda-hook.sh) { }); diff --git a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh index 5ea57594211c4..0272e7938b9aa 100644 --- a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh +++ b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh @@ -55,8 +55,9 @@ setupCUDAToolkitCompilers() { # CMake's enable_language(CUDA) runs a compiler test and it doesn't account for # CUDAToolkit_ROOT. We have to help it locate libcudart - if [[ -z "${nvccDontPrependCudartFlags-}" ]] ; then - export NVCC_APPEND_FLAGS+=" -L@cudartLib@/lib -L@cudartStatic@/lib -I@cudartInclude@/include" + local cudartFlags="@cudartFlags@" + if [[ -z "${nvccDontPrependCudartFlags-}" ]] && [[ -n "${cudartFlags:-}" ]] ; then + export NVCC_APPEND_FLAGS+=" $cudartFlags" fi } From 94623d5a96bc9b02e776cfa66dfb92f4e806d1f4 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 20:36:52 +0000 Subject: [PATCH 066/124] cudaPackages_11_3.saxpy: fallback to the cudatoolkit runfile (cherry picked from commit e084a6c648fecd473ff6190a5acac3369b292530) --- .../compilers/cudatoolkit/saxpy/default.nix | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/pkgs/development/compilers/cudatoolkit/saxpy/default.nix b/pkgs/development/compilers/cudatoolkit/saxpy/default.nix index f347b43d1d11c..2da6da29004dc 100644 --- a/pkgs/development/compilers/cudatoolkit/saxpy/default.nix +++ b/pkgs/development/compilers/cudatoolkit/saxpy/default.nix @@ -1,12 +1,13 @@ { autoAddOpenGLRunpathHook , backendStdenv , cmake -, cuda_cccl -, cuda_cudart +, cuda_cccl ? null +, cuda_cudart ? null , cudaFlags -, cuda_nvcc +, cuda_nvcc ? null +, cudatoolkit ? null , lib -, libcublas +, libcublas ? null , setupCudaHook , stdenv }: @@ -17,23 +18,24 @@ backendStdenv.mkDerivation { src = ./.; - buildInputs = [ + buildInputs = lib.optionals (cuda_cudart != null) [ libcublas cuda_cudart cuda_cccl + ] ++ lib.optionals (cuda_cudart == null) [ + cudatoolkit ]; nativeBuildInputs = [ cmake - # NOTE: this needs to be pkgs.buildPackages.cudaPackages_XX_Y.cuda_nvcc for - # cross-compilation to work. This should work automatically once we move to - # spliced scopes. Delete this comment once that happens - cuda_nvcc - # Alternatively, we could remove the propagated hook from cuda_nvcc and add # directly: # setupCudaHook autoAddOpenGLRunpathHook + ] ++ lib.optionals (cuda_nvcc != null) [ + cuda_nvcc + ] ++ lib.optionals (cuda_nvcc == null) [ + cudatoolkit ]; cmakeFlags = [ From daafff2e5bfd927f183623fc918358bc13b0abd4 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 20:40:34 +0000 Subject: [PATCH 067/124] cudaPackages.cuda_nvcc: fix hook's offsets (-1, -1) -> (-1, 0) Cf. explanations in https://github.com/NixOS/nixpkgs/pull/271078 (cherry picked from commit d031523a012688079e3bef68abaab2f8c5d099af) --- .../compilers/cudatoolkit/redist/overrides.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix index 16b03b93b1db6..71e70e8d7b704 100644 --- a/pkgs/development/compilers/cudatoolkit/redist/overrides.nix +++ b/pkgs/development/compilers/cudatoolkit/redist/overrides.nix @@ -52,18 +52,7 @@ in ); cuda_nvcc = prev.cuda_nvcc.overrideAttrs (oldAttrs: { - # Desiredata: whenever a package (e.g. magma) adds cuda_nvcc to - # nativeBuildInputs (offsets `(-1, 0)`), magma should also source the - # setupCudaHook, i.e. we want it the hook to be propagated into the - # same nativeBuildInputs. - # - # Logically, cuda_nvcc should include the hook in depsHostHostPropagated, - # so that the final offsets for the propagated hook would be `(-1, 0) + - # (0, 0) = (-1, 0)`. - # - # In practice, TargetTarget appears to work: - # https://gist.github.com/fd80ff142cd25e64603618a3700e7f82 - depsTargetTargetPropagated = [ + propagatedBuildInputs = [ final.setupCudaHook ]; From a557b5004aa3360807ef2e5fd1ae3854a10ca8be Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Mon, 4 Dec 2023 20:47:11 +0000 Subject: [PATCH 068/124] cudaPackages.setupCudaHook: source only from nativeBuildInputs (cherry picked from commit 37ec2cb6b173c7d5b78ec704db533454f9bc84ba) --- .../development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh index 0272e7938b9aa..0fa8883081c50 100644 --- a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh +++ b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh @@ -1,5 +1,8 @@ # shellcheck shell=bash +# Only run the hook from nativeBuildInputs +(( "$hostOffset" == -1 && "$targetOffset" == 0)) || return 0 + echo Sourcing setup-cuda-hook >&2 extendCUDAToolkit_ROOT() { From a2bd1af51781e994605915d66f6be55cf1e0d190 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 5 Dec 2023 19:14:05 +0000 Subject: [PATCH 069/124] tiny-cuda-nn: cuda_cccl required with the newer cuda (cherry picked from commit b9635cfa4d659ca652ab4c400988d6c8b1e453c0) --- pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix b/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix index d046c6864539d..b613b112b2a85 100644 --- a/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix +++ b/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix @@ -15,6 +15,7 @@ cuda-common-redist = with cudaPackages; [ cuda_cudart # cuda_runtime.h + cuda_cccl.dev # libcublas # cublas_v2.h libcusolver # cusolverDn.h libcusparse # cusparse.h From ee3152687e30e227fe0d33e4ce3f45f8a88be309 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 5 Dec 2023 19:14:42 +0000 Subject: [PATCH 070/124] tiny-cuda-nn: prune runtime closure (cherry picked from commit 18a2e518cdcef0764cfd7a96c39fdc0e7874e9fd) --- .../libraries/science/math/tiny-cuda-nn/default.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix b/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix index b613b112b2a85..2036c4c86253b 100644 --- a/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix +++ b/pkgs/development/libraries/science/math/tiny-cuda-nn/default.nix @@ -14,11 +14,15 @@ inherit (cudaPackages) backendStdenv cudaFlags; cuda-common-redist = with cudaPackages; [ - cuda_cudart # cuda_runtime.h + cuda_cudart.dev # cuda_runtime.h + cuda_cudart.lib cuda_cccl.dev # - libcublas # cublas_v2.h - libcusolver # cusolverDn.h - libcusparse # cusparse.h + libcublas.dev # cublas_v2.h + libcublas.lib + libcusolver.dev # cusolverDn.h + libcusolver.lib + libcusparse.dev # cusparse.h + libcusparse.lib ]; cuda-native-redist = symlinkJoin { From 545055a600dc7537568e31d9668bc4e0faef06e2 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 00:33:01 +0000 Subject: [PATCH 071/124] cudaPackages.setupCudaHook: propagate buildInputs and self This is useful for the cuda variants of packages like opencv and pytorch, whose xxxxConfig.cmake files do find_package(CUDAToolkit REQUIRED) regardless of whether they actually use it. With the propagated hook, we no longer have to manually add cuda dependencies into torch/opencvs reverse dependencies cudaPackages.cuda_nvcc: fix setupCudaHook propagation (cherry picked from commit be9c779deba0e898802dd341a1ba9c04c4e9abe8) --- .../compilers/cudatoolkit/extension.nix | 20 +--- .../hooks/mark-for-cudatoolkit-root-hook.sh | 8 +- .../cudatoolkit/hooks/nvcc-setup-hook.sh | 5 - .../cudatoolkit/hooks/setup-cuda-hook.sh | 101 +++++++++++++++--- 4 files changed, 94 insertions(+), 40 deletions(-) delete mode 100644 pkgs/development/compilers/cudatoolkit/hooks/nvcc-setup-hook.sh diff --git a/pkgs/development/compilers/cudatoolkit/extension.nix b/pkgs/development/compilers/cudatoolkit/extension.nix index d75d288f5577e..016675fa07015 100644 --- a/pkgs/development/compilers/cudatoolkit/extension.nix +++ b/pkgs/development/compilers/cudatoolkit/extension.nix @@ -47,35 +47,21 @@ final: prev: let ./hooks/mark-for-cudatoolkit-root-hook.sh) { }); - # Normally propagated by cuda_nvcc or cudatoolkit through their depsHostHostPropagated + # Currently propagated by cuda_nvcc or cudatoolkit, rather than used directly setupCudaHook = (final.callPackage ({ makeSetupHook, backendStdenv }: makeSetupHook { name = "setup-cuda-hook"; + substitutions.setupCudaHook = placeholder "out"; + # Point NVCC at a compatible compiler substitutions.ccRoot = "${backendStdenv.cc}"; # Required in addition to ccRoot as otherwise bin/gcc is looked up # when building CMakeCUDACompilerId.cu substitutions.ccFullPath = "${backendStdenv.cc}/bin/${backendStdenv.cc.targetPrefix}c++"; - - # Required by cmake's enable_language(CUDA) to build a test program - # When implementing cross-compilation support: this is - # final.pkgs.targetPackages.cudaPackages.cuda_cudart - # Given the multiple-outputs each CUDA redist has, we can specify the exact components we - # need from the package. CMake requires: - # - the cuda_runtime.h header, which is in the dev output - # - the dynamic library, which is in the lib output - # - the static library, which is in the static output - substitutions.cudartFlags = let cudart = final.cuda_cudart; in - builtins.concatStringsSep " " (final.lib.optionals (final ? cuda_cudart) ([ - "-I${final.lib.getDev cudart}/include" - "-L${final.lib.getLib cudart}/lib" - ] ++ final.lib.optionals (builtins.elem "static" cudart.outputs) [ - "-L${cudart.static}/lib" - ])); } ./hooks/setup-cuda-hook.sh) { }); diff --git a/pkgs/development/compilers/cudatoolkit/hooks/mark-for-cudatoolkit-root-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/mark-for-cudatoolkit-root-hook.sh index 5c18760a3a2b0..ba04c2e0806af 100644 --- a/pkgs/development/compilers/cudatoolkit/hooks/mark-for-cudatoolkit-root-hook.sh +++ b/pkgs/development/compilers/cudatoolkit/hooks/mark-for-cudatoolkit-root-hook.sh @@ -1,8 +1,14 @@ # shellcheck shell=bash +# Should we mimick cc-wrapper's "hygiene"? +[[ -z ${strictDeps-} ]] || (( "$hostOffset" < 0 )) || return 0 + +echo "Sourcing mark-for-cudatoolkit-root-hook" >&2 + markForCUDAToolkit_ROOT() { mkdir -p "${prefix}/nix-support" - touch "${prefix}/nix-support/include-in-cudatoolkit-root" + [[ -f "${prefix}/nix-support/include-in-cudatoolkit-root" ]] && return + echo "$pname-$output" > "${prefix}/nix-support/include-in-cudatoolkit-root" } fixupOutputHooks+=(markForCUDAToolkit_ROOT) diff --git a/pkgs/development/compilers/cudatoolkit/hooks/nvcc-setup-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/nvcc-setup-hook.sh deleted file mode 100644 index e75a84a9550e7..0000000000000 --- a/pkgs/development/compilers/cudatoolkit/hooks/nvcc-setup-hook.sh +++ /dev/null @@ -1,5 +0,0 @@ -# shellcheck shell=bash - -# CMake's enable_language(CUDA) runs a compiler test and it doesn't account for -# CUDAToolkit_ROOT. We have to help it locate libcudart -export NVCC_APPEND_FLAGS+=" -L@cudartLib@/lib -L@cudartStatic@/lib -I@cudartInclude@/include" diff --git a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh index 0fa8883081c50..7b7b3bdde80e3 100644 --- a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh +++ b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh @@ -3,19 +3,57 @@ # Only run the hook from nativeBuildInputs (( "$hostOffset" == -1 && "$targetOffset" == 0)) || return 0 -echo Sourcing setup-cuda-hook >&2 +guard=Sourcing +reason= -extendCUDAToolkit_ROOT() { - if [[ -f "$1/nix-support/include-in-cudatoolkit-root" ]] ; then - addToSearchPathWithCustomDelimiter ";" CUDAToolkit_ROOT "$1" +[[ -n ${cudaSetupHookOnce-} ]] && guard=Skipping && reason=" because the hook has been propagated more than once" - if [[ -d "$1/include" ]] ; then - addToSearchPathWithCustomDelimiter ";" CUDAToolkit_INCLUDE_DIR "$1/include" - fi - fi +if (( "${NIX_DEBUG:-0}" >= 1 )) ; then + echo "$guard hostOffset=$hostOffset targetOffset=$targetOffset setupCudaHook$reason" >&2 +else + echo "$guard setup-cuda-hook$reason" >&2 +fi + +[[ "$guard" = Sourcing ]] || return 0 + +declare -g cudaSetupHookOnce=1 +declare -Ag cudaHostPathsSeen=() +declare -Ag cudaOutputToPath=() + +extendcudaHostPathsSeen() { + (( "${NIX_DEBUG:-0}" >= 1 )) && echo "extendcudaHostPathsSeen $1" >&2 + + local markerPath="$1/nix-support/include-in-cudatoolkit-root" + [[ ! -f "${markerPath}" ]] && return + [[ -v cudaHostPathsSeen[$1] ]] && return + + cudaHostPathsSeen["$1"]=1 + + # E.g. cuda_cudart-lib + local cudaOutputName + read -r cudaOutputName < "$markerPath" + + [[ -z "$cudaOutputName" ]] && return + + local oldPath="${cudaOutputToPath[$cudaOutputName]-}" + [[ -n "$oldPath" ]] && echo "extendcudaHostPathsSeen: warning: overwriting $cudaOutputName from $oldPath to $1" >&2 + cudaOutputToPath["$cudaOutputName"]="$1" } +addEnvHooks "$targetOffset" extendcudaHostPathsSeen + +setupCUDAToolkit_ROOT() { + (( "${NIX_DEBUG:-0}" >= 1 )) && echo "setupCUDAToolkit_ROOT: cudaHostPathsSeen=${!cudaHostPathsSeen[*]}" >&2 -addEnvHooks "$targetOffset" extendCUDAToolkit_ROOT + for path in "${!cudaHostPathsSeen[@]}" ; do + addToSearchPathWithCustomDelimiter ";" CUDAToolkit_ROOT "$path" + if [[ -d "$path/include" ]] ; then + addToSearchPathWithCustomDelimiter ";" CUDAToolkit_INCLUDE_DIR "$path/include" + fi + done + + export cmakeFlags+=" -DCUDAToolkit_INCLUDE_DIR=$CUDAToolkit_INCLUDE_DIR -DCUDAToolkit_ROOT=$CUDAToolkit_ROOT" +} +preConfigureHooks+=(setupCUDAToolkit_ROOT) setupCUDAToolkitCompilers() { echo Executing setupCUDAToolkitCompilers >&2 @@ -58,15 +96,44 @@ setupCUDAToolkitCompilers() { # CMake's enable_language(CUDA) runs a compiler test and it doesn't account for # CUDAToolkit_ROOT. We have to help it locate libcudart - local cudartFlags="@cudartFlags@" - if [[ -z "${nvccDontPrependCudartFlags-}" ]] && [[ -n "${cudartFlags:-}" ]] ; then - export NVCC_APPEND_FLAGS+=" $cudartFlags" + if [[ -z "${nvccDontPrependCudartFlags-}" ]] ; then + if [[ ! -v cudaOutputToPath["cuda_cudart-out"] ]] ; then + echo "setupCUDAToolkitCompilers: missing cudaPackages.cuda_cudart. This may become an an error in the future" >&2 + # exit 1 + fi + for pkg in "${!cudaOutputToPath[@]}" ; do + [[ ! "$pkg" = cuda_cudart* ]] && continue + + local path="${cudaOutputToPath[$pkg]}" + if [[ -d "$path/include" ]] ; then + export NVCC_PREPEND_FLAGS+=" -I$path/include" + fi + if [[ -d "$path/lib" ]] ; then + export NVCC_PREPEND_FLAGS+=" -L$path/lib" + fi + done fi } +preConfigureHooks+=(setupCUDAToolkitCompilers) -setupCMakeCUDAToolkit_ROOT() { - export cmakeFlags+=" -DCUDAToolkit_INCLUDE_DIR=$CUDAToolkit_INCLUDE_DIR -DCUDAToolkit_ROOT=$CUDAToolkit_ROOT" -} +propagateCudaLibraries() { + (( "${NIX_DEBUG:-0}" >= 1 )) && echo "propagateCudaLibraries: cudaPropagateToOutput=$cudaPropagateToOutput cudaHostPathsSeen=${!cudaHostPathsSeen[*]}" >&2 -postHooks+=(setupCUDAToolkitCompilers) -preConfigureHooks+=(setupCMakeCUDAToolkit_ROOT) + [[ -z "${cudaPropagateToOutput-}" ]] && return + + mkdir -p "${!cudaPropagateToOutput}/nix-support" + # One'd expect this should be propagated-bulid-build-deps, but that doesn't seem to work + echo "@setupCudaHook@" >> "${!cudaPropagateToOutput}/nix-support/propagated-native-build-inputs" + + local propagatedBuildInputs=( "${!cudaHostPathsSeen[@]}" ) + for output in $(getAllOutputNames) ; do + if [[ ! "$output" = "$cudaPropagateToOutput" ]] ; then + propagatedBuildInputs+=( "${!output}" ) + fi + break + done + + # One'd expect this should be propagated-host-host-deps, but that doesn't seem to work + printWords "${propagatedBuildInputs[@]}" >> "${!cudaPropagateToOutput}/nix-support/propagated-build-inputs" +} +postFixupHooks+=(propagateCudaLibraries) From 5a66afcd8effccb43b4d0ae695c1528dcfce7fce Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 00:44:50 +0000 Subject: [PATCH 072/124] opencv4: expose cxxdev, propagating optional cuda deps (cherry picked from commit ada3991349beb5880e3994f25c65a0cf68941b83) --- pkgs/development/libraries/opencv/4.x.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 4c1b13d1309e0..8cfb169a0bace 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -247,8 +247,10 @@ effectiveStdenv.mkDerivation { outputs = [ "out" + "cxxdev" "package_tests" ]; + cudaPropagateToOutput = "cxxdev"; postUnpack = lib.optionalString buildContrib '' cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/source/opencv_contrib" @@ -328,7 +330,7 @@ effectiveStdenv.mkDerivation { bzip2 AVFoundation Cocoa VideoDecodeAcceleration CoreMedia MediaToolbox Accelerate ] ++ lib.optionals enableDocs [ doxygen graphviz-nox ] - ++ lib.optionals enableCuda (with cudaPackages; [ + ++ lib.optionals enableCuda (with cudaPackages; [ cuda_cudart cuda_cccl # libnpp # npp.h @@ -338,7 +340,7 @@ effectiveStdenv.mkDerivation { cudnn # cudnn.h ] ++ lib.optionals enableCufft [ libcufft # cufft.h - ]); + ]); propagatedBuildInputs = lib.optional enablePython pythonPackages.numpy ++ lib.optionals enableCuda [ nvidia-optical-flow-sdk ]; @@ -458,6 +460,7 @@ effectiveStdenv.mkDerivation { postInstall = '' sed -i "s|{exec_prefix}/$out|{exec_prefix}|;s|{prefix}/$out|{prefix}|" \ "$out/lib/pkgconfig/opencv4.pc" + mkdir $cxxdev '' # install python distribution information, so other packages can `import opencv` + lib.optionalString enablePython '' From 7be294a3c7f6a638d17078e316673f45eb8db170 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 00:59:10 +0000 Subject: [PATCH 073/124] opencv4: propagate optical flow sdk same as cuda (cherry picked from commit 45698380295187b35f3872542b71efc2223f8201) --- .../libraries/nvidia-optical-flow-sdk/default.nix | 5 +++++ pkgs/development/libraries/opencv/4.x.nix | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix b/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix index a82fa9068c66c..2914d059cfaff 100644 --- a/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix +++ b/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix @@ -18,6 +18,11 @@ stdenv.mkDerivation { cp -R * $out/include ''; + postFixup = '' + mkdir -p $out/nix-support + echo $pname >> "$out/nix-support/include-in-cudatoolkit-root" + ''; + meta = with lib; { description = "Nvidia optical flow headers for computing the relative motion of pixels between images"; homepage = "https://developer.nvidia.com/opticalflow-sdk"; diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 8cfb169a0bace..d7693a3077a82 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -334,6 +334,7 @@ effectiveStdenv.mkDerivation { cuda_cudart cuda_cccl # libnpp # npp.h + nvidia-optical-flow-sdk ] ++ lib.optionals enableCublas [ libcublas # cublas_v2.h ] ++ lib.optionals enableCudnn [ @@ -342,8 +343,7 @@ effectiveStdenv.mkDerivation { libcufft # cufft.h ]); - propagatedBuildInputs = lib.optional enablePython pythonPackages.numpy - ++ lib.optionals enableCuda [ nvidia-optical-flow-sdk ]; + propagatedBuildInputs = lib.optionals enablePython [ pythonPackages.numpy ]; nativeBuildInputs = [ cmake pkg-config unzip ] ++ lib.optionals enablePython [ From 1ab4e3a2164bdb9e1289cd9e6b4d7684c195e76d Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sun, 3 Dec 2023 02:47:44 +0000 Subject: [PATCH 074/124] opencv4: discard build-time cuda deps (cherry picked from commit 55af9329429a30ce81f7ad01da95406e1d62f785) --- pkgs/development/libraries/opencv/4.x.nix | 24 +++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index d7693a3077a82..023e56940b75c 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -331,16 +331,28 @@ effectiveStdenv.mkDerivation { ] ++ lib.optionals enableDocs [ doxygen graphviz-nox ] ++ lib.optionals enableCuda (with cudaPackages; [ - cuda_cudart - cuda_cccl # - libnpp # npp.h + cuda_cudart.lib + cuda_cudart.dev + cuda_cccl.dev # + libnpp.dev # npp.h + libnpp.lib + libnpp.static nvidia-optical-flow-sdk ] ++ lib.optionals enableCublas [ - libcublas # cublas_v2.h + # May start using the default $out instead once + # https://github.com/NixOS/nixpkgs/issues/271792 + # has been addressed + libcublas.static + libcublas.lib + libcublas.dev # cublas_v2.h ] ++ lib.optionals enableCudnn [ - cudnn # cudnn.h + cudnn.dev # cudnn.h + cudnn.lib + cudnn.static ] ++ lib.optionals enableCufft [ - libcufft # cufft.h + libcufft.dev # cufft.h + libcufft.lib + libcufft.static ]); propagatedBuildInputs = lib.optionals enablePython [ pythonPackages.numpy ]; From ad2fd258c68308239c40fecca0e269f4fac599b0 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 01:00:05 +0000 Subject: [PATCH 075/124] torch: add the cxxdev output for cmake consumers (cherry picked from commit 71c248ec1309381136bf74339d453a58b400b2a9) --- .../python-modules/torch/default.nix | 16 ++++++++-- .../python-modules/torchaudio/default.nix | 12 +------ .../python-modules/torchvision/default.nix | 32 +++++-------------- 3 files changed, 22 insertions(+), 38 deletions(-) diff --git a/pkgs/development/python-modules/torch/default.nix b/pkgs/development/python-modules/torch/default.nix index a00e15f0518b8..dbfa72b884a9e 100644 --- a/pkgs/development/python-modules/torch/default.nix +++ b/pkgs/development/python-modules/torch/default.nix @@ -133,7 +133,9 @@ in buildPythonPackage rec { "out" # output standard python package "dev" # output libtorch headers "lib" # output libtorch libraries + "cxxdev" # propagated deps for the cmake consumers of torch ]; + cudaPropagateToOutput = "cxxdev"; src = fetchFromGitHub { owner = "pytorch"; @@ -368,7 +370,10 @@ in buildPythonPackage rec { ++ lib.optionals rocmSupport [ rocmPackages.llvm.openmp ] ++ lib.optionals (cudaSupport || rocmSupport) [ effectiveMagma ] ++ lib.optionals stdenv.isLinux [ numactl ] - ++ lib.optionals stdenv.isDarwin [ Accelerate CoreServices libobjc ]; + ++ lib.optionals stdenv.isDarwin [ Accelerate CoreServices libobjc ] + ++ lib.optionals tritonSupport [ openai-triton ] + ++ lib.optionals MPISupport [ mpi ] + ++ lib.optionals rocmSupport [ rocmtoolkit_joined ]; propagatedBuildInputs = [ cffi @@ -388,8 +393,10 @@ in buildPythonPackage rec { # torch/csrc requires `pybind11` at runtime pybind11 + ] ++ lib.optionals tritonSupport [ openai-triton ]; + + propagatedCxxBuildInputs = [ ] - ++ lib.optionals tritonSupport [ openai-triton ] ++ lib.optionals MPISupport [ mpi ] ++ lib.optionals rocmSupport [ rocmtoolkit_joined ]; @@ -450,7 +457,10 @@ in buildPythonPackage rec { --replace "/build/source/torch/include" "$dev/include" ''; - postFixup = lib.optionalString stdenv.isDarwin '' + postFixup = '' + mkdir -p "$cxxdev/nix-support" + printWords "''${propagatedCxxBuildInputs[@]}" >> "$cxxdev/nix-support/propagated-build-inputs" + '' + lib.optionalString stdenv.isDarwin '' for f in $(ls $lib/lib/*.dylib); do install_name_tool -id $lib/lib/$(basename $f) $f || true done diff --git a/pkgs/development/python-modules/torchaudio/default.nix b/pkgs/development/python-modules/torchaudio/default.nix index 207d2a6fade27..4d689d0b39064 100644 --- a/pkgs/development/python-modules/torchaudio/default.nix +++ b/pkgs/development/python-modules/torchaudio/default.nix @@ -44,17 +44,7 @@ buildPythonPackage rec { ]; buildInputs = [ pybind11 - ] ++ lib.optionals cudaSupport [ - cudaPackages.libcurand.dev - cudaPackages.libcurand.lib - cudaPackages.cuda_cudart # cuda_runtime.h and libraries - cudaPackages.cuda_cccl.dev # - cudaPackages.cuda_nvtx.dev - cudaPackages.cuda_nvtx.lib # -llibNVToolsExt - cudaPackages.libcublas.dev - cudaPackages.libcublas.lib - cudaPackages.libcufft.dev - cudaPackages.libcufft.lib + torch.cxxdev ]; propagatedBuildInputs = [ torch diff --git a/pkgs/development/python-modules/torchvision/default.nix b/pkgs/development/python-modules/torchvision/default.nix index 401e415e2812a..46a933835f0cf 100644 --- a/pkgs/development/python-modules/torchvision/default.nix +++ b/pkgs/development/python-modules/torchvision/default.nix @@ -17,28 +17,6 @@ let inherit (torch) cudaCapabilities cudaPackages cudaSupport; inherit (cudaPackages) backendStdenv cudaVersion; - # NOTE: torchvision doesn't use cudnn; torch does! - # For this reason it is not included. - cuda-common-redist = with cudaPackages; [ - cuda_cccl # - libcublas # cublas_v2.h - libcusolver # cusolverDn.h - libcusparse # cusparse.h - ]; - - cuda-native-redist = symlinkJoin { - name = "cuda-native-redist-${cudaVersion}"; - paths = with cudaPackages; [ - cuda_cudart # cuda_runtime.h - cuda_nvcc - ] ++ cuda-common-redist; - }; - - cuda-redist = symlinkJoin { - name = "cuda-redist-${cudaVersion}"; - paths = cuda-common-redist; - }; - pname = "torchvision"; version = "0.15.2"; in @@ -52,9 +30,15 @@ buildPythonPackage { hash = "sha256-KNbOgd6PCINZqZ24c/Ev+ODux3ik5iUlzem9uUfQArM="; }; - nativeBuildInputs = [ libpng ninja which ] ++ lib.optionals cudaSupport [ cuda-native-redist ]; + nativeBuildInputs = [ + libpng + ninja + which + ] ++ lib.optionals cudaSupport [ + cudaPackages.cuda_nvcc + ]; - buildInputs = [ libjpeg_turbo libpng ] ++ lib.optionals cudaSupport [ cuda-redist ]; + buildInputs = [ libjpeg_turbo libpng torch.cxxdev ]; propagatedBuildInputs = [ numpy pillow torch scipy ]; From 50064e53acd3a224e388f0f1d4d4079ebd8e5747 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 00:45:37 +0000 Subject: [PATCH 076/124] openvino: use opencv4.cxxdev in case cuda is enabled (cherry picked from commit 3ececb9efafd80058525571d77d881767de6f5b8) --- pkgs/development/libraries/openvino/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openvino/default.nix b/pkgs/development/libraries/openvino/default.nix index 5761f9e7bb645..6ff2be8ddbd6e 100644 --- a/pkgs/development/libraries/openvino/default.nix +++ b/pkgs/development/libraries/openvino/default.nix @@ -122,6 +122,7 @@ stdenv.mkDerivation rec { "-DENABLE_CPPLINT:BOOL=OFF" "-DBUILD_TESTING:BOOL=OFF" "-DENABLE_SAMPLES:BOOL=OFF" + (lib.cmakeBool "CMAKE_VERBOSE_MAKEFILE" true) ]; env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isAarch64 "-Wno-narrowing"; @@ -133,7 +134,7 @@ stdenv.mkDerivation rec { buildInputs = [ libusb1 libxml2 - opencv + opencv.cxxdev protobuf pugixml tbb From 484b846cdd78beaa67d6378e579a4c3dc39628c9 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Thu, 30 Nov 2023 00:59:33 +0000 Subject: [PATCH 077/124] cctag: unbreak the cuda variant (cherry picked from commit 44611c4a6d16b0eeb1488e9557b6a11e45193a46) --- pkgs/development/libraries/cctag/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/cctag/default.nix b/pkgs/development/libraries/cctag/default.nix index 2c1a5f9ae7863..238821b6af914 100644 --- a/pkgs/development/libraries/cctag/default.nix +++ b/pkgs/development/libraries/cctag/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation rec { buildInputs = [ boost179 eigen - opencv + opencv.cxxdev ]; # Tests are broken on Darwin (linking issue) From f68149e7973fd676a5d05a4e5fe93ca074d6f768 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Tue, 5 Dec 2023 20:03:13 +0000 Subject: [PATCH 078/124] python311Packages.torch: enable_language(CUDA) wants to -lcudart_static? (cherry picked from commit 2df7ccfa1498f5038b15acd50bc9277ad768dcbf) --- pkgs/development/python-modules/torch/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/torch/default.nix b/pkgs/development/python-modules/torch/default.nix index dbfa72b884a9e..b930f08aec73d 100644 --- a/pkgs/development/python-modules/torch/default.nix +++ b/pkgs/development/python-modules/torch/default.nix @@ -338,6 +338,7 @@ in buildPythonPackage rec { cuda_cccl.dev # cuda_cudart.dev # cuda_runtime.h and libraries cuda_cudart.lib + cuda_cudart.static cuda_cupti.dev # For kineto cuda_cupti.lib # For kineto cuda_nvcc.dev # crt/host_config.h; even though we include this in nativeBuildinputs, it's needed here too From 75cac5d64d5281175459dd8b76f1b701e2975014 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 8 Dec 2023 03:23:22 +0100 Subject: [PATCH 079/124] openvino: fix build by providing ocl-icd for libOpenCL.so.1 (cherry picked from commit 807a4c7b82731359b9171b951a39b76d91951e7b) --- pkgs/development/libraries/openvino/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/openvino/default.nix b/pkgs/development/libraries/openvino/default.nix index 6ff2be8ddbd6e..26fac012948d4 100644 --- a/pkgs/development/libraries/openvino/default.nix +++ b/pkgs/development/libraries/openvino/default.nix @@ -18,6 +18,7 @@ # runtime , libusb1 , libxml2 +, ocl-icd , opencv , protobuf , pugixml @@ -134,6 +135,7 @@ stdenv.mkDerivation rec { buildInputs = [ libusb1 libxml2 + ocl-icd opencv.cxxdev protobuf pugixml From 270e8cb169f4a6c43c253d388ac65e3b99e07588 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sun, 10 Dec 2023 01:38:43 +0000 Subject: [PATCH 080/124] cudaPackages.setupCudaHook: disable the guard for 23.11 --- .../compilers/cudatoolkit/hooks/setup-cuda-hook.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh index 7b7b3bdde80e3..4f1009adfc02e 100644 --- a/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh +++ b/pkgs/development/compilers/cudatoolkit/hooks/setup-cuda-hook.sh @@ -1,7 +1,7 @@ # shellcheck shell=bash -# Only run the hook from nativeBuildInputs -(( "$hostOffset" == -1 && "$targetOffset" == 0)) || return 0 +# Starting with 24.05: only run the hook from nativeBuildInputs +# (( "$hostOffset" == -1 && "$targetOffset" == 0)) || return 0 guard=Sourcing reason= From d8ed2baa7c48a75470e2093e6dfdf497ffa31d4c Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Sat, 9 Dec 2023 00:50:05 +0000 Subject: [PATCH 081/124] cudaPackages.cudatoolkit: propagate the hook to nativeBuildInputs correctly (cherry picked from commit 810599277409a7d564c159983f3bb4a51aed1ea3) --- pkgs/development/compilers/cudatoolkit/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/cudatoolkit/common.nix b/pkgs/development/compilers/cudatoolkit/common.nix index 681549fa62dbe..0725fd56faf62 100644 --- a/pkgs/development/compilers/cudatoolkit/common.nix +++ b/pkgs/development/compilers/cudatoolkit/common.nix @@ -88,7 +88,7 @@ backendStdenv.mkDerivation rec { ] ++ lib.optionals (lib.versionAtLeast version "11.8") [ qt6Packages.wrapQtAppsHook ]; - depsTargetTargetPropagated = [ + propagatedBuildInputs = [ setupCudaHook ]; buildInputs = lib.optionals (lib.versionOlder version "11") [ From 851337ef94ece9a54e886cec09678bfddf608c26 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 7 Dec 2023 21:00:30 -0500 Subject: [PATCH 082/124] mupdf: fix bin libmupdf.dylib loading on darwin (cherry picked from commit 11498aed21cfdc45e93d8243e6458d8883d45214) --- pkgs/applications/misc/mupdf/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index e4bf829191e30..7e172f279d44b 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -165,10 +165,14 @@ stdenv.mkDerivation rec { EOF moveToOutput "bin" "$bin" - '' + lib.optionalString (enableX11 || enableGL) '' + '' + (lib.optionalString (stdenv.isDarwin) '' + for exe in $bin/bin/*; do + install_name_tool -change build/shared-release/libmupdf.dylib $out/lib/libmupdf.dylib "$exe" + done + '') + (lib.optionalString (enableX11 || enableGL) '' mkdir -p $bin/share/icons/hicolor/48x48/apps cp docs/logo/mupdf.png $bin/share/icons/hicolor/48x48/apps - '' + (if enableGL then '' + '') + (if enableGL then '' ln -s "$bin/bin/mupdf-gl" "$bin/bin/mupdf" '' else lib.optionalString (enableX11) '' ln -s "$bin/bin/mupdf-x11" "$bin/bin/mupdf" From e5d569fa2e15759fbe5fd7188843dc22b20e6989 Mon Sep 17 00:00:00 2001 From: Someone Serge Date: Fri, 15 Dec 2023 01:10:37 +0000 Subject: [PATCH 083/124] nvidia-optical-flow-sdk: refactor: propagation via setupCudaHook (cherry picked from commit a33ae59eeb935515194f8edabbabe0df767fa8ba) --- .../libraries/nvidia-optical-flow-sdk/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix b/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix index 2914d059cfaff..813821bfb71c2 100644 --- a/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix +++ b/pkgs/development/libraries/nvidia-optical-flow-sdk/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub }: +{ lib, stdenv, fetchFromGitHub, cudaPackages }: stdenv.mkDerivation { pname = "nvidia-optical-flow-sdk"; @@ -18,10 +18,12 @@ stdenv.mkDerivation { cp -R * $out/include ''; - postFixup = '' - mkdir -p $out/nix-support - echo $pname >> "$out/nix-support/include-in-cudatoolkit-root" - ''; + # Makes setupCudaHook propagate nvidia-optical-flow-sdk together with cuda + # packages. Currently used by opencv4.cxxdev, hopefully can be removed in the + # future + nativeBuildInputs = [ + cudaPackages.markForCudatoolkitRootHook + ]; meta = with lib; { description = "Nvidia optical flow headers for computing the relative motion of pixels between images"; From 25d1a6eb52d95cc9638a7cb5d2344ede5bc766f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Wed, 13 Dec 2023 21:04:49 +0100 Subject: [PATCH 084/124] jq: 1.7 -> 1.7.1 https://github.com/jqlang/jq/releases/tag/jq-1.7.1 (cherry picked from commit 8e9003456f916a0562125baf2ce53d24f2a73900) --- pkgs/development/tools/jq/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/jq/default.nix b/pkgs/development/tools/jq/default.nix index 4a57c0f5a0c3a..432fe6826bd73 100644 --- a/pkgs/development/tools/jq/default.nix +++ b/pkgs/development/tools/jq/default.nix @@ -10,12 +10,12 @@ stdenv.mkDerivation rec { pname = "jq"; - version = "1.7"; + version = "1.7.1"; # Note: do not use fetchpatch or fetchFromGitHub to keep this package available in __bootPackages src = fetchurl { url = "https://github.com/jqlang/jq/releases/download/jq-${version}/jq-${version}.tar.gz"; - hash = "sha256-QCoNaXXZRub05ITRqEMgQUoP+Ots9J0sEdFE1NNE22I="; + hash = "sha256-R4ycoSn9LjRD/icxS0VeIR4NjGC8j/ffcDhz3u7lgMI="; }; outputs = [ "bin" "doc" "man" "dev" "lib" "out" ]; From 7085b786b47327f311f6c8a67550844c162be492 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 15 Dec 2023 19:01:49 +0300 Subject: [PATCH 085/124] kde/frameworks: 5.112 -> 5.113 (cherry picked from commit 217f80780d83e3c392412e4d93b6e3d87a8c1e1a) --- .../libraries/kde-frameworks/default.nix | 3 +- .../libraries/kde-frameworks/fetch.sh | 2 +- .../{oxygen-icons5.nix => oxygen-icons.nix} | 2 +- .../libraries/kde-frameworks/srcs.nix | 666 +++++++++--------- 4 files changed, 337 insertions(+), 336 deletions(-) rename pkgs/development/libraries/kde-frameworks/{oxygen-icons5.nix => oxygen-icons.nix} (89%) diff --git a/pkgs/development/libraries/kde-frameworks/default.nix b/pkgs/development/libraries/kde-frameworks/default.nix index 4245aa0ed20ec..cc87ec2afa57b 100644 --- a/pkgs/development/libraries/kde-frameworks/default.nix +++ b/pkgs/development/libraries/kde-frameworks/default.nix @@ -120,7 +120,8 @@ let kwindowsystem = callPackage ./kwindowsystem {}; modemmanager-qt = callPackage ./modemmanager-qt.nix {}; networkmanager-qt = callPackage ./networkmanager-qt.nix {}; - oxygen-icons5 = callPackage ./oxygen-icons5.nix {}; + oxygen-icons = callPackage ./oxygen-icons.nix {}; + oxygen-icons5 = oxygen-icons; prison = callPackage ./prison.nix {}; qqc2-desktop-style = callPackage ./qqc2-desktop-style.nix {}; solid = callPackage ./solid {}; diff --git a/pkgs/development/libraries/kde-frameworks/fetch.sh b/pkgs/development/libraries/kde-frameworks/fetch.sh index f53e0d6c16bff..590818546a4bf 100644 --- a/pkgs/development/libraries/kde-frameworks/fetch.sh +++ b/pkgs/development/libraries/kde-frameworks/fetch.sh @@ -1 +1 @@ -WGET_ARGS=( https://download.kde.org/stable/frameworks/5.112/ -A '*.tar.xz' ) +WGET_ARGS=( https://download.kde.org/stable/frameworks/5.113/ -A '*.tar.xz' ) diff --git a/pkgs/development/libraries/kde-frameworks/oxygen-icons5.nix b/pkgs/development/libraries/kde-frameworks/oxygen-icons.nix similarity index 89% rename from pkgs/development/libraries/kde-frameworks/oxygen-icons5.nix rename to pkgs/development/libraries/kde-frameworks/oxygen-icons.nix index 7121944d5d39f..4760c51abe542 100644 --- a/pkgs/development/libraries/kde-frameworks/oxygen-icons5.nix +++ b/pkgs/development/libraries/kde-frameworks/oxygen-icons.nix @@ -5,7 +5,7 @@ }: mkDerivation { - pname = "oxygen-icons5"; + pname = "oxygen-icons"; meta.license = lib.licenses.lgpl3Plus; nativeBuildInputs = [ extra-cmake-modules ]; buildInputs = [ qtbase ]; diff --git a/pkgs/development/libraries/kde-frameworks/srcs.nix b/pkgs/development/libraries/kde-frameworks/srcs.nix index f6909957ba445..06b5e6b04cfa9 100644 --- a/pkgs/development/libraries/kde-frameworks/srcs.nix +++ b/pkgs/development/libraries/kde-frameworks/srcs.nix @@ -4,667 +4,667 @@ { attica = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/attica-5.112.0.tar.xz"; - sha256 = "0syg508bjfq5ycr246p3f4q37ihvqk5j7n66vkn7h7dvgwspjff5"; - name = "attica-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/attica-5.113.0.tar.xz"; + sha256 = "0p6n2jvky5x9gpwmp31mdxf0bzywaljgnkszgbklyc35xk9i6j14"; + name = "attica-5.113.0.tar.xz"; }; }; baloo = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/baloo-5.112.0.tar.xz"; - sha256 = "17h83s5r70hg8qjv9vli43zv854jll40cmmh2pjcg7nlfi1ypcbz"; - name = "baloo-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/baloo-5.113.0.tar.xz"; + sha256 = "1jv7202dj2w0vcv49bgp0iv1sfy3kdqr974rcr77pcfzhhda9bix"; + name = "baloo-5.113.0.tar.xz"; }; }; bluez-qt = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/bluez-qt-5.112.0.tar.xz"; - sha256 = "03kzvklzj9h4sl1850c1lh4b3z9lis7d6l9fb9cfnffh3wjpjagb"; - name = "bluez-qt-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/bluez-qt-5.113.0.tar.xz"; + sha256 = "1y6nkl9zc5298jc6klxz88h6srmma085w1q5l4jmjihgys2zkcx7"; + name = "bluez-qt-5.113.0.tar.xz"; }; }; breeze-icons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/breeze-icons-5.112.0.tar.xz"; - sha256 = "0n3xdja42hzn3hssj0a8d97kkb790kinp2xmslfl7w8izsz53p39"; - name = "breeze-icons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/breeze-icons-5.113.0.tar.xz"; + sha256 = "0kb3wchx84dpi77zsi1b9pzlkhg3sjagxcsf1pdappagq3xn1p48"; + name = "breeze-icons-5.113.0.tar.xz"; }; }; extra-cmake-modules = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/extra-cmake-modules-5.112.0.tar.xz"; - sha256 = "1qn2shanzsv06q34zwhkjhb88j7crdp83qp265gpxmc049vq845c"; - name = "extra-cmake-modules-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/extra-cmake-modules-5.113.0.tar.xz"; + sha256 = "1i1vpf9860cwrq5b01yrgf94hmzk9dx637j638shgjmyxr058pi6"; + name = "extra-cmake-modules-5.113.0.tar.xz"; }; }; frameworkintegration = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/frameworkintegration-5.112.0.tar.xz"; - sha256 = "1kiy4vcr8lj82mhpgn99yw4w6lwr26yjmsfdv3n6ha667gqv2gn6"; - name = "frameworkintegration-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/frameworkintegration-5.113.0.tar.xz"; + sha256 = "17i7frachq23kfg78ar33x5acwf7pmwl1a5c02qif44mml8b09hi"; + name = "frameworkintegration-5.113.0.tar.xz"; }; }; kactivities = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kactivities-5.112.0.tar.xz"; - sha256 = "0nzbvby11f14h5w2q5wa5kij7bpx01ffqsi8mmjk71imhq5mzkfz"; - name = "kactivities-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kactivities-5.113.0.tar.xz"; + sha256 = "1d9lkhp344wdss9vab3gh9h31f1k6fifdhp17fblpkykgyvbb26y"; + name = "kactivities-5.113.0.tar.xz"; }; }; kactivities-stats = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kactivities-stats-5.112.0.tar.xz"; - sha256 = "0czic2s147nhjphdkfymnakrw73bzi0pbmb8s3frrxsf4yp7gvzy"; - name = "kactivities-stats-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kactivities-stats-5.113.0.tar.xz"; + sha256 = "136z2njw3k2l71xp4vg10sm5q925xh8yfr9a784wnr0kwngdb71i"; + name = "kactivities-stats-5.113.0.tar.xz"; }; }; kapidox = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kapidox-5.112.0.tar.xz"; - sha256 = "0fa80ncx4h5izhw6vjjglmxcs9h4rvf2q1bcm0m4zcpky5h8bdqi"; - name = "kapidox-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kapidox-5.113.0.tar.xz"; + sha256 = "05407c01wnjyslbbz0w5wipjpx6ng3izya41mg13g700ainj9q1x"; + name = "kapidox-5.113.0.tar.xz"; }; }; karchive = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/karchive-5.112.0.tar.xz"; - sha256 = "0rzxxgp5hcs63yfqisvf1m2m0qyrj2ri9966h5hc25jh5ajrgmi7"; - name = "karchive-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/karchive-5.113.0.tar.xz"; + sha256 = "03a3p85hmx4ycfp0y5l9yw4cy3i9jwy7jd27psmckr4q0538k91d"; + name = "karchive-5.113.0.tar.xz"; }; }; kauth = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kauth-5.112.0.tar.xz"; - sha256 = "1xq5jhnp3dyykx84p5ijhi6kj0x2iz8k665bkkz4zcv9l8gf9jv7"; - name = "kauth-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kauth-5.113.0.tar.xz"; + sha256 = "0ncpyq2l53p4yhhxkvk23x0ji9amrbnm6kbz8dp573cqww79pih2"; + name = "kauth-5.113.0.tar.xz"; }; }; kbookmarks = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kbookmarks-5.112.0.tar.xz"; - sha256 = "12m8wx8sv12mwj2xprbr3ywr66mq3415byjfsz8f5yx4lhywkcfi"; - name = "kbookmarks-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kbookmarks-5.113.0.tar.xz"; + sha256 = "1fgnh8amy2ghn50i59al0iyqvj05pzdxai9qxqzbvi65f1pibi7d"; + name = "kbookmarks-5.113.0.tar.xz"; }; }; kcalendarcore = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcalendarcore-5.112.0.tar.xz"; - sha256 = "0najg934lylb5m64lmkpv3v7ri2g3ncsg8ycg7gkm8r93nypa60r"; - name = "kcalendarcore-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcalendarcore-5.113.0.tar.xz"; + sha256 = "18psjzqcfzaplcfjpjda983mrpv306il0j49q3rm9hj9ycj54wc2"; + name = "kcalendarcore-5.113.0.tar.xz"; }; }; kcmutils = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcmutils-5.112.0.tar.xz"; - sha256 = "0b4l5hf90jrbj4bbrkmyz1va6znwd8dpp2w0i5h002xbpf6vwp2y"; - name = "kcmutils-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcmutils-5.113.0.tar.xz"; + sha256 = "1xbfzw2zfl966zp70jzfp3hjzn334zf4hnwr82priffafgrin57s"; + name = "kcmutils-5.113.0.tar.xz"; }; }; kcodecs = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcodecs-5.112.0.tar.xz"; - sha256 = "0pnmqq5asj361x9fk1vapwssafbb2zxjr0nh8lp8666f675wg2yx"; - name = "kcodecs-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcodecs-5.113.0.tar.xz"; + sha256 = "1xvaq0yg4n4lwyq3yx2m8jrvfg7f0qrwgxxam4rmp2l245bvn34i"; + name = "kcodecs-5.113.0.tar.xz"; }; }; kcompletion = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcompletion-5.112.0.tar.xz"; - sha256 = "1k09ahwgz1fipdc1l2k13r97hgyvwjsr5dlvhkbrd384sip84q8j"; - name = "kcompletion-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcompletion-5.113.0.tar.xz"; + sha256 = "016280h98j1ssvc3a4b3vyh4s93s9y9hn1jrpbfbkm9xxnvi7k79"; + name = "kcompletion-5.113.0.tar.xz"; }; }; kconfig = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kconfig-5.112.0.tar.xz"; - sha256 = "080qv53727ijdz9325kzl81nxchds3cpy6siv1h5s4scbb92dpl6"; - name = "kconfig-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kconfig-5.113.0.tar.xz"; + sha256 = "0fwhn3yp4gfwjiy5dx7gs0zd65yjlrrzkqpy7fpg7n97qf99q2a8"; + name = "kconfig-5.113.0.tar.xz"; }; }; kconfigwidgets = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kconfigwidgets-5.112.0.tar.xz"; - sha256 = "0yk84f9pwb600pligwa2022r9srz4fd7kkf90r7q7vmf5r3hl3r9"; - name = "kconfigwidgets-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kconfigwidgets-5.113.0.tar.xz"; + sha256 = "0bmk5qxiss7a71xpfsbqj831wkcf94b7wfbw9xisvnxlfmf60y4v"; + name = "kconfigwidgets-5.113.0.tar.xz"; }; }; kcontacts = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcontacts-5.112.0.tar.xz"; - sha256 = "0q20xnj43ysq1wdymvl8j8zyvycsqs4hm2x72gz42hd9dlbp77s5"; - name = "kcontacts-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcontacts-5.113.0.tar.xz"; + sha256 = "1y9cdv1g2ypwl4b0hk1sxk7lvb5qkbm4n1gh62plqsran62jsimm"; + name = "kcontacts-5.113.0.tar.xz"; }; }; kcoreaddons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcoreaddons-5.112.0.tar.xz"; - sha256 = "032n4fl4d8lhgmd08f7nfa18izrccggxhdbgk33vnf1lw7c6yamp"; - name = "kcoreaddons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcoreaddons-5.113.0.tar.xz"; + sha256 = "1bhanzfjw2i49sx2hjnim8k72vvbs7gyig7nkqkgbaxzpa8qgwrf"; + name = "kcoreaddons-5.113.0.tar.xz"; }; }; kcrash = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kcrash-5.112.0.tar.xz"; - sha256 = "1sarh8ncibl8bz7pkd5xs4dd5vciyj82pckazxx4f482irdzyxzx"; - name = "kcrash-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kcrash-5.113.0.tar.xz"; + sha256 = "1mg90xm6ckcd30s07psn30sgh81lx8kfs0p1h6cblg4q8bkgkndv"; + name = "kcrash-5.113.0.tar.xz"; }; }; kdav = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdav-5.112.0.tar.xz"; - sha256 = "1m6basdd6p0yaij9jdsc35sj198gsackk3dx4kci3a8zlvvag32g"; - name = "kdav-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdav-5.113.0.tar.xz"; + sha256 = "1djng9c741xairr84nvjbkq4dk551p7yk91g8d4nndy8s1kiz1dv"; + name = "kdav-5.113.0.tar.xz"; }; }; kdbusaddons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdbusaddons-5.112.0.tar.xz"; - sha256 = "0n04z0srf3xzd0m9sa9f3q7hrzbjrg1hbajzm89p71hfr7dmcgjq"; - name = "kdbusaddons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdbusaddons-5.113.0.tar.xz"; + sha256 = "101a406f8i0wgaxd0ilvfcb3plzjgvxw9bhhm5pin6fpr0xkjrnk"; + name = "kdbusaddons-5.113.0.tar.xz"; }; }; kdeclarative = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdeclarative-5.112.0.tar.xz"; - sha256 = "1wzhqp5mzbk9lz7ks4ggzb1k6c3fkxwwyzdapwfgn79k5qrhqvjk"; - name = "kdeclarative-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdeclarative-5.113.0.tar.xz"; + sha256 = "1wj9arkmjdrac04cq2w5bw5184jnlq5xn2cw6n7lajc31yrbc0rk"; + name = "kdeclarative-5.113.0.tar.xz"; }; }; kded = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kded-5.112.0.tar.xz"; - sha256 = "16qiybj9q1v6j5csyx2f7pdpxih60psszyyvq9yj4ycdzjhjzmmn"; - name = "kded-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kded-5.113.0.tar.xz"; + sha256 = "1vb3z7r2l206n7p70a4cbkrm7fvyk7hqqf0bz7514r4g86l4l5n4"; + name = "kded-5.113.0.tar.xz"; }; }; kdelibs4support = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kdelibs4support-5.112.0.tar.xz"; - sha256 = "0rrzqyawck0mmh8xfs73jx6jghv5bm1346h3xkhgw6ydfzdv3kcv"; - name = "kdelibs4support-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kdelibs4support-5.113.0.tar.xz"; + sha256 = "1z843zq1g5n3b8gb20y8266hyikvbzdsgc77gvcgzvqfdxk19l24"; + name = "kdelibs4support-5.113.0.tar.xz"; }; }; kdesignerplugin = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kdesignerplugin-5.112.0.tar.xz"; - sha256 = "0rrk7d06m1ywxf6n1crf510imidhfkpfb58qpaby2fzwb1ifmlyj"; - name = "kdesignerplugin-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kdesignerplugin-5.113.0.tar.xz"; + sha256 = "05hwq8rpm1f9ad5fyk2gjqxm6gvvx2gx2zdbklww9ghlh8qndl9i"; + name = "kdesignerplugin-5.113.0.tar.xz"; }; }; kdesu = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdesu-5.112.0.tar.xz"; - sha256 = "1yn16q3yrycrh6xsfh7faa5n9cr0lafiwh9dwr5p8rm62nmas83g"; - name = "kdesu-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdesu-5.113.0.tar.xz"; + sha256 = "085d3d6qpl4m7z8smm0bq9khfjjglpb1gd9n8q0d541127y2cpq4"; + name = "kdesu-5.113.0.tar.xz"; }; }; kdewebkit = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kdewebkit-5.112.0.tar.xz"; - sha256 = "11za35zxaa3mlvmrkp4rx47sl6ihbc1xgcaf18r6a0cyn4zhx2fz"; - name = "kdewebkit-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kdewebkit-5.113.0.tar.xz"; + sha256 = "18bmg88xj07h8y5f3f2ckjs9m61mf8jrxrg4vg8hrf4nabxz20xn"; + name = "kdewebkit-5.113.0.tar.xz"; }; }; kdnssd = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdnssd-5.112.0.tar.xz"; - sha256 = "0cd1dm44f12n29d8idh29djhfd2z6lj4hc4l42hxx2nasi009p2s"; - name = "kdnssd-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdnssd-5.113.0.tar.xz"; + sha256 = "1hbb9zy1f13m45b6kzndxw619vnmx0s418brqgkdaxgsh12j5anq"; + name = "kdnssd-5.113.0.tar.xz"; }; }; kdoctools = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kdoctools-5.112.0.tar.xz"; - sha256 = "1cinjrbg31pilzlir9vmigf86ypgpxr9mmyqpjfvq6yxvxfnq7li"; - name = "kdoctools-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kdoctools-5.113.0.tar.xz"; + sha256 = "0cfs4znhp7psrz99j3brp8q39gg0bpzvkrdx90zl6vvrc06d2zaa"; + name = "kdoctools-5.113.0.tar.xz"; }; }; kemoticons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kemoticons-5.112.0.tar.xz"; - sha256 = "037xj9i1x81npm7fyqizkyi7k4slakx1c5x9drp0py5133a0k6z8"; - name = "kemoticons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kemoticons-5.113.0.tar.xz"; + sha256 = "127frvsp1h9hg755vz2i609wxqqgzgsz15iqr7hcpbmmf6xvm8i2"; + name = "kemoticons-5.113.0.tar.xz"; }; }; kfilemetadata = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kfilemetadata-5.112.0.tar.xz"; - sha256 = "1yvz3439jmg8m0ry9z0930ya679fahphb6s7mci23xf5zjpczgy4"; - name = "kfilemetadata-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kfilemetadata-5.113.0.tar.xz"; + sha256 = "1ap25y66y1r185fghvkkkkp4f6acnkazny8wxw5hv1gg25ilpsir"; + name = "kfilemetadata-5.113.0.tar.xz"; }; }; kglobalaccel = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kglobalaccel-5.112.0.tar.xz"; - sha256 = "0flb0rkw5bh1xb706pgzsjq41slma4xwg3ghmvrdr622qf87w9hh"; - name = "kglobalaccel-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kglobalaccel-5.113.0.tar.xz"; + sha256 = "0ibm1wd7fhi3j5za0agyq2zrs9nx5a8b47iijkzgkpz9ylxniwrs"; + name = "kglobalaccel-5.113.0.tar.xz"; }; }; kguiaddons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kguiaddons-5.112.0.tar.xz"; - sha256 = "0yw4ikb14f2q1z0hr64bxnxvg770jjllqfvhbnl5hn3m7l61psmb"; - name = "kguiaddons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kguiaddons-5.113.0.tar.xz"; + sha256 = "1ykhxgx89x1qv916pcz3j0q14ylalg9v23jjw0dbwpg5hlj4qlyc"; + name = "kguiaddons-5.113.0.tar.xz"; }; }; kholidays = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kholidays-5.112.0.tar.xz"; - sha256 = "1b5jdss17wvm66gwzh6qb0caz9b3fnr6cd902bvqa7dr1aby4j52"; - name = "kholidays-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kholidays-5.113.0.tar.xz"; + sha256 = "1wq397j3m3s9a45k9h5hsdsfansvb3a5q8biag2w3fsb1i84id0i"; + name = "kholidays-5.113.0.tar.xz"; }; }; khtml = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/khtml-5.112.0.tar.xz"; - sha256 = "0rw6286w971q61gahm1qzic0gsfmfz8x449jw6zy38d9k17h7s2n"; - name = "khtml-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/khtml-5.113.0.tar.xz"; + sha256 = "0m284rwq8f49j71lcapzr4qi0f72a0adnv67mfg5blar867161mq"; + name = "khtml-5.113.0.tar.xz"; }; }; ki18n = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/ki18n-5.112.0.tar.xz"; - sha256 = "06wng9mpr2ln9dd1ayvwglc6071iqg5285jisg95vgf2c3kl5m9k"; - name = "ki18n-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/ki18n-5.113.0.tar.xz"; + sha256 = "0hl0qp3653xiwa5ndk82ygy2kgrc0pygqkknb1cx5w54s56bm57w"; + name = "ki18n-5.113.0.tar.xz"; }; }; kiconthemes = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kiconthemes-5.112.0.tar.xz"; - sha256 = "04nqw9a2c7bba5y7y741wqwm95jfpbva71q1fj43grd6hcqlff53"; - name = "kiconthemes-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kiconthemes-5.113.0.tar.xz"; + sha256 = "0q2c1s8pwl7dnx9v7q061zn5n1prk0vv0j77kki9wfncjaf15g0g"; + name = "kiconthemes-5.113.0.tar.xz"; }; }; kidletime = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kidletime-5.112.0.tar.xz"; - sha256 = "0pch2baf9867w6llk98mxag2y3sjz6irqci88rrsnwn4s1vcs356"; - name = "kidletime-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kidletime-5.113.0.tar.xz"; + sha256 = "1cdfhn3mcxvizba1gpf0viba3g0mnva3l226lkca3p9ps8c4z3rm"; + name = "kidletime-5.113.0.tar.xz"; }; }; kimageformats = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kimageformats-5.112.0.tar.xz"; - sha256 = "1lw9vvmb032ymy0a1443q3p9nwn8shc9kbaz05jw4jwa74wp7i65"; - name = "kimageformats-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kimageformats-5.113.0.tar.xz"; + sha256 = "0gys83sazgbj7h3yiaacqr464z951ixygrhzcw16cnqjm8phic44"; + name = "kimageformats-5.113.0.tar.xz"; }; }; kinit = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kinit-5.112.0.tar.xz"; - sha256 = "1mij6nw1w0zyv724096pfbb0r95300yqb884bx3wlm5nibawwpz7"; - name = "kinit-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kinit-5.113.0.tar.xz"; + sha256 = "1ydmgxyr5j9zi0a5vlb64kkjxka3rsyvzj10y3dww92qyapnn2bv"; + name = "kinit-5.113.0.tar.xz"; }; }; kio = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kio-5.112.0.tar.xz"; - sha256 = "16gv0f8l4jn19mrwc52c6gw2n8hb28n6v7x6kx7qbs3z0wf57f44"; - name = "kio-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kio-5.113.0.tar.xz"; + sha256 = "1bjmv3wdpmzqbv1xzzl0ydirccbknnjyqn6wzb057zgy7kpi1cd8"; + name = "kio-5.113.0.tar.xz"; }; }; kirigami2 = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kirigami2-5.112.0.tar.xz"; - sha256 = "048f3sji3dx7q415fkmkj0xmnl0dxacdr9d08d5rqkxz2d94hzk3"; - name = "kirigami2-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kirigami2-5.113.0.tar.xz"; + sha256 = "0zy3s841q2xw4d048a3qh4cfh9kb3qaqxml4ny5zi73crm173h8y"; + name = "kirigami2-5.113.0.tar.xz"; }; }; kitemmodels = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kitemmodels-5.112.0.tar.xz"; - sha256 = "130avvp4lq8f8pag39mna0p3rjyvhbq6akng9d4l01nf8287zv2s"; - name = "kitemmodels-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kitemmodels-5.113.0.tar.xz"; + sha256 = "01i1s7rw7ndp3gnl3bg0pv8a9qz95rmz0jxkw97p72gcah2q2yvk"; + name = "kitemmodels-5.113.0.tar.xz"; }; }; kitemviews = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kitemviews-5.112.0.tar.xz"; - sha256 = "1xpk5xfrp38bjgsyvc3wmcq7vj1sa2wxz0wld2bby3nsixbrdq68"; - name = "kitemviews-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kitemviews-5.113.0.tar.xz"; + sha256 = "0wnmgm72kv7vxadsrkdbnjknb4lkzrmn6gk7car7jx2i91kz7xdd"; + name = "kitemviews-5.113.0.tar.xz"; }; }; kjobwidgets = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kjobwidgets-5.112.0.tar.xz"; - sha256 = "1x1ip1c1v7mydvrz620gaajx6c1p88vlbi3i66fdfnxvhkcrqzqv"; - name = "kjobwidgets-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kjobwidgets-5.113.0.tar.xz"; + sha256 = "0f5shrapjvwp8bc34vypzfsfl07pj7nmdflf9lcwc8h3kwf2rxqr"; + name = "kjobwidgets-5.113.0.tar.xz"; }; }; kjs = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kjs-5.112.0.tar.xz"; - sha256 = "00nr7darrijxm7czvjwvs4jrw8yd8ypz49l4xym19fvslcb5d0x9"; - name = "kjs-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kjs-5.113.0.tar.xz"; + sha256 = "0h50jyd9mddnavafikn9haqqcq1mql2v8qcc1c233ffplkx1f6hb"; + name = "kjs-5.113.0.tar.xz"; }; }; kjsembed = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kjsembed-5.112.0.tar.xz"; - sha256 = "0hs6ka5qj1w3kha6rssvvpw6dh4pw001wfpfjzn8klawjwndjv1r"; - name = "kjsembed-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kjsembed-5.113.0.tar.xz"; + sha256 = "0bwsj0n3d038vs3n2mw6x8srbg4da40bw59q14cpv70ws1sg2r2n"; + name = "kjsembed-5.113.0.tar.xz"; }; }; kmediaplayer = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kmediaplayer-5.112.0.tar.xz"; - sha256 = "1bdanmrbzyh6hbpkflq7gwrjm03647pbbiv670li0cmyfmnz904r"; - name = "kmediaplayer-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kmediaplayer-5.113.0.tar.xz"; + sha256 = "1nyn7x28j17yrb7zx31519h2ghp5h3pwk6baxais0q1mv9azyfay"; + name = "kmediaplayer-5.113.0.tar.xz"; }; }; knewstuff = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/knewstuff-5.112.0.tar.xz"; - sha256 = "1l417xsqpwxv73wm0fdgjpfnvs19casm1x2xsl299pj66kcm1y7l"; - name = "knewstuff-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/knewstuff-5.113.0.tar.xz"; + sha256 = "0fj17rxyp9wmmc9jh8zjpgwpia9r4xlvabvkb4ynd1vhy58k8w51"; + name = "knewstuff-5.113.0.tar.xz"; }; }; knotifications = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/knotifications-5.112.0.tar.xz"; - sha256 = "1xlx91rn826gw3mqddvfs884mx95rhksf70wc1m5jd49cdcgw1mz"; - name = "knotifications-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/knotifications-5.113.0.tar.xz"; + sha256 = "1yzpf12wsi3h3v7z68b42rjdrnfkah6avq4y611b0r004shgkl1x"; + name = "knotifications-5.113.0.tar.xz"; }; }; knotifyconfig = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/knotifyconfig-5.112.0.tar.xz"; - sha256 = "18qikgc5lp5xjmar823j0cgwqpgc8b5sr8rq1x2p23pbb9ywfpqj"; - name = "knotifyconfig-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/knotifyconfig-5.113.0.tar.xz"; + sha256 = "1gdzyxcc371lmnzc153k8wdyxgsv7r2y44j8d5srld36amssxnc6"; + name = "knotifyconfig-5.113.0.tar.xz"; }; }; kpackage = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kpackage-5.112.0.tar.xz"; - sha256 = "0g84q54yhm9a1h48pim371rjbl208ka56a6xx23zqis20wqjs0kp"; - name = "kpackage-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kpackage-5.113.0.tar.xz"; + sha256 = "04605kr2w0yhwx64lqq1qc1zmmip7vkxnxv3fs2846864814fkk2"; + name = "kpackage-5.113.0.tar.xz"; }; }; kparts = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kparts-5.112.0.tar.xz"; - sha256 = "0mr45zk4i7jfazkawi7i2ry88y9a17wsny4ck0zln3ggb6wra32c"; - name = "kparts-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kparts-5.113.0.tar.xz"; + sha256 = "0mx95xrr6pad4q5p0sn2iqmc59787bpfkvkyiz9li56wynh1jf48"; + name = "kparts-5.113.0.tar.xz"; }; }; kpeople = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kpeople-5.112.0.tar.xz"; - sha256 = "0xfczzy2pwdszzzmyj8ldr1178d93za26j0rqbj3wnqsnji9yn6n"; - name = "kpeople-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kpeople-5.113.0.tar.xz"; + sha256 = "08g44hq1iywycf44imdqkql4gx2vyg87n1nxxqq6ssva0kybia7n"; + name = "kpeople-5.113.0.tar.xz"; }; }; kplotting = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kplotting-5.112.0.tar.xz"; - sha256 = "0a18ly62ilsmaihm398q1jvj10ccw00di3rywq0wq45n0ghnx7zx"; - name = "kplotting-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kplotting-5.113.0.tar.xz"; + sha256 = "16pfia711y9iqnl0svyg00g7a2x4ln8yaxmrmy74xj7y0dj5jcyj"; + name = "kplotting-5.113.0.tar.xz"; }; }; kpty = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kpty-5.112.0.tar.xz"; - sha256 = "1p6rm94hvq6w54h84vhcqbbnj2gmypipj05vx7c9bnijy0d4nfxf"; - name = "kpty-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kpty-5.113.0.tar.xz"; + sha256 = "0hzn18lidiiaxr08fjhk0r5zh0m01ls46w1fyjnv42bvf7vd7v5y"; + name = "kpty-5.113.0.tar.xz"; }; }; kquickcharts = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kquickcharts-5.112.0.tar.xz"; - sha256 = "1c634jda7lqmv009jg2jdarkd08q1hf4fb3wnj35hilj37c57b5a"; - name = "kquickcharts-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kquickcharts-5.113.0.tar.xz"; + sha256 = "0v47c6mdx72rdz441zk4csc6a2bj6wi7772vlpz2yr3ay70l8f5d"; + name = "kquickcharts-5.113.0.tar.xz"; }; }; kross = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kross-5.112.0.tar.xz"; - sha256 = "1b887bx4d3nr55305mk91wnm6bfhbgnqjmbc3a9jkv65c78j9hsa"; - name = "kross-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kross-5.113.0.tar.xz"; + sha256 = "1cqdcm086a4kjrb9k6cwqn05fg5ij3zppc8bi7dxrgrfxc494c8s"; + name = "kross-5.113.0.tar.xz"; }; }; krunner = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/krunner-5.112.0.tar.xz"; - sha256 = "00bfszbpr2w21nz3vhih8hp0f9gzn1906axvib3jm1w3kjmy2avn"; - name = "krunner-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/krunner-5.113.0.tar.xz"; + sha256 = "0z7d6nyvrlgr7aw9ibz1xgp62220iwzvhqpqikwlxhc9hjggmdlh"; + name = "krunner-5.113.0.tar.xz"; }; }; kservice = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kservice-5.112.0.tar.xz"; - sha256 = "01aj0yrlxlwr5sm1z0pq6caa4ijj3nsgqhza1zr4mzrx2ybf753z"; - name = "kservice-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kservice-5.113.0.tar.xz"; + sha256 = "09ph72jb40pkw1nzayvzzav4m6240amkj6jvx390dmsvr7jzn0nb"; + name = "kservice-5.113.0.tar.xz"; }; }; ktexteditor = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/ktexteditor-5.112.0.tar.xz"; - sha256 = "0d0cw9qd7mmnhdqayx4lcpd60hp1al5zwy565rsvxmjly564l3i9"; - name = "ktexteditor-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/ktexteditor-5.113.0.tar.xz"; + sha256 = "02nclhfgqximsl8w6la5w0fshzcj71nrz5kjb2p1s28xdf1ahvgg"; + name = "ktexteditor-5.113.0.tar.xz"; }; }; ktextwidgets = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/ktextwidgets-5.112.0.tar.xz"; - sha256 = "0x83f0ih3c25yggmvyibyfaiikk4zc0k5gf6yr87c62ihgv7gniz"; - name = "ktextwidgets-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/ktextwidgets-5.113.0.tar.xz"; + sha256 = "060grfna4kj8nhxgk38yf3csqfgxg0358dkwmg8aw5y5k0jys2az"; + name = "ktextwidgets-5.113.0.tar.xz"; }; }; kunitconversion = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kunitconversion-5.112.0.tar.xz"; - sha256 = "1zi47yd3aydy2mcmgfgwp4g12w7681lyc1niq5p13670mxhlkrwc"; - name = "kunitconversion-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kunitconversion-5.113.0.tar.xz"; + sha256 = "1x7gwrz43wvd3r87x545bxxyzhqj87mhhx05dqh0b09vqk6gxzza"; + name = "kunitconversion-5.113.0.tar.xz"; }; }; kwallet = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kwallet-5.112.0.tar.xz"; - sha256 = "1v38wyz9hhhvzwrpxsjkd8yqyy4yv9hii1413ffcm9x971nliq2s"; - name = "kwallet-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kwallet-5.113.0.tar.xz"; + sha256 = "0aq8d5c5p9j19bzspd205gh297n7fh5f26m49826fx5mp1im4lwn"; + name = "kwallet-5.113.0.tar.xz"; }; }; kwayland = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kwayland-5.112.0.tar.xz"; - sha256 = "0nzpg4x9hg9jd1kg6sq0lh658kz3cz25z5kji7hpq2h0svmxx709"; - name = "kwayland-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kwayland-5.113.0.tar.xz"; + sha256 = "1anhvz4b1q835py451jznnfj9z2jh1fwnx4lfwhi67viaplpiwqg"; + name = "kwayland-5.113.0.tar.xz"; }; }; kwidgetsaddons = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kwidgetsaddons-5.112.0.tar.xz"; - sha256 = "0x5mz04dwlpl0h75v0c5w04qjpcb3fbpjk7hbslwgfwr7gviqyib"; - name = "kwidgetsaddons-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kwidgetsaddons-5.113.0.tar.xz"; + sha256 = "01rabfl2v5l9r3fgwgy75krib1486mdc4k3kfi035s6dvg8iy015"; + name = "kwidgetsaddons-5.113.0.tar.xz"; }; }; kwindowsystem = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kwindowsystem-5.112.0.tar.xz"; - sha256 = "08ihg6zq979h4v6c157n80pi3cfsg9w9qiyqaw3h79365zji73j1"; - name = "kwindowsystem-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kwindowsystem-5.113.0.tar.xz"; + sha256 = "1hzavawsl14rsl9qb874zahvsvkrbcin7fg1xn1d7ssypphlis51"; + name = "kwindowsystem-5.113.0.tar.xz"; }; }; kxmlgui = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/kxmlgui-5.112.0.tar.xz"; - sha256 = "17jsqzxn5wgwsm3lrfgdygyzvqibzv9vfgg11s2gc5bq9x4s0j8g"; - name = "kxmlgui-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/kxmlgui-5.113.0.tar.xz"; + sha256 = "022l557z9jgrz2hj8hh9z7cjkvfhl5rdp81jhk2gd3wzmyf5zzmq"; + name = "kxmlgui-5.113.0.tar.xz"; }; }; kxmlrpcclient = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/portingAids/kxmlrpcclient-5.112.0.tar.xz"; - sha256 = "09zwgrh336bk5cfab2zcdzcfdzjvlqa47ljfrciyh4h8m5f7y12h"; - name = "kxmlrpcclient-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/portingAids/kxmlrpcclient-5.113.0.tar.xz"; + sha256 = "141vlxxnyll5q0wg2va5prg0wf0hpymlzfkg37h1ngjwjs2x2yc1"; + name = "kxmlrpcclient-5.113.0.tar.xz"; }; }; modemmanager-qt = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/modemmanager-qt-5.112.0.tar.xz"; - sha256 = "0323zp03wj4ignfc94qg89h3j4qmh3mkdac5snr1axjaaf6sk6w8"; - name = "modemmanager-qt-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/modemmanager-qt-5.113.0.tar.xz"; + sha256 = "069irg7ckws06qzq5mwkxvzx4r2xqwagwif6dq284hjihrz38l8b"; + name = "modemmanager-qt-5.113.0.tar.xz"; }; }; networkmanager-qt = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/networkmanager-qt-5.112.0.tar.xz"; - sha256 = "1larg78j7rlbbscv04imc1k6f1srapr2yrbyxif38d4iipfg04f9"; - name = "networkmanager-qt-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/networkmanager-qt-5.113.0.tar.xz"; + sha256 = "03wdbw6dr9a49qcs1j2lm9q894rvdl8xqjpwm3yrrjb866yyhcg1"; + name = "networkmanager-qt-5.113.0.tar.xz"; }; }; - oxygen-icons5 = { - version = "5.112.0"; + oxygen-icons = { + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/oxygen-icons5-5.112.0.tar.xz"; - sha256 = "0yw2mixy5p8pw9866rfr0wcjhvilznakd0h6934svv0dk3lv054a"; - name = "oxygen-icons5-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/oxygen-icons-5.113.0.tar.xz"; + sha256 = "0grdn0gz59lfp4n5mmlan71x3iwgm87dnhk8mla02dn7hv0fl0xx"; + name = "oxygen-icons-5.113.0.tar.xz"; }; }; plasma-framework = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/plasma-framework-5.112.0.tar.xz"; - sha256 = "0nq8dzqk1hxzm8yngzgm9zqw8155fy38zq6k3613af5mgj7jmdhj"; - name = "plasma-framework-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/plasma-framework-5.113.0.tar.xz"; + sha256 = "0iijawnh9ri1n6qgdrraf3lq5sy7z0jy5ihmfzk22pn10ba992ky"; + name = "plasma-framework-5.113.0.tar.xz"; }; }; prison = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/prison-5.112.0.tar.xz"; - sha256 = "1blgs0k4kz3smsf0qb9y6krzbssyv1hbqvjc7qvk4qwk81qhyfvq"; - name = "prison-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/prison-5.113.0.tar.xz"; + sha256 = "18y4gxj5zml59a8i7gzr5cbbzi5wyknbva2ihfdpqf85vw3x2wdp"; + name = "prison-5.113.0.tar.xz"; }; }; purpose = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/purpose-5.112.0.tar.xz"; - sha256 = "1cqcmhbb26xypllmk3z4r0z8sw79idzz6nz72ahwa4ha0pqbl8p3"; - name = "purpose-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/purpose-5.113.0.tar.xz"; + sha256 = "0p5zcvrkaw71w8795x2a4lx3z977j6jcnwbi9wi1956gcx4avhhf"; + name = "purpose-5.113.0.tar.xz"; }; }; qqc2-desktop-style = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/qqc2-desktop-style-5.112.0.tar.xz"; - sha256 = "1k74vwj07xf3fjfj8ff9zx5ndzq5m3bdnj4zgymkxm1gk3r6gl5y"; - name = "qqc2-desktop-style-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/qqc2-desktop-style-5.113.0.tar.xz"; + sha256 = "0sk0sk7cq511m0rjmgsg1z8s4sy064qmbql472ljyblafm71wj6p"; + name = "qqc2-desktop-style-5.113.0.tar.xz"; }; }; solid = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/solid-5.112.0.tar.xz"; - sha256 = "0hpm5akhk24fzbg27p6ql598s5mxa6n8h359ajf45afabimhjx0y"; - name = "solid-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/solid-5.113.0.tar.xz"; + sha256 = "0vhhkn15axfvlwrf9np91hnipw1lb2x9zh0ajpngvxzcnj6kvn7r"; + name = "solid-5.113.0.tar.xz"; }; }; sonnet = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/sonnet-5.112.0.tar.xz"; - sha256 = "026iivz27d7v4kpwkl6qwbcqnd71kvg77szy91fch37iki7z6361"; - name = "sonnet-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/sonnet-5.113.0.tar.xz"; + sha256 = "17v3a2j0vhx7mzv0wfgqky248m57gasyv1xbjqpzjdr3x2f1zhy6"; + name = "sonnet-5.113.0.tar.xz"; }; }; syndication = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/syndication-5.112.0.tar.xz"; - sha256 = "03if949klq28kaf3xzcva917fqv7cn6pzjwsgymya3nc730kfsc8"; - name = "syndication-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/syndication-5.113.0.tar.xz"; + sha256 = "1nzcfk4qsjvrgci3vk78jjpbig61pm0y73h3qs83yld1zw3az3jx"; + name = "syndication-5.113.0.tar.xz"; }; }; syntax-highlighting = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/syntax-highlighting-5.112.0.tar.xz"; - sha256 = "1m88nfmf4kxliqkgm78f95yvsjv76xm2rmg92v9mg00r9d00y95h"; - name = "syntax-highlighting-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/syntax-highlighting-5.113.0.tar.xz"; + sha256 = "1blifnqikvrlkcskwjdk54mvh8yd4r0vzz282mi64w7alimlilgl"; + name = "syntax-highlighting-5.113.0.tar.xz"; }; }; threadweaver = { - version = "5.112.0"; + version = "5.113.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.112/threadweaver-5.112.0.tar.xz"; - sha256 = "1i3qj6qf0sv5pf8d5wx6gy11dqyp4x4b4759gwbhlrizkm4fa7f9"; - name = "threadweaver-5.112.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.113/threadweaver-5.113.0.tar.xz"; + sha256 = "1x7i7mdg5v22y04m720k9fqj7xagm8qnlssb1xjs9nj0aqif8jgp"; + name = "threadweaver-5.113.0.tar.xz"; }; }; } From 146c9cd213b26df8d361ce90cd2fa64a3c7e7626 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Wed, 8 Nov 2023 03:50:09 -0800 Subject: [PATCH 086/124] jbig2dec: fix cross jbig2dec's ./autogen.sh script expects to call ./configure itself, so any flags we want to have passed to ./configure (like --host) need to be passed to autogen.sh. The simple way to accomplish this is to simply set configureScript to autogen.sh. (cherry picked from commit f4c51495b73809304062bac1ee487297a707a4c0) --- pkgs/development/libraries/jbig2dec/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix index f89152820698d..13059088d25c0 100644 --- a/pkgs/development/libraries/jbig2dec/default.nix +++ b/pkgs/development/libraries/jbig2dec/default.nix @@ -19,6 +19,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoconf automake libtool ]; + # `autogen.sh` runs `configure`, and expects that any flags needed + # by `configure` (like `--host`) are passed to `autogen.sh`. + configureScript = "./autogen.sh"; + nativeCheckInputs = [ python3 ]; doCheck = true; From 8b4262cdd294cf6261876dc50c4bdbcc0580463c Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sun, 10 Dec 2023 13:20:22 +0100 Subject: [PATCH 087/124] glib: fix pkg-config tests These have been introduced in GLib 2.77.0: https://gitlab.gnome.org/GNOME/glib/-/commit/ade79bcb5006c33d6f644cfe41d22d14728e585f We missed them failing during the update because they are not build as a part of the main `glib` derivation. (cherry picked from commit f519398cea1e5b733416777b6cb441d73ccc46e9) --- .../libraries/glib/split-dev-programs.patch | 81 ++++++++++++++++--- 1 file changed, 69 insertions(+), 12 deletions(-) diff --git a/pkgs/development/libraries/glib/split-dev-programs.patch b/pkgs/development/libraries/glib/split-dev-programs.patch index f3497e6a78112..0333c5c9ca295 100644 --- a/pkgs/development/libraries/glib/split-dev-programs.patch +++ b/pkgs/development/libraries/glib/split-dev-programs.patch @@ -1,5 +1,5 @@ diff --git a/gio/gdbus-2.0/codegen/meson.build b/gio/gdbus-2.0/codegen/meson.build -index 65faae9..4297513 100644 +index 65faae9b2..4297513d4 100644 --- a/gio/gdbus-2.0/codegen/meson.build +++ b/gio/gdbus-2.0/codegen/meson.build @@ -20,7 +20,7 @@ gdbus_codegen_conf.set('DATADIR', glib_datadir) @@ -12,12 +12,12 @@ index 65faae9..4297513 100644 configuration : gdbus_codegen_conf ) diff --git a/gio/meson.build b/gio/meson.build -index b19c59f..3b20e84 100644 +index 75686bb3e..2f1a73482 100644 --- a/gio/meson.build +++ b/gio/meson.build -@@ -879,14 +879,15 @@ pkg.generate(libgio, - 'datadir=' + '${prefix}' / get_option('datadir'), +@@ -882,14 +882,15 @@ pkg.generate(libgio, 'schemasdir=' + '${datadir}' / schemas_subdir, + 'dtdsdir=' + '${datadir}' / dtds_subdir, 'bindir=' + '${prefix}' / get_option('bindir'), + 'devbindir=' + get_option('devbindir'), 'giomoduledir=' + pkgconfig_giomodulesdir, @@ -36,7 +36,7 @@ index b19c59f..3b20e84 100644 'gsettings=' + '${bindir}' / 'gsettings', ], version : glib_version, -@@ -989,6 +990,7 @@ executable('gio', gio_tool_sources, +@@ -992,6 +993,7 @@ executable('gio', gio_tool_sources, executable('gresource', 'gresource-tool.c', install : true, @@ -44,7 +44,7 @@ index b19c59f..3b20e84 100644 install_tag : 'bin', # intl.lib is not compatible with SAFESEH link_args : noseh_link_args, -@@ -996,7 +998,7 @@ executable('gresource', 'gresource-tool.c', +@@ -999,7 +1001,7 @@ executable('gresource', 'gresource-tool.c', gio_querymodules = executable('gio-querymodules', 'gio-querymodules.c', 'giomodule-priv.c', install : true, @@ -53,7 +53,7 @@ index b19c59f..3b20e84 100644 install_tag : 'bin', c_args : gio_c_args, # intl.lib is not compatible with SAFESEH -@@ -1006,7 +1008,7 @@ gio_querymodules = executable('gio-querymodules', 'gio-querymodules.c', 'giomodu +@@ -1009,7 +1011,7 @@ gio_querymodules = executable('gio-querymodules', 'gio-querymodules.c', 'giomodu glib_compile_schemas = executable('glib-compile-schemas', ['glib-compile-schemas.c'], install : true, @@ -62,7 +62,7 @@ index b19c59f..3b20e84 100644 install_tag : 'bin', # intl.lib is not compatible with SAFESEH link_args : noseh_link_args, -@@ -1015,6 +1017,7 @@ glib_compile_schemas = executable('glib-compile-schemas', +@@ -1018,6 +1020,7 @@ glib_compile_schemas = executable('glib-compile-schemas', glib_compile_resources = executable('glib-compile-resources', [gconstructor_as_data_h, 'glib-compile-resources.c'], install : true, @@ -70,8 +70,49 @@ index b19c59f..3b20e84 100644 install_tag : 'bin-devel', c_args : gio_c_args, # intl.lib is not compatible with SAFESEH +diff --git a/gio/tests/meson.build b/gio/tests/meson.build +index 4ef3343ab..2a0a6b56b 100644 +--- a/gio/tests/meson.build ++++ b/gio/tests/meson.build +@@ -1131,16 +1131,18 @@ if have_bash and have_pkg_config + + gio_binaries = [ + 'gio', +- 'glib-compile-resources', + 'gdbus', +- 'gdbus-codegen', +- 'gresource', + 'gsettings', + ] +- gio_multiarch_binaries = [ ++ gio_dev_binaries = [ ++ 'glib-compile-resources', ++ 'gdbus-codegen', ++ 'gresource', + 'gio-querymodules', + 'glib-compile-schemas', + ] ++ gio_multiarch_binaries = [ ++ ] + + foreach binary: gio_binaries + pkg_config_tests += [ +@@ -1149,6 +1151,13 @@ if have_bash and have_pkg_config + prefix / get_option('bindir') / binary) + ] + endforeach ++ foreach binary: gio_dev_binaries ++ pkg_config_tests += [ ++ 'test "$(pkg-config --variable=@0@ gio-2.0)" = "@1@"'.format( ++ binary.underscorify(), ++ prefix / get_option('devbindir') / binary) ++ ] ++ endforeach + + foreach binary: gio_multiarch_binaries + pkg_config_tests += [ diff --git a/glib/meson.build b/glib/meson.build -index c26a35e..38effe1 100644 +index c26a35e42..38effe12a 100644 --- a/glib/meson.build +++ b/glib/meson.build @@ -447,9 +447,10 @@ pkg.generate(libglib, @@ -105,8 +146,24 @@ index c26a35e..38effe1 100644 install_tag : 'bin-devel', configuration: report_conf, install_mode: 'rwxr-xr-x' +diff --git a/glib/tests/meson.build b/glib/tests/meson.build +index 09ecd5ab3..9748d4122 100644 +--- a/glib/tests/meson.build ++++ b/glib/tests/meson.build +@@ -508,9 +508,9 @@ if have_bash and have_pkg_config + 'test "$(pkg-config --variable=datadir glib-2.0)" = "@0@"'.format( + prefix / get_option('datadir')), + 'test "$(pkg-config --variable=gobject_query glib-2.0)" = "@0@"'.format( +- prefix / get_option('bindir') / 'gobject-query'), ++ prefix / get_option('devbindir') / 'gobject-query'), + 'test "$(pkg-config --variable=glib_mkenums glib-2.0)" = "@0@"'.format( +- prefix / get_option('bindir') / 'glib-mkenums'), ++ prefix / get_option('devbindir') / 'glib-mkenums'), + 'test "$(pkg-config --variable=glib_valgrind_suppressions glib-2.0)" = "@0@"'.format( + prefix / get_option('datadir') / + valgrind_suppression_file_install_subdir / fs.name(valgrind_suppression_file)), diff --git a/gobject/meson.build b/gobject/meson.build -index 2129aaf..da84624 100644 +index 2129aaf8a..da8462428 100644 --- a/gobject/meson.build +++ b/gobject/meson.build @@ -94,7 +94,7 @@ foreach tool: python_tools @@ -127,7 +184,7 @@ index 2129aaf..da84624 100644 dependencies : [libglib_dep, libgobject_dep]) diff --git a/meson_options.txt b/meson_options.txt -index 517d575..198cc1b 100644 +index 517d5757c..198cc1b3c 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,6 +4,11 @@ option('runtime_libdir', @@ -143,7 +200,7 @@ index 517d575..198cc1b 100644 type : 'string', value : '', diff --git a/tools/meson.build b/tools/meson.build -index 257312e..f831539 100644 +index 257312ebf..f8315392b 100644 --- a/tools/meson.build +++ b/tools/meson.build @@ -8,7 +8,7 @@ if have_sh From c675a307d1b5b2f9622276427358031f755dec50 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 9 Dec 2023 11:18:16 +0000 Subject: [PATCH 088/124] =?UTF-8?q?glib:=202.78.1=20=E2=86=92=202.78.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.3 https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.2 https://gitlab.gnome.org/GNOME/glib/-/compare/2.78.1...2.78.3 (cherry picked from commit 5624132b80f967f619c26298ddc36c732cf47f4c) --- pkgs/development/libraries/glib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index c11f6b8432bc7..b02d38f0a813b 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -50,11 +50,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.78.1"; + version = "2.78.3"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - sha256 = "kVvD0PhQfWUOrTgy4vj7Zw/OWarE13VKfatvHm/teLI="; + sha256 = "YJgB3Tc3luUVlyv5X8Cy2qRFRUge4vRlxPIE0iSyvCE="; }; patches = lib.optionals stdenv.isDarwin [ From cca01fbf353fd5ead3212faadd12ccd07d320662 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Dec 2023 06:57:38 -0800 Subject: [PATCH 089/124] sharutils: Fix static build on macOS This is needed by nixStatic (via libarchive). (cherry picked from commit 17d12f1bc1df0e0988d3ef08394f6b4f0eb780f1) --- pkgs/tools/archivers/sharutils/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index c504ed8f16e1f..002854e045d22 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -58,6 +58,9 @@ stdenv.mkDerivation rec { substituteInPlace intl/Makefile.in --replace "AR = ar" "" ''; + # Workaround to fix the static build on macOS. + NIX_CFLAGS_COMPILE = "-Wno-implicit-function-declaration"; + doCheck = true; meta = with lib; { From 67972307a47b4b7805f7309890c7a4d9f78e72e6 Mon Sep 17 00:00:00 2001 From: Rebecca Turner Date: Mon, 18 Dec 2023 12:04:36 -0800 Subject: [PATCH 090/124] lib: `modules.sh` should check JSON output for predictability Currently, the `lib/tests/modules.sh` test checks the output of `nix-instantiate --eval` without `--json`, which outputs an unspecified human-readable format. This patch modifies `modules.sh` to use the `--json` output instead, to be robust against future changes to `nix-instantiate` output. --- lib/tests/modules.sh | 28 +++++++++---------- lib/tests/modules/raw.nix | 5 +++- .../modules/types-anything/equal-atoms.nix | 4 +-- .../modules/types-anything/functions.nix | 4 +++ 4 files changed, 24 insertions(+), 17 deletions(-) diff --git a/lib/tests/modules.sh b/lib/tests/modules.sh index 0eb976c1f4978..ffef62cfddcab 100755 --- a/lib/tests/modules.sh +++ b/lib/tests/modules.sh @@ -24,14 +24,14 @@ evalConfig() { local attr=$1 shift local script="import ./default.nix { modules = [ $* ];}" - nix-instantiate --timeout 1 -E "$script" -A "$attr" --eval-only --show-trace --read-write-mode + nix-instantiate --timeout 1 -E "$script" -A "$attr" --eval-only --show-trace --read-write-mode --json } reportFailure() { local attr=$1 shift local script="import ./default.nix { modules = [ $* ];}" - echo 2>&1 "$ nix-instantiate -E '$script' -A '$attr' --eval-only" + echo 2>&1 "$ nix-instantiate -E '$script' -A '$attr' --eval-only --json" evalConfig "$attr" "$@" || true ((++fail)) } @@ -140,7 +140,7 @@ checkConfigOutput '^42$' config.value ./declare-either.nix ./define-value-int-po checkConfigOutput '^"24"$' config.value ./declare-either.nix ./define-value-string.nix # types.oneOf checkConfigOutput '^42$' config.value ./declare-oneOf.nix ./define-value-int-positive.nix -checkConfigOutput '^\[ \]$' config.value ./declare-oneOf.nix ./define-value-list.nix +checkConfigOutput '^\[\]$' config.value ./declare-oneOf.nix ./define-value-list.nix checkConfigOutput '^"24"$' config.value ./declare-oneOf.nix ./define-value-string.nix # Check mkForce without submodules. @@ -320,7 +320,7 @@ checkConfigOutput '^"24"$' config.value ./freeform-attrsOf.nix ./define-value-st # Shorthand modules interpret `meta` and `class` as config items checkConfigOutput '^true$' options._module.args.value.result ./freeform-attrsOf.nix ./define-freeform-keywords-shorthand.nix # No freeform assignments shouldn't make it error -checkConfigOutput '^{ }$' config ./freeform-attrsOf.nix +checkConfigOutput '^{}$' config ./freeform-attrsOf.nix # but only if the type matches checkConfigError 'A definition for option .* is not of type .*' config.value ./freeform-attrsOf.nix ./define-value-list.nix # and properties should be applied @@ -358,19 +358,19 @@ checkConfigError 'The option .* has conflicting definitions' config.value ./type checkConfigOutput '^0$' config.value.int ./types-anything/equal-atoms.nix checkConfigOutput '^false$' config.value.bool ./types-anything/equal-atoms.nix checkConfigOutput '^""$' config.value.string ./types-anything/equal-atoms.nix -checkConfigOutput '^/$' config.value.path ./types-anything/equal-atoms.nix +checkConfigOutput '^"/[^"]+"$' config.value.path ./types-anything/equal-atoms.nix checkConfigOutput '^null$' config.value.null ./types-anything/equal-atoms.nix checkConfigOutput '^0.1$' config.value.float ./types-anything/equal-atoms.nix # Functions can't be merged together checkConfigError "The option .value.multiple-lambdas.. has conflicting option types" config.applied.multiple-lambdas ./types-anything/functions.nix -checkConfigOutput '^$' config.value.single-lambda ./types-anything/functions.nix +checkConfigOutput '^true$' config.valueIsFunction.single-lambda ./types-anything/functions.nix checkConfigOutput '^null$' config.applied.merging-lambdas.x ./types-anything/functions.nix checkConfigOutput '^null$' config.applied.merging-lambdas.y ./types-anything/functions.nix # Check that all mk* modifiers are applied checkConfigError 'attribute .* not found' config.value.mkiffalse ./types-anything/mk-mods.nix -checkConfigOutput '^{ }$' config.value.mkiftrue ./types-anything/mk-mods.nix +checkConfigOutput '^{}$' config.value.mkiftrue ./types-anything/mk-mods.nix checkConfigOutput '^1$' config.value.mkdefault ./types-anything/mk-mods.nix -checkConfigOutput '^{ }$' config.value.mkmerge ./types-anything/mk-mods.nix +checkConfigOutput '^{}$' config.value.mkmerge ./types-anything/mk-mods.nix checkConfigOutput '^true$' config.value.mkbefore ./types-anything/mk-mods.nix checkConfigOutput '^1$' config.value.nested.foo ./types-anything/mk-mods.nix checkConfigOutput '^"baz"$' config.value.nested.bar.baz ./types-anything/mk-mods.nix @@ -390,16 +390,16 @@ checkConfigOutput '^"a b y z"$' config.resultFooBar ./declare-variants.nix ./def checkConfigOutput '^"a b c"$' config.resultFooFoo ./declare-variants.nix ./define-variant.nix ## emptyValue's -checkConfigOutput "[ ]" config.list.a ./emptyValues.nix -checkConfigOutput "{ }" config.attrs.a ./emptyValues.nix +checkConfigOutput "\[\]" config.list.a ./emptyValues.nix +checkConfigOutput "{}" config.attrs.a ./emptyValues.nix checkConfigOutput "null" config.null.a ./emptyValues.nix -checkConfigOutput "{ }" config.submodule.a ./emptyValues.nix +checkConfigOutput "{}" config.submodule.a ./emptyValues.nix # These types don't have empty values checkConfigError 'The option .int.a. is used but not defined' config.int.a ./emptyValues.nix checkConfigError 'The option .nonEmptyList.a. is used but not defined' config.nonEmptyList.a ./emptyValues.nix ## types.raw -checkConfigOutput "{ foo = ; }" config.unprocessedNesting ./raw.nix +checkConfigOutput '^true$' config.unprocessedNestingEvaluates.success ./raw.nix checkConfigOutput "10" config.processedToplevel ./raw.nix checkConfigError "The option .multiple. is defined multiple times" config.multiple ./raw.nix checkConfigOutput "bar" config.priorities ./raw.nix @@ -433,13 +433,13 @@ checkConfigOutput 'ok' config.freeformItems.foo.bar ./adhoc-freeformType-survive checkConfigOutput '^1$' config.sub.specialisation.value ./extendModules-168767-imports.nix # Class checks, evalModules -checkConfigOutput '^{ }$' config.ok.config ./class-check.nix +checkConfigOutput '^{}$' config.ok.config ./class-check.nix checkConfigOutput '"nixos"' config.ok.class ./class-check.nix checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.fail.config ./class-check.nix checkConfigError 'The module foo.nix#darwinModules.default was imported into nixos instead of darwin.' config.fail-anon.config ./class-check.nix # Class checks, submoduleWith -checkConfigOutput '^{ }$' config.sub.nixosOk ./class-check.nix +checkConfigOutput '^{}$' config.sub.nixosOk ./class-check.nix checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.sub.nixosFail.config ./class-check.nix # submoduleWith type merge with different class diff --git a/lib/tests/modules/raw.nix b/lib/tests/modules/raw.nix index 418e671ed0766..9eb7c5ce8f21a 100644 --- a/lib/tests/modules/raw.nix +++ b/lib/tests/modules/raw.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, config, ... }: { options = { processedToplevel = lib.mkOption { @@ -13,6 +13,9 @@ priorities = lib.mkOption { type = lib.types.raw; }; + unprocessedNestingEvaluates = lib.mkOption { + default = builtins.tryEval config.unprocessedNesting; + }; }; config = { diff --git a/lib/tests/modules/types-anything/equal-atoms.nix b/lib/tests/modules/types-anything/equal-atoms.nix index 972711201a095..9925cfd608928 100644 --- a/lib/tests/modules/types-anything/equal-atoms.nix +++ b/lib/tests/modules/types-anything/equal-atoms.nix @@ -9,7 +9,7 @@ value.int = 0; value.bool = false; value.string = ""; - value.path = /.; + value.path = ./.; value.null = null; value.float = 0.1; } @@ -17,7 +17,7 @@ value.int = 0; value.bool = false; value.string = ""; - value.path = /.; + value.path = ./.; value.null = null; value.float = 0.1; } diff --git a/lib/tests/modules/types-anything/functions.nix b/lib/tests/modules/types-anything/functions.nix index 21edd4aff9c44..3288b64f9b7eb 100644 --- a/lib/tests/modules/types-anything/functions.nix +++ b/lib/tests/modules/types-anything/functions.nix @@ -1,5 +1,9 @@ { lib, config, ... }: { + options.valueIsFunction = lib.mkOption { + default = lib.mapAttrs (name: lib.isFunction) config.value; + }; + options.value = lib.mkOption { type = lib.types.anything; }; From 5d919551a4d8499d3fd053360ac28c5ff9e165f6 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 16 Dec 2023 12:28:29 +0000 Subject: [PATCH 091/124] libsass: add patch for CVE-2022-26592, CVE-2022-43357 & CVE-2022-43358 (cherry picked from commit 38d918c0fe7b659070fd5818ab3e361807aca28b) --- pkgs/development/libraries/libsass/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libsass/default.nix b/pkgs/development/libraries/libsass/default.nix index 92f3853b5f719..64abe68afbe2e 100644 --- a/pkgs/development/libraries/libsass/default.nix +++ b/pkgs/development/libraries/libsass/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook +{ lib, stdenv, fetchFromGitHub, autoreconfHook, fetchpatch , testers }: @@ -18,6 +18,14 @@ stdenv.mkDerivation (finalAttrs: { ''; }; + patches = [ + (fetchpatch { + name = "CVE-2022-26592.CVE-2022-43357.CVE-2022-43358.patch"; + url = "https://github.com/sass/libsass/pull/3184/commits/5bb0ea0c4b2ebebe542933f788ffacba459a717a.patch"; + hash = "sha256-DR6pKFWL70uJt//drzq34LeTzT8rUqgUTpgfUHpD2s4="; + }) + ]; + preConfigure = '' export LIBSASS_VERSION=${finalAttrs.version} ''; From 2444e35e719943c1473642727b2edb8982a4b19d Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 16 Dec 2023 15:20:05 +0000 Subject: [PATCH 092/124] libsass: add some key reverse-dependencies to passthru.tests (cherry picked from commit 328542368f1a39b1725a4af0e1b348770ee23b5f) --- pkgs/development/libraries/libsass/default.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libsass/default.nix b/pkgs/development/libraries/libsass/default.nix index 64abe68afbe2e..57e58adb8c7e2 100644 --- a/pkgs/development/libraries/libsass/default.nix +++ b/pkgs/development/libraries/libsass/default.nix @@ -1,5 +1,14 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, fetchpatch +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, autoreconfHook , testers + +# for passthru.tests +, gtk3 +, gtk4 +, sassc }: stdenv.mkDerivation (finalAttrs: { @@ -32,7 +41,10 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ autoreconfHook ]; - passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + passthru.tests = { + inherit gtk3 gtk4 sassc; + pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + }; meta = with lib; { description = "A C/C++ implementation of a Sass compiler"; From 7e68d921ac0d1fc4b778e1e185940d3aa91f12c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 18 Dec 2023 20:42:00 +0100 Subject: [PATCH 093/124] libssh: 0.10.5 -> 0.10.6 (cherry picked from commit 6557e130ae796b35cca9bc183a6db94d1f7ae7b2) --- pkgs/development/libraries/libssh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/libssh/default.nix b/pkgs/development/libraries/libssh/default.nix index 00cb7e042c970..15f8fab508896 100644 --- a/pkgs/development/libraries/libssh/default.nix +++ b/pkgs/development/libraries/libssh/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "libssh"; - version = "0.10.5"; + version = "0.10.6"; src = fetchurl { - url = "https://www.libssh.org/files/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "sha256-tg4v9/Nnue7itWNNOmMwPd/t4OahjfyojESodw5+QjQ="; + url = "https://www.libssh.org/files/${lib.versions.majorMinor version}/libssh-${version}.tar.xz"; + hash = "sha256-GGHUmPW28XQbarxz5ghHhJHtz5ydS2Yw7vbnRZbencE="; }; # Do not split 'dev' output until lib/cmake/libssh/libssh-config.cmake From b6530696c23e23f1dbae65c289f265ac34b0201a Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Sun, 17 Dec 2023 17:53:12 +0200 Subject: [PATCH 094/124] jbig2dec: fix cross-compilation (cherry picked from commit 3d69cf4bdda871fc03033a2fddd4a601bf097b5a) --- pkgs/development/libraries/jbig2dec/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix index 13059088d25c0..af99944dae721 100644 --- a/pkgs/development/libraries/jbig2dec/default.nix +++ b/pkgs/development/libraries/jbig2dec/default.nix @@ -13,10 +13,6 @@ stdenv.mkDerivation rec { patchShebangs test_jbig2dec.py ''; - preConfigure = '' - ./autogen.sh - ''; - nativeBuildInputs = [ autoconf automake libtool ]; # `autogen.sh` runs `configure`, and expects that any flags needed From 3ad52ce38d31ce0fbba39d76fe99048dda71334b Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:51:25 -0500 Subject: [PATCH 095/124] gst_all_1.gstreamer: 1.22.7 -> 1.22.8 (cherry picked from commit 4170b881913001198dc3f7b06550511fde4d73ca) --- pkgs/development/libraries/gstreamer/core/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/core/default.nix b/pkgs/development/libraries/gstreamer/core/default.nix index 6a44f3e01a278..9979184b089a8 100644 --- a/pkgs/development/libraries/gstreamer/core/default.nix +++ b/pkgs/development/libraries/gstreamer/core/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gstreamer"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "bin" @@ -36,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-AeQsY1Kga9+kRW5ksGq32YxcSHolVXx2FVRjHL2mQhc="; + hash = "sha256-rU49sXcRObHbF7Gvp8BdsIOuAQC9TaJEtx8WLczkG/w="; }; depsBuildBuild = [ From 6856c3dbad01b4ab8781cbdfe7d205d5e9d9e57d Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:51:41 -0500 Subject: [PATCH 096/124] gst_all_1.gst-plugins-base: 1.22.7 -> 1.22.8 (cherry picked from commit c82bdc72727718f3bcbb744d977720bdc2a579c2) --- pkgs/development/libraries/gstreamer/base/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix index e87555fef57b5..c68693681ee13 100644 --- a/pkgs/development/libraries/gstreamer/base/default.nix +++ b/pkgs/development/libraries/gstreamer/base/default.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gst-plugins-base"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "out" "dev" ]; @@ -53,7 +53,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-YlGeDY+Wnr9iqaeZby0j792jMCF6Y19KMsC/HHFXdGg="; + hash = "sha256-62eS5cc8be+5FZw26m5LeKL4r2USZ4tL07AsjS1JKs8="; }; strictDeps = true; From 2c7a093bcbf77d69337969788dbd2dc7f88c2ce1 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:51:47 -0500 Subject: [PATCH 097/124] gst_all_1.gst-plugins-good: 1.22.7 -> 1.22.8 (cherry picked from commit 563bfbdd452b16e7fd976d225c081a9382c05e70) --- pkgs/development/libraries/gstreamer/good/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix index 7e4c7d77363d9..6bea243146953 100644 --- a/pkgs/development/libraries/gstreamer/good/default.nix +++ b/pkgs/development/libraries/gstreamer/good/default.nix @@ -54,13 +54,13 @@ assert raspiCameraSupport -> (stdenv.isLinux && stdenv.isAarch32); stdenv.mkDerivation rec { pname = "gst-plugins-good"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-ttsOGOOYtSZlt83OMBw0qHUEg9X0+6we3p+AsDdDzRU="; + hash = "sha256-4wW58H9SdDykgdoKTgx2w179YK2vGwaU6zuwIeITfjk="; }; strictDeps = true; From db4e6880e59dde84e7cf71b9680f3ff2fff64faa Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:51:53 -0500 Subject: [PATCH 098/124] gst_all_1.gst-plugins-bad: 1.22.7 -> 1.22.8 (cherry picked from commit 7c6ca28ba7c8063a0d5c02d50dc1d6da3ef6d1ab) --- pkgs/development/libraries/gstreamer/bad/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix index 2874f0d2fa049..7706975ca0566 100644 --- a/pkgs/development/libraries/gstreamer/bad/default.nix +++ b/pkgs/development/libraries/gstreamer/bad/default.nix @@ -109,13 +109,13 @@ stdenv.mkDerivation rec { pname = "gst-plugins-bad"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-xxb43/qPrD+2RpQa8cbscv/wWgRRMTEb8tBJ/ch7zi4="; + hash = "sha256-RYeD+CNgaJkePilu3Wccjt24vm+skzwcLhUDRihk6g8="; }; patches = [ From c81c6a1344c2f227a24bc8acff5851dfa5f6b112 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:51:59 -0500 Subject: [PATCH 099/124] gst_all_1.gst-plugins-ugly: 1.22.7 -> 1.22.8 (cherry picked from commit 1af15f27d8a8bece35c3e332cd7bed88d6c0ca47) --- pkgs/development/libraries/gstreamer/ugly/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/ugly/default.nix b/pkgs/development/libraries/gstreamer/ugly/default.nix index b92bb9dc0d4cf..cc78a6ec0f805 100644 --- a/pkgs/development/libraries/gstreamer/ugly/default.nix +++ b/pkgs/development/libraries/gstreamer/ugly/default.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "gst-plugins-ugly"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-UgtGvKY3GJrYaimP8kWy2JN128rIsF102uqRD4Gp6do="; + hash = "sha256-B2HZa6UI4BwCcYgbJoKMK//X2K/VCHIhnwiPdVslLKc="; }; nativeBuildInputs = [ From e22914ab4702eb4e1302c8b4656cb7400d4e2e6b Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:52:07 -0500 Subject: [PATCH 100/124] gst_all_1.gst-libav: 1.22.7 -> 1.22.8 (cherry picked from commit b915ca4f8b76e75b68beb9b7fd5930f7ee44f62c) --- pkgs/development/libraries/gstreamer/libav/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix index c183f8ee48a2d..f3dfac82c799a 100644 --- a/pkgs/development/libraries/gstreamer/libav/default.nix +++ b/pkgs/development/libraries/gstreamer/libav/default.nix @@ -18,11 +18,11 @@ stdenv.mkDerivation rec { pname = "gst-libav"; - version = "1.22.7"; + version = "1.22.8"; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-FSW5FxQbiV/lz2GP6IZ2IrJSgnigKG6fcntfNzF9rKE="; + hash = "sha256-vjk0m8B6tM29ml/W6phIxgHHVguloFd61SALg71CSYE="; }; outputs = [ "out" "dev" ]; From 07938bb7012db9afe5319ebdac9f428b9cad359f Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:52:37 -0500 Subject: [PATCH 101/124] gst_all_1.gst-vaapi: 1.22.7 -> 1.22.8 (cherry picked from commit db95fdd9d102e149453ab45da3a7d162a15cccdb) --- pkgs/development/libraries/gstreamer/vaapi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/vaapi/default.nix b/pkgs/development/libraries/gstreamer/vaapi/default.nix index b779d132210d3..b3a7142edae95 100644 --- a/pkgs/development/libraries/gstreamer/vaapi/default.nix +++ b/pkgs/development/libraries/gstreamer/vaapi/default.nix @@ -24,11 +24,11 @@ stdenv.mkDerivation rec { pname = "gstreamer-vaapi"; - version = "1.22.7"; + version = "1.22.8"; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-Dp//douJ3m0xizQUbk54HYK5oPQCXcVBssg0nHvLf2c="; + hash = "sha256-Epi6NHpwxCuIzev5G2Wf6gKxu3Jp6r+OKePAvVgniSg="; }; outputs = [ From a1d589d51f572bfcee6b1138dd01a1ddf15f98ea Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:52:46 -0500 Subject: [PATCH 102/124] gst_all_1.gst-rtsp-server: 1.22.7 -> 1.22.8 (cherry picked from commit 882b089f66763a1501a008a3622b5cace665f71a) --- pkgs/development/libraries/gstreamer/rtsp-server/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/rtsp-server/default.nix b/pkgs/development/libraries/gstreamer/rtsp-server/default.nix index 1420a438b6f6d..6b0dfcc8598f1 100644 --- a/pkgs/development/libraries/gstreamer/rtsp-server/default.nix +++ b/pkgs/development/libraries/gstreamer/rtsp-server/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "gst-rtsp-server"; - version = "1.22.7"; + version = "1.22.8"; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-9/rAAeIK0h420YOXdBxGV8XUNXHrHMO0n5qTrhJ9yI8="; + hash = "sha256-cFF3BRwimXbxca3Nerl2Kua8xLt33DCKC9gKY9psM38="; }; outputs = [ From 07b08f0053d3b332a7be477396b9dde596da5fa2 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:52:56 -0500 Subject: [PATCH 103/124] gst_all_1.gst-devtools: 1.22.7 -> 1.22.8 (cherry picked from commit 7dd0126f371ee16e15dbcfcce167381b5d827a6a) --- pkgs/development/libraries/gstreamer/devtools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/devtools/default.nix b/pkgs/development/libraries/gstreamer/devtools/default.nix index 87097dddd8d3a..6ce4723b5a325 100644 --- a/pkgs/development/libraries/gstreamer/devtools/default.nix +++ b/pkgs/development/libraries/gstreamer/devtools/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "gst-devtools"; - version = "1.22.7"; + version = "1.22.8"; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-FXz5P7J0HPDD3qcxvjry/65wPJ8s08DJGzgPvGheufk="; + hash = "sha256-zWNAVvyxbQNbPfWVPsha6L1Wxo8pkgtyDvkgynHqdqc="; }; outputs = [ From b181af2add7f02f54a5080a1044a32f9af8c4ac9 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:53:12 -0500 Subject: [PATCH 104/124] gst_all_1.gst-editing-services: 1.22.7 -> 1.22.8 (cherry picked from commit efb9517701c82ef3f37a5d15f128c7591ff6fa3e) --- pkgs/development/libraries/gstreamer/ges/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/ges/default.nix b/pkgs/development/libraries/gstreamer/ges/default.nix index 764bd78c083ae..317fc4e537286 100644 --- a/pkgs/development/libraries/gstreamer/ges/default.nix +++ b/pkgs/development/libraries/gstreamer/ges/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { pname = "gst-editing-services"; - version = "1.22.7"; + version = "1.22.8"; outputs = [ "out" @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-/sVqLDeiU80EjSiNTH7abv8ZECKwnbl14HosEF0bUh4="; + hash = "sha256-0dXnXhkOsL4/1JQJ5Bo6qOaM+03qpzU0iFVGdJVs0d8="; }; nativeBuildInputs = [ From 526607c2123dc870ee7b5818464c9383d24b0e96 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Fri, 22 Dec 2023 10:53:26 -0500 Subject: [PATCH 105/124] python311Packages.gst-python: 1.22.7 -> 1.22.8 (cherry picked from commit 8bf40f427761a3a75dcdaf2f79793c13493f06d8) --- pkgs/development/python-modules/gst-python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/gst-python/default.nix b/pkgs/development/python-modules/gst-python/default.nix index 16f99016fed34..e8d286b9cb72d 100644 --- a/pkgs/development/python-modules/gst-python/default.nix +++ b/pkgs/development/python-modules/gst-python/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "gst-python"; - version = "1.22.7"; + version = "1.22.8"; format = "other"; @@ -22,7 +22,7 @@ buildPythonPackage rec { src = fetchurl { url = "${meta.homepage}/src/gst-python/${pname}-${version}.tar.xz"; - hash = "sha256-HvjfdggBL6RpMpeZyVDsCHc3ptq60wA8IwZYtYxxAXI="; + hash = "sha256-1cuPFEBUoqEQ5mcr1RLksV1bG42YecGSuXI1Ne+3C48="; }; # Python 2.x is not supported. From 82f2336af01b785970c5f858613ef4010f614c76 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 23 Nov 2023 21:14:50 -0500 Subject: [PATCH 106/124] hotdoc: fix clang header finding with llvm 16 (cherry picked from commit 0e0f557a20ac6164e67c0688ddefaa9bad433c80) --- pkgs/development/tools/hotdoc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/hotdoc/default.nix b/pkgs/development/tools/hotdoc/default.nix index 6758f1b44e9b2..4f58f961b9f84 100644 --- a/pkgs/development/tools/hotdoc/default.nix +++ b/pkgs/development/tools/hotdoc/default.nix @@ -100,7 +100,7 @@ buildPythonApplication rec { postPatch = '' substituteInPlace hotdoc/extensions/c/c_extension.py \ --replace "shutil.which('llvm-config')" 'True' \ - --replace "subprocess.check_output(['llvm-config', '--version']).strip().decode()" '"${llvmPackages.libclang.version}"' \ + --replace "subprocess.check_output(['llvm-config', '--version']).strip().decode()" '"${lib.versions.major llvmPackages.libclang.version}"' \ --replace "subprocess.check_output(['llvm-config', '--prefix']).strip().decode()" '"${llvmPackages.libclang.lib}"' \ --replace "subprocess.check_output(['llvm-config', '--libdir']).strip().decode()" '"${llvmPackages.libclang.lib}/lib"' ''; From 0cb9d61b8dd346726aa9f2a2c912f5e9eabd6afd Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 1 Dec 2023 16:21:08 +0000 Subject: [PATCH 107/124] libimobiledevice: pull upstream fix for `clang-16` support Without the change the build fails on `clang-16` and upcoming `gcc-14` as: $ nix build --impure --expr 'with import ./. {}; libimobiledevice.override { stdenv = clangStdenv; }' -L ... libimobiledevice> #define __usleep(x) usleep(x) libimobiledevice> ^ libimobiledevice> idevicedevmodectl.c:416:6: error: call to undeclared function 'usleep'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] (cherry picked from commit fbc7955d726169ae9a12c337ef0519a69dcf8edb) --- .../libraries/libimobiledevice/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix index 0006491003130..a229bb1fef084 100644 --- a/pkgs/development/libraries/libimobiledevice/default.nix +++ b/pkgs/development/libraries/libimobiledevice/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , pkg-config , openssl @@ -26,6 +27,16 @@ stdenv.mkDerivation rec { hash = "sha256-mIsB+EaGJlGMOpz3OLrs0nAmhOY1BwMs83saFBaejwc="; }; + patches = [ + # Pull upstream fix for clang-16 and upcoming gcc-14 support: + # https://github.com/libimobiledevice/libimobiledevice/pull/1444 + (fetchpatch { + name = "usleep-decl.patch"; + url = "https://github.com/libimobiledevice/libimobiledevice/commit/db623184c0aa09c27697f5a2e81025db223075d5.patch"; + hash = "sha256-TgdgBkEDXzQDSgJxcZc+pZncfmBVXarhHOByGFs6p0Q="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config From 0ea36487f17bf57d78f5ce003962eefb87418cf2 Mon Sep 17 00:00:00 2001 From: Leona Maroni Date: Wed, 20 Dec 2023 14:04:09 +0100 Subject: [PATCH 108/124] libssh2: apply patch for CVE-2023-48795 (cherry picked from commit 1bfeb1412bfce712a489c4f1b4a32466320fedd0) --- .../libraries/libssh2/CVE-2023-48795.patch | 459 ++++++++++++++++++ .../development/libraries/libssh2/default.nix | 6 + 2 files changed, 465 insertions(+) create mode 100644 pkgs/development/libraries/libssh2/CVE-2023-48795.patch diff --git a/pkgs/development/libraries/libssh2/CVE-2023-48795.patch b/pkgs/development/libraries/libssh2/CVE-2023-48795.patch new file mode 100644 index 0000000000000..c89e4a137b721 --- /dev/null +++ b/pkgs/development/libraries/libssh2/CVE-2023-48795.patch @@ -0,0 +1,459 @@ +From d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a Mon Sep 17 00:00:00 2001 +From: Michael Buckley +Date: Thu, 30 Nov 2023 15:08:02 -0800 +Subject: [PATCH] src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" + +Refs: +https://terrapin-attack.com/ +https://seclists.org/oss-sec/2023/q4/292 +https://osv.dev/list?ecosystem=&q=CVE-2023-48795 +https://github.com/advisories/GHSA-45x7-px36-x8w8 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 + +Fixes #1290 +Closes #1291 +--- + src/kex.c | 63 +++++++++++++++++++++++------------ + src/libssh2_priv.h | 18 +++++++--- + src/packet.c | 83 +++++++++++++++++++++++++++++++++++++++++++--- + src/packet.h | 2 +- + src/session.c | 3 ++ + src/transport.c | 12 ++++++- + 6 files changed, 149 insertions(+), 32 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index 8e7b7f0af3..a7b301e157 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -3032,6 +3032,13 @@ kex_method_extension_negotiation = { + 0, + }; + ++static const LIBSSH2_KEX_METHOD ++kex_method_strict_client_extension = { ++ "kex-strict-c-v00@openssh.com", ++ NULL, ++ 0, ++}; ++ + static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + #if LIBSSH2_ED25519 + &kex_method_ssh_curve25519_sha256, +@@ -3050,6 +3057,7 @@ static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + &kex_method_diffie_helman_group1_sha1, + &kex_method_diffie_helman_group_exchange_sha1, + &kex_method_extension_negotiation, ++ &kex_method_strict_client_extension, + NULL + }; + +@@ -3302,13 +3310,13 @@ static int kexinit(LIBSSH2_SESSION * session) + return 0; + } + +-/* kex_agree_instr ++/* _libssh2_kex_agree_instr + * Kex specific variant of strstr() + * Needle must be preceded by BOL or ',', and followed by ',' or EOL + */ +-static unsigned char * +-kex_agree_instr(unsigned char *haystack, size_t haystack_len, +- const unsigned char *needle, size_t needle_len) ++unsigned char * ++_libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len, ++ const unsigned char *needle, size_t needle_len) + { + unsigned char *s; + unsigned char *end_haystack; +@@ -3393,7 +3401,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + while(s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- if(kex_agree_instr(hostkey, hostkey_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(hostkey, hostkey_len, s, method_len)) { + const LIBSSH2_HOSTKEY_METHOD *method = + (const LIBSSH2_HOSTKEY_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3427,9 +3435,9 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + } + + while(hostkeyp && (*hostkeyp) && (*hostkeyp)->name) { +- s = kex_agree_instr(hostkey, hostkey_len, +- (unsigned char *) (*hostkeyp)->name, +- strlen((*hostkeyp)->name)); ++ s = _libssh2_kex_agree_instr(hostkey, hostkey_len, ++ (unsigned char *) (*hostkeyp)->name, ++ strlen((*hostkeyp)->name)); + if(s) { + /* So far so good, but does it suit our purposes? (Encrypting vs + Signing) */ +@@ -3463,6 +3471,12 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + { + const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods; + unsigned char *s; ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ ++ if(_libssh2_kex_agree_instr(kex, kex_len, strict, 28)) { ++ session->kex_strict = 1; ++ } + + if(session->kex_prefs) { + s = (unsigned char *) session->kex_prefs; +@@ -3470,7 +3484,7 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + while(s && *s) { + unsigned char *q, *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- q = kex_agree_instr(kex, kex_len, s, method_len); ++ q = _libssh2_kex_agree_instr(kex, kex_len, s, method_len); + if(q) { + const LIBSSH2_KEX_METHOD *method = (const LIBSSH2_KEX_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3504,9 +3518,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + } + + while(*kexp && (*kexp)->name) { +- s = kex_agree_instr(kex, kex_len, +- (unsigned char *) (*kexp)->name, +- strlen((*kexp)->name)); ++ s = _libssh2_kex_agree_instr(kex, kex_len, ++ (unsigned char *) (*kexp)->name, ++ strlen((*kexp)->name)); + if(s) { + /* We've agreed on a key exchange method, + * Can we agree on a hostkey that works with this kex? +@@ -3550,7 +3564,7 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(crypt, crypt_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) { + const LIBSSH2_CRYPT_METHOD *method = + (const LIBSSH2_CRYPT_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3572,9 +3586,9 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + } + + while(*cryptp && (*cryptp)->name) { +- s = kex_agree_instr(crypt, crypt_len, +- (unsigned char *) (*cryptp)->name, +- strlen((*cryptp)->name)); ++ s = _libssh2_kex_agree_instr(crypt, crypt_len, ++ (unsigned char *) (*cryptp)->name, ++ strlen((*cryptp)->name)); + if(s) { + endpoint->crypt = *cryptp; + return 0; +@@ -3614,7 +3628,7 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(mac, mac_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(mac, mac_len, s, method_len)) { + const LIBSSH2_MAC_METHOD *method = (const LIBSSH2_MAC_METHOD *) + kex_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) +@@ -3635,8 +3649,9 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + } + + while(*macp && (*macp)->name) { +- s = kex_agree_instr(mac, mac_len, (unsigned char *) (*macp)->name, +- strlen((*macp)->name)); ++ s = _libssh2_kex_agree_instr(mac, mac_len, ++ (unsigned char *) (*macp)->name, ++ strlen((*macp)->name)); + if(s) { + endpoint->mac = *macp; + return 0; +@@ -3667,7 +3682,7 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(comp, comp_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(comp, comp_len, s, method_len)) { + const LIBSSH2_COMP_METHOD *method = + (const LIBSSH2_COMP_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3689,8 +3704,9 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + } + + while(*compp && (*compp)->name) { +- s = kex_agree_instr(comp, comp_len, (unsigned char *) (*compp)->name, +- strlen((*compp)->name)); ++ s = _libssh2_kex_agree_instr(comp, comp_len, ++ (unsigned char *) (*compp)->name, ++ strlen((*compp)->name)); + if(s) { + endpoint->comp = *compp; + return 0; +@@ -3871,6 +3887,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3896,6 +3913,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3944,6 +3962,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->remote.kexinit = NULL; + } + ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + +diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h +index 7660366954..18d9ab2130 100644 +--- a/src/libssh2_priv.h ++++ b/src/libssh2_priv.h +@@ -736,6 +736,9 @@ struct _LIBSSH2_SESSION + /* key signing algorithm preferences -- NULL yields server order */ + char *sign_algo_prefs; + ++ /* Whether to use the OpenSSH Strict KEX extension */ ++ int kex_strict; ++ + /* (remote as source of data -- packet_read ) */ + libssh2_endpoint_data remote; + +@@ -908,6 +911,7 @@ struct _LIBSSH2_SESSION + int fullpacket_macstate; + size_t fullpacket_payload_len; + int fullpacket_packet_type; ++ uint32_t fullpacket_required_type; + + /* State variables used in libssh2_sftp_init() */ + libssh2_nonblocking_states sftpInit_state; +@@ -948,10 +952,11 @@ struct _LIBSSH2_SESSION + }; + + /* session.state bits */ +-#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000001 +-#define LIBSSH2_STATE_NEWKEYS 0x00000002 +-#define LIBSSH2_STATE_AUTHENTICATED 0x00000004 +-#define LIBSSH2_STATE_KEX_ACTIVE 0x00000008 ++#define LIBSSH2_STATE_INITIAL_KEX 0x00000001 ++#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000002 ++#define LIBSSH2_STATE_NEWKEYS 0x00000004 ++#define LIBSSH2_STATE_AUTHENTICATED 0x00000008 ++#define LIBSSH2_STATE_KEX_ACTIVE 0x00000010 + + /* session.flag helpers */ + #ifdef MSG_NOSIGNAL +@@ -1182,6 +1187,11 @@ ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer, + int _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + key_exchange_state_t * state); + ++unsigned char *_libssh2_kex_agree_instr(unsigned char *haystack, ++ size_t haystack_len, ++ const unsigned char *needle, ++ size_t needle_len); ++ + /* Let crypt.c/hostkey.c expose their method structs */ + const LIBSSH2_CRYPT_METHOD **libssh2_crypt_methods(void); + const LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void); +diff --git a/src/packet.c b/src/packet.c +index eccb8c56a8..6da14e9fa1 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -624,14 +624,13 @@ packet_authagent_open(LIBSSH2_SESSION * session, + * layer when it has received a packet. + * + * The input pointer 'data' is pointing to allocated data that this function +- * is asked to deal with so on failure OR success, it must be freed fine. +- * The only exception is when the return code is LIBSSH2_ERROR_EAGAIN. ++ * will be freed unless return the code is LIBSSH2_ERROR_EAGAIN. + * + * This function will always be called with 'datalen' greater than zero. + */ + int + _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate) ++ size_t datalen, int macstate, uint32_t seq) + { + int rc = 0; + unsigned char *message = NULL; +@@ -676,6 +675,70 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + break; + } + ++ if(session->state & LIBSSH2_STATE_INITIAL_KEX) { ++ if(msg == SSH_MSG_KEXINIT) { ++ if(!session->kex_strict) { ++ if(datalen < 17) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Data too short extracting kex"); ++ } ++ else { ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ struct string_buf buf; ++ unsigned char *algs = NULL; ++ size_t algs_len = 0; ++ ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 17; /* advance past type and cookie */ ++ ++ if(_libssh2_get_string(&buf, &algs, &algs_len)) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Algs too short"); ++ } ++ ++ if(algs_len == 0 || ++ _libssh2_kex_agree_instr(algs, algs_len, strict, 28)) { ++ session->kex_strict = 1; ++ } ++ } ++ } ++ ++ if(session->kex_strict && seq) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ } ++ } ++ ++ if(session->kex_strict && session->fullpacket_required_type && ++ session->fullpacket_required_type != msg) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } ++ } ++ + if(session->packAdd_state == libssh2_NB_state_allocated) { + /* A couple exceptions to the packet adding rule: */ + switch(msg) { +@@ -1364,6 +1427,15 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type, + + return 0; + } ++ else if(session->kex_strict && ++ (session->state & LIBSSH2_STATE_INITIAL_KEX)) { ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } + packet = _libssh2_list_next(&packet->node); + } + return -1; +@@ -1425,7 +1497,10 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type, + } + + while(session->socket_state == LIBSSH2_SOCKET_CONNECTED) { +- int ret = _libssh2_transport_read(session); ++ int ret; ++ session->fullpacket_required_type = packet_type; ++ ret = _libssh2_transport_read(session); ++ session->fullpacket_required_type = 0; + if(ret == LIBSSH2_ERROR_EAGAIN) + return ret; + else if(ret < 0) { +diff --git a/src/packet.h b/src/packet.h +index 1d90b8af12..955351e5f6 100644 +--- a/src/packet.h ++++ b/src/packet.h +@@ -72,6 +72,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session, + int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len); + int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate); ++ size_t datalen, int macstate, uint32_t seq); + + #endif /* LIBSSH2_PACKET_H */ +diff --git a/src/session.c b/src/session.c +index 35e7929fe7..9d89ade8ec 100644 +--- a/src/session.c ++++ b/src/session.c +@@ -469,6 +469,8 @@ libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), + session->abstract = abstract; + session->api_timeout = 0; /* timeout-free API by default */ + session->api_block_mode = 1; /* blocking API by default */ ++ session->state = LIBSSH2_STATE_INITIAL_KEX; ++ session->fullpacket_required_type = 0; + session->packet_read_timeout = LIBSSH2_DEFAULT_READ_TIMEOUT; + session->flag.quote_paths = 1; /* default behavior is to quote paths + for the scp subsystem */ +@@ -1223,6 +1225,7 @@ libssh2_session_disconnect_ex(LIBSSH2_SESSION *session, int reason, + const char *desc, const char *lang) + { + int rc; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + BLOCK_ADJUST(rc, session, + session_disconnect(session, reason, desc, lang)); +diff --git a/src/transport.c b/src/transport.c +index 21be9d2b80..a8bb588a4b 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -186,6 +186,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + struct transportpacket *p = &session->packet; + int rc; + int compressed; ++ uint32_t seq = session->remote.seqno; + + if(session->fullpacket_state == libssh2_NB_state_idle) { + session->fullpacket_macstate = LIBSSH2_MAC_CONFIRMED; +@@ -317,7 +318,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + if(session->fullpacket_state == libssh2_NB_state_created) { + rc = _libssh2_packet_add(session, p->payload, + session->fullpacket_payload_len, +- session->fullpacket_macstate); ++ session->fullpacket_macstate, seq); + if(rc == LIBSSH2_ERROR_EAGAIN) + return rc; + if(rc) { +@@ -328,6 +329,11 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + + session->fullpacket_state = libssh2_NB_state_idle; + ++ if(session->kex_strict && ++ session->fullpacket_packet_type == SSH_MSG_NEWKEYS) { ++ session->remote.seqno = 0; ++ } ++ + return session->fullpacket_packet_type; + } + +@@ -1093,6 +1099,10 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session, + + session->local.seqno++; + ++ if(session->kex_strict && data[0] == SSH_MSG_NEWKEYS) { ++ session->local.seqno = 0; ++ } ++ + ret = LIBSSH2_SEND(session, p->outbuf, total_length, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + if(ret < 0) diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix index 091885a1f084a..f7a51da9fa672 100644 --- a/pkgs/development/libraries/libssh2/default.nix +++ b/pkgs/development/libraries/libssh2/default.nix @@ -9,6 +9,12 @@ stdenv.mkDerivation rec { sha256 = "sha256-NzYWHkHiaTMk3rOMJs/cPv5iCdY0ukJY2xzs/2pa1GE="; }; + patches = [ + # fetchpatch cannot be used due to infinite recursion + # https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a + ./CVE-2023-48795.patch + ]; + outputs = [ "out" "dev" "devdoc" ]; propagatedBuildInputs = [ openssl ]; # see Libs: in libssh2.pc From 61d3bb381766bb4588505f481fe6511b230996d2 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 30 Oct 2023 11:51:22 +0000 Subject: [PATCH 109/124] shadow: 4.14.1 -> 4.14.2 Changes: https://github.com/shadow-maint/shadow/releases/tag/4.14.2 (cherry picked from commit ff9c6f3c7751bd409188fd2536c0c8b488af0a39) --- pkgs/os-specific/linux/shadow/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 38fec65b33344..f52342f5af366 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.1"; + version = "4.14.2"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-DzPPnttnJSOMQwXWyFcz6fEtjwBC3p2PpZpBAQ/Ew18="; + hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; }; outputs = [ "out" "su" "dev" "man" ]; From 12bb0867e5b5ac0ad1b5357ea363e0713ede187e Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 20 Dec 2023 22:01:37 +0100 Subject: [PATCH 110/124] libde265: 1.0.14 -> 1.0.15 Fixes CVE-2023-49465, CVE-2023-49467 and CVE-2023-49468 https://github.com/strukturag/libde265/releases/tag/v1.0.15 (cherry picked from commit c32a8776b07d15e491f3ba5a8ebefca718e0662d) --- pkgs/development/libraries/libde265/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libde265/default.nix b/pkgs/development/libraries/libde265/default.nix index de366da98b962..d0e3e79b4afce 100644 --- a/pkgs/development/libraries/libde265/default.nix +++ b/pkgs/development/libraries/libde265/default.nix @@ -14,14 +14,14 @@ }: stdenv.mkDerivation (finalAttrs: rec { - version = "1.0.14"; + version = "1.0.15"; pname = "libde265"; src = fetchFromGitHub { owner = "strukturag"; repo = "libde265"; rev = "refs/tags/v${version}"; - hash = "sha256-aZRtF4wYWxi/6ORNu7yVxFFdkvJTvBwPinL5lC0Mlqg="; + hash = "sha256-guiLM4RNe5O0qpeCoQUbs1Z7j0wp8iK9za2+6NIB8yY="; }; nativeBuildInputs = [ autoreconfHook pkg-config ]; From 21fdfd15d09ea8c3f4581d88a5b7c0cd9dd5b8a0 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Tue, 26 Dec 2023 14:15:54 +0000 Subject: [PATCH 111/124] python3Packages.pip: add patches for CVE-2023-5752 --- pkgs/development/python-modules/pip/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/development/python-modules/pip/default.nix b/pkgs/development/python-modules/pip/default.nix index 484a15e858769..feb98217a6187 100644 --- a/pkgs/development/python-modules/pip/default.nix +++ b/pkgs/development/python-modules/pip/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, fetchpatch , installShellFiles , mock , scripttest @@ -29,6 +30,19 @@ buildPythonPackage rec { hash = "sha256-mUlzfYmq1FE3X1/2o7sYJzMgwHRI4ib4EMhpg83VvrI="; }; + patches = [ + (fetchpatch { + name = "CVE-2023-5752.part-1.patch"; + url = "https://github.com/pypa/pip/commit/1082eb12622b20d101d2864111dd9a591dd6c2f5.patch"; + hash = "sha256-aYdFaEmJW5kFTSz7w/05XhWW1gQSs+XgA3zdhsF3Xfg="; + }) + (fetchpatch { + name = "CVE-2023-5752.part-2.patch"; + url = "https://github.com/pypa/pip/commit/6dbd9c68f085c5bf304247bf7c7933842092efb2.patch"; + hash = "sha256-CV4b52u7gD0XbTRxYSLrWBw4h/3iHzQ6Z768rbtIjrk="; + }) + ]; + postPatch = '' # Remove vendored Windows PE binaries # Note: These are unused but make the package unreproducible. From d0142208f0372ece53faffab0b18d25704e22626 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 5 Dec 2023 05:27:57 +0100 Subject: [PATCH 112/124] python311Packages.django_4: 4.2.7 -> 4.2.8 https://docs.djangoproject.com/en/4.2/releases/4.2.8/ (cherry picked from commit ac5099c9b02eec030ead87e51fed1dbc0dd7144d) --- pkgs/development/python-modules/django/4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 69c438739f23f..5dd27fd833274 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -42,14 +42,14 @@ buildPythonPackage rec { pname = "Django"; - version = "4.2.7"; + version = "4.2.8"; format = "pyproject"; disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - hash = "sha256-jg8cLCeGtcDjn+GvziTJJgQPrUfI6orTCq8RiN8p/EE="; + hash = "sha256-1p1eNsxdn060hyvjbGIoeK/NzpQGJxbPPiW87csWi2I="; }; patches = [ From 1d0d83ac90b9e785cfa73fde9073d6f618a9e0a7 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Tue, 26 Dec 2023 23:00:34 +0000 Subject: [PATCH 113/124] python3Packages.twisted: add patch for CVE-2023-46137 --- .../twisted/23.8.0-CVE-2023-46137.patch | 174 ++++++++++++++++++ .../python-modules/twisted/default.nix | 1 + 2 files changed, 175 insertions(+) create mode 100644 pkgs/development/python-modules/twisted/23.8.0-CVE-2023-46137.patch diff --git a/pkgs/development/python-modules/twisted/23.8.0-CVE-2023-46137.patch b/pkgs/development/python-modules/twisted/23.8.0-CVE-2023-46137.patch new file mode 100644 index 0000000000000..5e68d1138de6b --- /dev/null +++ b/pkgs/development/python-modules/twisted/23.8.0-CVE-2023-46137.patch @@ -0,0 +1,174 @@ +Based on upstream merge +1e6e9d23cac59689760558dcb6634285e694b04c adjusted +to apply to 23.8.0 + +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -2443,14 +2443,38 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin): + + self._handlingRequest = True + ++ # We go into raw mode here even though we will be receiving lines next ++ # in the protocol; however, this data will be buffered and then passed ++ # back to line mode in the setLineMode call in requestDone. ++ self.setRawMode() ++ + req = self.requests[-1] + req.requestReceived(command, path, version) + +- def dataReceived(self, data): ++ def rawDataReceived(self, data: bytes) -> None: + """ +- Data was received from the network. Process it. ++ This is called when this HTTP/1.1 parser is in raw mode rather than ++ line mode. ++ ++ It may be in raw mode for one of two reasons: ++ ++ 1. All the headers of a request have been received and this ++ L{HTTPChannel} is currently receiving its body. ++ ++ 2. The full content of a request has been received and is currently ++ being processed asynchronously, and this L{HTTPChannel} is ++ buffering the data of all subsequent requests to be parsed ++ later. ++ ++ In the second state, the data will be played back later. ++ ++ @note: This isn't really a public API, and should be invoked only by ++ L{LineReceiver}'s line parsing logic. If you wish to drive an ++ L{HTTPChannel} from a custom data source, call C{dataReceived} on ++ it directly. ++ ++ @see: L{LineReceive.rawDataReceived} + """ +- # If we're currently handling a request, buffer this data. + if self._handlingRequest: + self._dataBuffer.append(data) + if ( +@@ -2462,9 +2486,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin): + # ready. See docstring for _optimisticEagerReadSize above. + self._networkProducer.pauseProducing() + return +- return basic.LineReceiver.dataReceived(self, data) + +- def rawDataReceived(self, data): + self.resetTimeout() + + try: +--- /dev/null ++++ b/src/twisted/web/newsfragments/11976.bugfix +@@ -0,0 +1,7 @@ ++In Twisted 16.3.0, we changed twisted.web to stop dispatching HTTP/1.1 ++pipelined requests to application code. There was a bug in this change which ++still allowed clients which could send multiple full HTTP requests in a single ++TCP segment to trigger asynchronous processing of later requests, which could ++lead to out-of-order responses. This has now been corrected and twisted.web ++should never process a pipelined request over HTTP/1.1 until the previous ++request has fully completed. +--- a/src/twisted/web/test/test_web.py ++++ b/src/twisted/web/test/test_web.py +@@ -8,6 +8,7 @@ Tests for various parts of L{twisted.web}. + import os + import zlib + from io import BytesIO ++from typing import List + + from zope.interface import implementer + from zope.interface.verify import verifyObject +@@ -15,12 +16,15 @@ from zope.interface.verify import verifyObject + from twisted.internet import interfaces + from twisted.internet.address import IPv4Address, IPv6Address + from twisted.internet.task import Clock +-from twisted.internet.testing import EventLoggingObserver ++from twisted.internet.testing import EventLoggingObserver, StringTransport + from twisted.logger import LogLevel, globalLogPublisher + from twisted.python import failure, reflect ++from twisted.python.compat import iterbytes + from twisted.python.filepath import FilePath + from twisted.trial import unittest + from twisted.web import error, http, iweb, resource, server ++from twisted.web.resource import Resource ++from twisted.web.server import NOT_DONE_YET, Request, Site + from twisted.web.static import Data + from twisted.web.test.requesthelper import DummyChannel, DummyRequest + from ._util import assertIsFilesystemTemporary +@@ -1849,3 +1853,78 @@ class ExplicitHTTPFactoryReactor(unittest.TestCase): + + factory = http.HTTPFactory() + self.assertIs(factory.reactor, reactor) ++ ++ ++class QueueResource(Resource): ++ """ ++ Add all requests to an internal queue, ++ without responding to the requests. ++ You can access the requests from the queue and handle their response. ++ """ ++ ++ isLeaf = True ++ ++ def __init__(self) -> None: ++ super().__init__() ++ self.dispatchedRequests: List[Request] = [] ++ ++ def render_GET(self, request: Request) -> int: ++ self.dispatchedRequests.append(request) ++ return NOT_DONE_YET ++ ++ ++class TestRFC9112Section932(unittest.TestCase): ++ """ ++ Verify that HTTP/1.1 request ordering is preserved. ++ """ ++ ++ def test_multipleRequestsInOneSegment(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ proto.dataReceived( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) ++ ++ def test_multipleRequestsInDifferentSegments(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending, even if the second request is received in a separate ++ TCP package. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ raw_data = ( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # Just go byte by byte for the extreme case in which each byte is ++ # received in a separate TCP package. ++ for chunk in iterbytes(raw_data): ++ proto.dataReceived(chunk) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 801adb77da376..5a9e471fd2b18 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -77,6 +77,7 @@ buildPythonPackage rec { url = "https://github.com/mweinelt/twisted/commit/e69e652de671aac0abf5c7e6c662fc5172758c5a.patch"; hash = "sha256-LmvKUTViZoY/TPBmSlx4S9FbJNZfB5cxzn/YcciDmoI="; }) + ./23.8.0-CVE-2023-46137.patch ]; __darwinAllowLocalNetworking = true; From ef363df5d5af44e6388e0f551c37d4578fc744e1 Mon Sep 17 00:00:00 2001 From: Steve Purcell Date: Tue, 26 Dec 2023 16:45:59 +0000 Subject: [PATCH 114/124] melpa2nix: update to work with Emacs HEAD We now use a newer version of package-build, since previously-necessary functions have been moved/removed from package.el Emacs 30. See https://github.com/melpa/package-build/pull/87 Consequently, some changes are necessary to the corresponding patch and to melpa2nix.el, which this commit also contains. (cherry picked from commit 4f12789c352d762dc6f80b13ea28411eaa0b9a60) --- pkgs/build-support/emacs/melpa.nix | 4 +- pkgs/build-support/emacs/melpa2nix.el | 26 +++++------ .../emacs/package-build-dont-use-mtime.patch | 43 ++++++------------- 3 files changed, 27 insertions(+), 46 deletions(-) diff --git a/pkgs/build-support/emacs/melpa.nix b/pkgs/build-support/emacs/melpa.nix index 85bc8aa37b3aa..83654cf471442 100644 --- a/pkgs/build-support/emacs/melpa.nix +++ b/pkgs/build-support/emacs/melpa.nix @@ -40,8 +40,8 @@ import ./generic.nix { inherit lib stdenv emacs texinfo writeText gcc; } ({ src = fetchFromGitHub { owner = "melpa"; repo = "package-build"; - rev = "c3c535e93d9dc92acd21ebc4b15016b5c3b90e7d"; - sha256 = "17z0wbqdd6fspbj43yq8biff6wfggk74xgnaf1xx6ynsp1i74is5"; + rev = "c48aa078c01b4f07b804270c4583a0a58ffea1c0"; + sha256 = "sha256-MzPj375upIiYXdQR+wWXv3A1zMqbSrZlH0taLuxx/1M="; }; patches = [ ./package-build-dont-use-mtime.patch ]; diff --git a/pkgs/build-support/emacs/melpa2nix.el b/pkgs/build-support/emacs/melpa2nix.el index 72667dea652c1..3de77dbf5e5c6 100644 --- a/pkgs/build-support/emacs/melpa2nix.el +++ b/pkgs/build-support/emacs/melpa2nix.el @@ -11,22 +11,22 @@ ;; Allow installing package tarfiles larger than 10MB (setq large-file-warning-threshold nil) -(defun melpa2nix-build-package-1 (rcp version commit) - (let ((source-dir (package-recipe--working-tree rcp))) +(defun melpa2nix-build-package-1 (rcp) + (let* ((default-directory (package-recipe--working-tree rcp))) (unwind-protect (let ((files (package-build-expand-files-spec rcp t))) - (cond - ((= (length files) 1) - (package-build--build-single-file-package - rcp version commit files source-dir)) - ((> (length files) 1) - (package-build--build-multi-file-package - rcp version commit files source-dir)) - (t (error "Unable to find files matching recipe patterns"))))))) + (unless files + (error "Unable to find files matching recipe patterns")) + (if (> (length files) 1) + (package-build--build-multi-file-package rcp files) + (package-build--build-single-file-package rcp files)))))) (defun melpa2nix-build-package () - (if (not noninteractive) - (error "`melpa2nix-build-package' is to be used only with -batch")) + (unless noninteractive + (error "`melpa2nix-build-package' is to be used only with -batch")) (pcase command-line-args-left (`(,package ,version ,commit) - (melpa2nix-build-package-1 (package-recipe-lookup package) version commit)))) + (let ((recipe (package-recipe-lookup package))) + (setf (oref recipe commit) commit) + (setf (oref recipe version) version) + (melpa2nix-build-package-1 recipe))))) diff --git a/pkgs/build-support/emacs/package-build-dont-use-mtime.patch b/pkgs/build-support/emacs/package-build-dont-use-mtime.patch index fe94de57a3002..1ace7771ea3ac 100644 --- a/pkgs/build-support/emacs/package-build-dont-use-mtime.patch +++ b/pkgs/build-support/emacs/package-build-dont-use-mtime.patch @@ -1,40 +1,21 @@ diff --git a/package-build.el b/package-build.el -index e572045..9eb0f82 100644 +index 29cdb61..c19be1b 100644 --- a/package-build.el +++ b/package-build.el -@@ -415,7 +415,7 @@ (defun package-build--write-pkg-file (desc dir) - (princ ";; Local Variables:\n;; no-byte-compile: t\n;; End:\n" - (current-buffer))))) - --(defun package-build--create-tar (name version directory mtime) -+(defun package-build--create-tar (name version directory) - "Create a tar file containing the contents of VERSION of package NAME. - DIRECTORY is a temporary directory that contains the directory - that is put in the tarball. MTIME is used as the modification -@@ -434,7 +434,7 @@ (defun package-build--create-tar (name version directory mtime) - ;; prevent a reproducable tarball as described at +@@ -923,7 +923,6 @@ DIRECTORY is a temporary directory that contains the directory + that is put in the tarball." + (let* ((name (oref rcp name)) + (version (oref rcp version)) +- (time (oref rcp time)) + (tar (expand-file-name (concat name "-" version ".tar") + package-build-archive-dir)) + (dir (concat name "-" version))) +@@ -939,7 +938,7 @@ that is put in the tarball." + ;; prevent a reproducible tarball as described at ;; https://reproducible-builds.org/docs/archives. "--sort=name" -- (format "--mtime=@%d" mtime) +- (format "--mtime=@%d" time) + "--mtime=@0" "--owner=0" "--group=0" "--numeric-owner" "--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime")) (when (and package-build-verbose noninteractive) -@@ -848,12 +848,11 @@ (defun package-build--build-multi-file-package (rcp version commit files source- - (package-build--desc-from-library - name version commit files 'tar) - (error "%s[-pkg].el matching package name is missing" -- name)))) -- (mtime (package-build--get-commit-time rcp commit))) -+ name))))) - (package-build--copy-package-files files source-dir target) - (package-build--write-pkg-file desc target) - (package-build--generate-info-files files source-dir target) -- (package-build--create-tar name version tmp-dir mtime) -+ (package-build--create-tar name version tmp-dir) - (package-build--write-pkg-readme name files source-dir) - (package-build--write-archive-entry desc)) - (delete-directory tmp-dir t nil)))) --- -2.37.2 - From 2bf4f7838e1b1abe05a4b22da3aa522a43553b3f Mon Sep 17 00:00:00 2001 From: K900 Date: Mon, 1 Jan 2024 12:45:32 +0300 Subject: [PATCH 115/124] qt5: 5.15.{11,15} -> 5.15.{12,16} (cherry picked from commit e9109dc7d330d6b107dcd3fde7d5c377183f60cd) --- .../libraries/qt-5/5.15/srcs-generated.json | 160 +++++++++--------- pkgs/development/libraries/qt-5/5.15/srcs.nix | 10 +- 2 files changed, 85 insertions(+), 85 deletions(-) diff --git a/pkgs/development/libraries/qt-5/5.15/srcs-generated.json b/pkgs/development/libraries/qt-5/5.15/srcs-generated.json index 8171293497181..8becac303a72b 100644 --- a/pkgs/development/libraries/qt-5/5.15/srcs-generated.json +++ b/pkgs/development/libraries/qt-5/5.15/srcs-generated.json @@ -1,202 +1,202 @@ { "qt3d": { "url": "https://invent.kde.org/qt/qt/qt3d.git", - "rev": "c1f8fa2578d99e07f5e581f26bd532695b9534f9", - "sha256": "19wsf9capc8i5157hfp8g735scpcms329ylp0fg86j9qalg7ccwg" + "rev": "e1b1a0d2970fd384bd52c734a72536d8452ad070", + "sha256": "14q7xf6n8giz5v1s23ndibiv4d6g0ds4v88bx5v984319qxyvpqh" }, "qtactiveqt": { "url": "https://invent.kde.org/qt/qt/qtactiveqt.git", - "rev": "2ed4be9e852d2533b982493a26bf061b245dc106", - "sha256": "0v6fwykibl4d20sdh10inaavpzwp5ijpyw8k31078shw3hsgkqxf" + "rev": "4fc1cba4c415d84a5879da29f7c459b70fbc15e9", + "sha256": "0mrw7rr6fnjkjxx882ga253kzn4di1agikyq6h9ixwfn2j242qlq" }, "qtandroidextras": { "url": "https://invent.kde.org/qt/qt/qtandroidextras.git", - "rev": "3d30862e761afd5fe8451857bb531b6fb8f63dc3", - "sha256": "0sq4dgk88n96wja1wp6j5swxhz8wksf1v4sibywvg7v431nfy82p" + "rev": "12d064b16117c6f3418b494c927ef72cf1927929", + "sha256": "1rcpldpzwbmyww50rh58avmhgj93ks40bwm0bqz7dgwakm4n76lj" }, "qtbase": { "url": "https://invent.kde.org/qt/qt/qtbase.git", - "rev": "ea7a183732c17005f08ca14fd70cdd305c90396d", - "sha256": "0lblir4zcnxc2ix9frcsygkhfs5qx7xibpflapmi6d978jjfxjmx" + "rev": "9e450254296be0a8fd4e6da10d116862a0fce82e", + "sha256": "1ny85vhjgqiqz3qmd8vm0c43zkm2cynabf37xkinsfj1yhbaj9qa" }, "qtcharts": { "url": "https://invent.kde.org/qt/qt/qtcharts.git", - "rev": "e17308d5ce83a8b66aeeaaaf16ce16d4ee6b2826", - "sha256": "1igna3qdwpaf67lhj0m743cj127hyg73ynjhadhjk3gz34h12r09" + "rev": "393a84ad5b16a9ec93d8a44bebf1ae86e881bc06", + "sha256": "1ki307wkm3wxf3jc508zgdr5p7fb297hf0rdg5x1hyv7qb03bvxx" }, "qtconnectivity": { "url": "https://invent.kde.org/qt/qt/qtconnectivity.git", - "rev": "e33b82889625b6a72e0be91c5023a30d53136a80", - "sha256": "17yxmj1xd2q0a2in6aygp88bsg1vivklmzjwi97llbmvcxxvzhfn" + "rev": "70020cb64f71dcf2fd65a8a167cb785d2127e159", + "sha256": "10kajc98avdz8a7f5ifrrrzwrkdlbsdmiamh7blsnfcix1063ihq" }, "qtdatavis3d": { "url": "https://invent.kde.org/qt/qt/qtdatavis3d.git", - "rev": "d7af24d26b9fbb83bf57b2b7245d280eb78e8b22", - "sha256": "1h85cn4qabva8fcr69b35cmy9c7vbk2fz8licw5ca42bq141k4kw" + "rev": "c887477198cae44585fe9db371db0ddf4c3b205e", + "sha256": "0fkw096w81lzdj7zgc6xfy719lh10x3f7mqm832mjq86h8f3gyc5" }, "qtdeclarative": { "url": "https://invent.kde.org/qt/qt/qtdeclarative.git", - "rev": "1b0e366092bcfae0392592c3b7891f0e47af1018", - "sha256": "0fif6gbin3clvy7rfvrs5qdjqvi3ql9yciiwdbm7z0by2kzz1qsg" + "rev": "792a55bb701d233116c3731c7a53ffdb8c67e407", + "sha256": "1d87mkl3dj3ysham1rrfxw07jvc5jqh8g2w8psv5858i29aclyqn" }, "qtdoc": { "url": "https://invent.kde.org/qt/qt/qtdoc.git", - "rev": "c8af0c56f1765302f8bdf874dfacb11c4e0bf4e3", - "sha256": "161wm1pq732nnbx8jbmiv1g1ziqzjwy48dpasy3zgj4i83qyvdas" + "rev": "8a3dfe33cb4f1e81b609f41716a3f0610a50db72", + "sha256": "18x3gn6wv8vm5wfa6hjfzbkxcpclnwi4s3mbbc3hj9yar53hznqp" }, "qtgamepad": { "url": "https://invent.kde.org/qt/qt/qtgamepad.git", - "rev": "4b52913503e3713200265cd6bc19b301792dbf96", - "sha256": "1n5pafxarhb4rsvr18al4hyc6xmm5nhjkknrnhdldy9vz7w50bgs" + "rev": "8ed95136b3c265b01db6cc33869228f41878e173", + "sha256": "1m774ah9c1didj60rph6p4gibyqgynmdqngqkq1bv1p7m2jkq1ss" }, "qtgraphicaleffects": { "url": "https://invent.kde.org/qt/qt/qtgraphicaleffects.git", - "rev": "cce7d784237cd2dd4af1abe2757d048e34e02685", - "sha256": "1yvxpkfxd44z9z44mfv77lfsbgjlmxz1rilblpp8h276zc5w6l5z" + "rev": "e33716bd6bb8926688fef20cb568e11618d08a35", + "sha256": "1klm5rhx6lpc0knhc15lz6sj07znv2d601gbi360wfqkvbi3g78p" }, "qtimageformats": { "url": "https://invent.kde.org/qt/qt/qtimageformats.git", - "rev": "b22bf4d0d77c7dafe8b4622f8bb45ac0b9cc9bdd", - "sha256": "0gz1par4gkcwwbxh0g1n1lrzyjjmi53gqfmbb222gkf5k8kf0r2i" + "rev": "142040e8a652e708ff6e004361f6bcfe85fefdf9", + "sha256": "1vc1ahanm40bh8qj3x2x4d4niihsrjai298alxfcxinfrsmw9m32" }, "qtlocation": { "url": "https://invent.kde.org/qt/qt/qtlocation.git", - "rev": "48a17e88fc1df5b6ae82a9787466226c830bcbf2", - "sha256": "0gn4zsf01xr0g8divixk2zpq97dnqs1cdc3q577ijczd2rcs6z4f" + "rev": "5b27b8921f1f2de93573df903c47aee634209f80", + "sha256": "1w8hq3mdlrdkkykhza4dx0f21j6k697xqqvpm2g2xyk2izadq2m0" }, "qtlottie": { "url": "https://invent.kde.org/qt/qt/qtlottie.git", - "rev": "909b79f4810b8ac62baa3544837793cfb132593b", - "sha256": "1bh5418nshzlgc3xf8yg1c0n70xcazr3ya9fdfn1xs3yhxdxcd8h" + "rev": "db33cc9a4c0bad1006dbc9ed46d71b80ee284df3", + "sha256": "1wjzhk6zn0vh9fjldpi5gi7qlpgfc2gcznh3a7icpbx7n9cc9qh5" }, "qtmacextras": { "url": "https://invent.kde.org/qt/qt/qtmacextras.git", - "rev": "cc717d0093d796e6bafb65892e6825f146c1d3cd", - "sha256": "1cdal8yfjwgl30fh2s5s45hy1mw70n8bfdsbx8q6j4g062dr16zd" + "rev": "4cb89b861dbdbe8733c62bcdadc0a8d6617528a5", + "sha256": "1pygs8l1nk7mgqcgv7ilwx87i9i8jxwxn2h8fcqqvgn96c5sd9kg" }, "qtmultimedia": { "url": "https://invent.kde.org/qt/qt/qtmultimedia.git", - "rev": "f587b18db4abd68cb6d4d77fbcec1b94c38d2a51", - "sha256": "16b3yaq7i0cs9sw8q5f98g9kzphy3kwy0nw6hzznnzpkmg0pgkv1" + "rev": "36603a39aa590c12cbe2b192b56b29edd09a7a6b", + "sha256": "1i6hfddkwf0x74kxz5vrjkc3r507m6icr59p8b6n1bms5y5731j6" }, "qtnetworkauth": { "url": "https://invent.kde.org/qt/qt/qtnetworkauth.git", - "rev": "1e3f2196bd45a5ee272b08b1d82cef29aaa89b61", - "sha256": "1jshzvsa2nnckakiybh6q7f0wdl5p04b6mymxvjzzphr0q32qn75" + "rev": "3fccc9b8fdaff1252fb4a9c516868d0bbbd4384d", + "sha256": "0h0i6r5w2vdmm9nxyk8vzdim739fja4ddf42s9pa25r1vs6i9rdw" }, "qtpurchasing": { "url": "https://invent.kde.org/qt/qt/qtpurchasing.git", - "rev": "736144c5827385000e391e9a55a0f0162b7e8112", - "sha256": "1djvj4glxc360my597g81aqjmrhk46447x5s2jj81yiflppvkbny" + "rev": "f563e7f2d1668a3d216e9d396e050df25fd15532", + "sha256": "1kbzf8nadia31sfc4r53p3p733i85w23yznwp2fc2117z81vd9p7" }, "qtquick3d": { "url": "https://invent.kde.org/qt/qt/qtquick3d.git", - "rev": "f3c3c2041f4800a7fc1904771f5c6af036167dc9", - "sha256": "1xsxhx20spj50jmsqd5f2qa7kmr9rn08c22zkckhrgic73188dpg" + "rev": "d4f5966ba085a1146a04f2ea8449bbf14833a593", + "sha256": "05617q59ldzavm79bf3vgz2sc4paa6d4s0q7adqzpnib6pryr2xj" }, "qtquickcontrols": { "url": "https://invent.kde.org/qt/qt/qtquickcontrols.git", - "rev": "dcc90558d9c0cba41eec7df290943994289b0e87", - "sha256": "0xccglsr1c519lyfg58hj6aa34zfyxc4zff360kd84yxmp8r4y9i" + "rev": "1ca962198a703f591efc7c8f7540fc4120746a00", + "sha256": "1r4z0lfcs1mhdmxgd7saw49p5y2009a0vxn043v0z2w47yrqprb6" }, "qtquickcontrols2": { "url": "https://invent.kde.org/qt/qt/qtquickcontrols2.git", - "rev": "a2d56960dd76c94a5115b5415be5ee174d377718", - "sha256": "03wikwwf329wzml59hw0mqqzqjqfp95k8bvifi21zgrnjfl8rsrr" + "rev": "134ca5dbef9d137a9c46faa79b0225bc650d9283", + "sha256": "09r6a0vdpyxzrhx6h49v9nyky3xzgm0z1wd320qi3zh7baxxrzm4" }, "qtquicktimeline": { "url": "https://invent.kde.org/qt/qt/qtquicktimeline.git", - "rev": "b1b4b882dabaa036c3fb73c4a879ba8efbb02ded", - "sha256": "07zaziin88y5cq9xy4dsfw2y7njs92qq00mg42350g1s6zqrlbv2" + "rev": "58f4f22662023efe6f223d5ef4a6d0be3708182b", + "sha256": "15braxxp4ldvfqxz7a1xywskycmkwv88cypgaxfipkis9jvaykdi" }, "qtremoteobjects": { "url": "https://invent.kde.org/qt/qt/qtremoteobjects.git", - "rev": "bdc316aca82769b43cb7821c10d80a1ca02b846e", - "sha256": "136izb42sdy42lr5amh343f97s59fwf3mv44dg5n8jwg0mg7s67b" + "rev": "f64e34be9ac4b7e92c63e47235c04471a1d40c93", + "sha256": "1hjg1vimipszcdk89ivq1iym05m9yz2li6chyg52n1wqjm628gx1" }, "qtscxml": { "url": "https://invent.kde.org/qt/qt/qtscxml.git", - "rev": "e8727aabe55526956295407d27317ec15e12b283", - "sha256": "1gyas1prkvnmxlvb90s9qzpy1frk8c4b7n0wnjn0vkfp0cmv3w52" + "rev": "3f56c6b4bd1e3883581340243b4a7289807fffc9", + "sha256": "15yhdp77p4i1as53cssx038hwmqjh2zgh35hrad4mhk4g6za85na" }, "qtsensors": { "url": "https://invent.kde.org/qt/qt/qtsensors.git", - "rev": "a41492b23cde20d1e00427d31e4637d06aea3638", - "sha256": "1p9w444bzgixw6a8qarznnr15ayn22k2limsi5mzqanf3j3bd3ml" + "rev": "3011b16d63cadbb473b6aa3a535b9f0e33170c09", + "sha256": "06d5x03bzbal4npbdl8y74fdizl9phz76q29f798196hjyb0kz05" }, "qtserialbus": { "url": "https://invent.kde.org/qt/qt/qtserialbus.git", - "rev": "c41785c9f36560722b917d373ee97eed8cc4089a", - "sha256": "05nvzh9lbkbsghpdb3q26nbxgdq5007xak8zxwd3cz9mhqy8xnyc" + "rev": "c64de6ad9f646aaa66fca0500d21cde802a7bb17", + "sha256": "09jp80yrql450bz7c2rfjyyfy0zd59kmrc0lww5ws0lyp95n116y" }, "qtserialport": { "url": "https://invent.kde.org/qt/qt/qtserialport.git", - "rev": "3380465d5d4977326616c5e57789a81681be650e", - "sha256": "06dzraplqhidkngl3sjb3sppqpvc8v8ahrjz06dnsh1dwj8hizh7" + "rev": "c3a7debff7a4c6ddaedb795290180dd99d7ac4be", + "sha256": "1aslr9msddnrkxrlzplbzpfydjkiw1haa67mcsmr2phxkfh05329" }, "qtspeech": { "url": "https://invent.kde.org/qt/qt/qtspeech.git", - "rev": "3b163bfd46d96bc9ee848dcee49e9cabe6699287", - "sha256": "03d4qvxfzwcfgbjdrpq0hvnhbz8bj6diphwiywdp16kvfmp13g9f" + "rev": "c41437acf07c2c4703351b07925fce3ce0e6b75d", + "sha256": "1ihv2k4swbhd4kiaprrjgq8kmx3vrg64y2dqkvg6nd26dfwhxr0f" }, "qtsvg": { "url": "https://invent.kde.org/qt/qt/qtsvg.git", - "rev": "7d6e373c7db9c05ef586db0eb50c87cd894229ad", - "sha256": "1aw9xxfjhm14raj7nivrr1ljnqcmibbbjyrx4bawp58mqbq4as4x" + "rev": "5b1b4a99d6bc98c42a11b7a3f6c9f0b0f9e56f34", + "sha256": "0ji4kaphlqmlpcvcvlqklhzmdlwv712cvsdxnv41fdab6b49yghw" }, "qttools": { "url": "https://invent.kde.org/qt/qt/qttools.git", - "rev": "38ae810be3fb4984f75b55a16d3413e35d701af1", - "sha256": "0hc65pidlp6lnb3srr2hg3dnas3hdj9cxkp7azcndj3wi36mclwf" + "rev": "bd0ceb7de5d0c918ae596150e95b069dca8b9150", + "sha256": "100qhcdcnnx0l3sl9zl5p3l7707h7vdbjjk7dmy7ap1r0218m5zy" }, "qttranslations": { "url": "https://invent.kde.org/qt/qt/qttranslations.git", - "rev": "56065158ffc4cd0fd78f9edf4b21b77b969f8dbb", - "sha256": "1lyh8hryi6hgw50gz9l6qxjfb72k4a7cg10vw18iffi7yv262g0z" + "rev": "f7745c117041e7adf9705e1de8d71086c160dd9f", + "sha256": "0nx8qdg3m4wf8pynh4pr1j0m0p1y5pws7fnx5mpqccvwgj4bwrdj" }, "qtvirtualkeyboard": { "url": "https://invent.kde.org/qt/qt/qtvirtualkeyboard.git", - "rev": "817378aa10176fd26eed36542bc657e48d9dd42e", - "sha256": "0ihgm8y19zlkp3677rp9hnzm56y74djsnpr78yk0mrbcbxv1hpwb" + "rev": "8b885af5ad3c2f2ff500c060a41e312ea7276e50", + "sha256": "0mh4bva1msczgwl2x3b960rml5rmxnvvzi1wk94cc51888vyajiv" }, "qtwayland": { "url": "https://invent.kde.org/qt/qt/qtwayland.git", - "rev": "4de268cbaf6ff3b633429577f06d3d746a3b202a", - "sha256": "1ris6yxd4igrjvjv7bnxkdr402lk1k0djalkbk5s4z8l4qpavn3y" + "rev": "c84d171fa84065fb3b4b6b3d33e7707676d87e47", + "sha256": "0vxqp5577xig4m0x9pmc04svjy58pi5f0wvc1b4sk61jhj8vib23" }, "qtwebchannel": { "url": "https://invent.kde.org/qt/qt/qtwebchannel.git", - "rev": "f84887c1aee4ab04af375e639ae965c9ea2186a5", - "sha256": "0pn4ly4lyf0db9pfb80q45zssifjg3466hnw7ryxnm4331izvbja" + "rev": "6d2f0c3a36d9b2cdcd759a464c608365a0afda98", + "sha256": "1aqhvniysjc14xqcwvqhylcd4lpsl5vsym0spfahxs55s9jsvbyl" }, "qtwebglplugin": { "url": "https://invent.kde.org/qt/qt/qtwebglplugin.git", - "rev": "ddcff45e8f2ca9f229017b3ded62327d2fb50af2", - "sha256": "1ybc94jidzqhrkm0v2daqq0nm34ydqpcgd8q4qhz9abi0ccj17s4" + "rev": "8f879e6bcf941a612c568fbfe2b49ddb1bb409cd", + "sha256": "02glac0m95naxl5c6n22xclxhp7fjl1whf6sf3388h41wwdhv11c" }, "qtwebsockets": { "url": "https://invent.kde.org/qt/qt/qtwebsockets.git", - "rev": "d41bb9f4f7ab9d5ff184ef94cf2f6ff7cf01de00", - "sha256": "0pc14sd1dzrw599kdjg1309l9hf9ylp0pnyv7i6s2pyfqqq0x85r" + "rev": "9a7b9972a54137d5f2e0d49559fe58d07c90662e", + "sha256": "1hcf18cls9kmq4xjxzjm2viqs80pxr4ykrzx0vg1bd83bc509vqp" }, "qtwebview": { "url": "https://invent.kde.org/qt/qt/qtwebview.git", - "rev": "f078642eb9a440f6aa88f2beaf10f445de1e29bb", - "sha256": "0qak3y3qaxs6lf34y8rcp922sqd08nvag0lvl7znxm8d5b7qmnn6" + "rev": "53fa44709992faae54e4f5c8a128cea7b6f0cbd5", + "sha256": "12w6znmy2hijcnwqqva8abydcryh6jcp8lhx0kz0m3cvhwpq1fbx" }, "qtwinextras": { "url": "https://invent.kde.org/qt/qt/qtwinextras.git", - "rev": "1bf19cc6a7972d8543485786418b6631459d3469", - "sha256": "09a6xacb0zsp44w5zz15lkh6sypy7y1xg7m1fkxj2n26wbdc2p52" + "rev": "ee931eba5d129284d5c33157cd7d0b9232fbee7b", + "sha256": "17fyfkm8qfl9jmlq3ppnqwdx47230bk2laikfbq2188vn42yxnqv" }, "qtx11extras": { "url": "https://invent.kde.org/qt/qt/qtx11extras.git", - "rev": "5fb2e067a38d3583684310130f5d8aad064f512f", - "sha256": "1whfsdmyihnzzy3ijh5wcbsw9ppg3s5nx2insw5yrx36iz0y054d" + "rev": "aaa54153970d1d63a44b873cad5f62ffa71ef9b8", + "sha256": "0q34pi4mqqi4vzk57f59xsk303jgpk1fkxvnvm9r08jkckxxbisw" }, "qtxmlpatterns": { "url": "https://invent.kde.org/qt/qt/qtxmlpatterns.git", - "rev": "5a1948ddc05bf44017ac12bd5c2b9bc79fbcb9a2", - "sha256": "0613zb8lzd1i2g5kbn7h39warx7hn1z5qi28zk8l88ivpn84dx4q" + "rev": "6e0917d518e07f737cc663b8d632c8021634fd3b", + "sha256": "062riy66z3v1fxrdnbdhafqdv67xqz12pscidj4fhhp9fzi92a45" } } diff --git a/pkgs/development/libraries/qt-5/5.15/srcs.nix b/pkgs/development/libraries/qt-5/5.15/srcs.nix index 130fcd332ba4c..5ac474afeda32 100644 --- a/pkgs/development/libraries/qt-5/5.15/srcs.nix +++ b/pkgs/development/libraries/qt-5/5.15/srcs.nix @@ -1,7 +1,7 @@ { lib, fetchgit, fetchFromGitHub }: let - version = "5.15.11"; + version = "5.15.12"; mk = name: args: { @@ -70,24 +70,24 @@ lib.mapAttrs mk (lib.importJSON ./srcs-generated.json) }; qtscript = rec { - version = "5.15.15"; + version = "5.15.16"; src = fetchFromGitHub { owner = "qt"; repo = "qtscript"; rev = "v${version}-lts"; - hash = "sha256-o2YG1m3LuG9Kq9Bqi1wRa6ceHsivK+hJR7w08NE/kBo="; + hash = "sha256-4Jqsmk5EBQ2Biv69yYCNx7l7AWFikRMBfl0fbZcsSaA="; }; }; qtwebengine = rec { - version = "5.15.15"; + version = "5.15.16"; src = fetchFromGitHub { owner = "qt"; repo = "qtwebengine"; rev = "v${version}-lts"; - hash = "sha256-AmW3u8D9Y8lXZu0aiuxYXNPzZ5GCXeBQGfAcgFuXAh4="; + hash = "sha256-Arg/tfJcx9+CSV1VXBieHNoCSwmWNTnyBdgSkthOdfA="; fetchSubmodules = true; }; }; From cd97a2914a645c53408a18ce74281b0741844da7 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 2 Jan 2024 12:04:48 +0100 Subject: [PATCH 116/124] python311Packages.django_4: 4.2.8 -> 4.2.9 https://docs.djangoproject.com/en/4.2/releases/4.2.9/ (cherry picked from commit 4e922e37b4a07c3a80d2ba588063b0fd0f065fb7) --- pkgs/development/python-modules/django/4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 5dd27fd833274..47c079328a175 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -42,14 +42,14 @@ buildPythonPackage rec { pname = "Django"; - version = "4.2.8"; + version = "4.2.9"; format = "pyproject"; disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - hash = "sha256-1p1eNsxdn060hyvjbGIoeK/NzpQGJxbPPiW87csWi2I="; + hash = "sha256-EkmMw8uLyAOFOf756Q6V9QdQJDbB8MOmc0ETJPpnXRQ="; }; patches = [ From 910e4475aef1fdcb8f3f22d72bab7e25ef356acd Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 14 Dec 2023 09:32:24 +0100 Subject: [PATCH 117/124] zulu: drop version from pname (cherry picked from commit 061702528519ad56dc5f9bfacaa6c8221de4f4a5) --- pkgs/development/compilers/zulu/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/zulu/common.nix b/pkgs/development/compilers/zulu/common.nix index d09555b00c9ca..75925ed81bece 100644 --- a/pkgs/development/compilers/zulu/common.nix +++ b/pkgs/development/compilers/zulu/common.nix @@ -57,7 +57,7 @@ let isJdk8 = lib.versions.major dist.jdkVersion == "8"; jdk = stdenv.mkDerivation rec { - pname = "zulu${dist.zuluVersion}-${javaPackage}"; + pname = "zulu-${javaPackage}"; version = dist.jdkVersion; src = fetchurl { From bb6f60092bae2cddb3c14f9987dcbd40be6012a2 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 3 Jan 2024 10:17:30 +0300 Subject: [PATCH 118/124] qt5.qtbase: update to latest patchset, includes CVE-2023-51714 fix (cherry picked from commit ca1c914e621624f522ade6fccc9dd70505da4f9c) --- pkgs/development/libraries/qt-5/5.15/srcs-generated.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/qt-5/5.15/srcs-generated.json b/pkgs/development/libraries/qt-5/5.15/srcs-generated.json index 8becac303a72b..55ff3497baba9 100644 --- a/pkgs/development/libraries/qt-5/5.15/srcs-generated.json +++ b/pkgs/development/libraries/qt-5/5.15/srcs-generated.json @@ -16,8 +16,8 @@ }, "qtbase": { "url": "https://invent.kde.org/qt/qt/qtbase.git", - "rev": "9e450254296be0a8fd4e6da10d116862a0fce82e", - "sha256": "1ny85vhjgqiqz3qmd8vm0c43zkm2cynabf37xkinsfj1yhbaj9qa" + "rev": "8907dedc858cc344d770a2e826d6acc516429540", + "sha256": "185fmglzb3blfpk6vjd716xr4cx4grxpbqji5idddl4887w18s91" }, "qtcharts": { "url": "https://invent.kde.org/qt/qt/qtcharts.git", From 2a8983aec1bf6001932911b02d7f149bdc2fac8d Mon Sep 17 00:00:00 2001 From: Ivan Babrou Date: Mon, 1 Jan 2024 19:57:10 -0800 Subject: [PATCH 119/124] rsync: fix missing ipv6 support (cherry picked from commit 6eca74cc0f9f68e2d14772cc91055832ae314abd) --- .../rsync/configure.ac-fix-failing-IPv6-check.patch | 12 ++++++++++++ pkgs/applications/networking/sync/rsync/default.nix | 2 ++ 2 files changed, 14 insertions(+) create mode 100644 pkgs/applications/networking/sync/rsync/configure.ac-fix-failing-IPv6-check.patch diff --git a/pkgs/applications/networking/sync/rsync/configure.ac-fix-failing-IPv6-check.patch b/pkgs/applications/networking/sync/rsync/configure.ac-fix-failing-IPv6-check.patch new file mode 100644 index 0000000000000..3305653d025ff --- /dev/null +++ b/pkgs/applications/networking/sync/rsync/configure.ac-fix-failing-IPv6-check.patch @@ -0,0 +1,12 @@ +diff -rup rsync-3.2.7/configure.sh rsync-3.2.7-fixed/configure.sh +--- rsync-3.2.7/configure.sh 2022-10-20 17:57:22 ++++ rsync-3.2.7-fixed/configure.sh 2024-01-01 19:51:58 +@@ -7706,7 +7706,7 @@ else $as_nop + #include + #include + #include +-main() ++int main() + { + if (socket(AF_INET6, SOCK_STREAM, 0) < 0) + exit(1); diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 1baf1c40eb14b..0d8b3d78ec05d 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -34,6 +34,8 @@ stdenv.mkDerivation rec { # https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577 # original source: https://build.opensuse.org/package/view_file/network/rsync/rsync-fortified-strlcpy-fix.patch?expand=1&rev=3f8dd2f4a404c96c0f69176e60893714 ./rsync-fortified-strlcpy-fix.patch + # https://github.com/WayneD/rsync/pull/558 + ./configure.ac-fix-failing-IPv6-check.patch ]; buildInputs = [ libiconv zlib popt ] From 79f3a0032a666c6bcf929edac28a0b4ae8b998c0 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 21 Nov 2023 10:48:48 +0000 Subject: [PATCH 120/124] libaom: 3.7.0 -> 3.7.1 Changes: https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 (cherry picked from commit 5afd78645bb04b31796204718d35b6c30b664414) --- pkgs/development/libraries/libaom/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 30d3c0d81b55e..826dc544a88f0 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation rec { pname = "libaom"; - version = "3.7.0"; + version = "3.7.1"; src = fetchzip { url = "https://aomedia.googlesource.com/aom/+archive/v${version}.tar.gz"; - hash = "sha256-Zf0g/CMI73O9Dkn9o7aIvwZ/8wh3lCmVY8nZaPwBp68="; + hash = "sha256-v2SBiDE4zZe3LMrlo/tP9GzmG/PJZ42rKi1svKJR6ZA="; stripRoot = false; }; From 1859b1b8255f3bfc9436aa5177426ec15ba0b6b3 Mon Sep 17 00:00:00 2001 From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com> Date: Fri, 29 Dec 2023 06:37:00 +0000 Subject: [PATCH 121/124] curl: fix ipv6 detection compile error in configure script (cherry picked from commit 84563fcd998e115ad3e4d0d84920ecc444caf9c4) --- .../curl/configure-ipv6-autodetect.diff | 46 +++++++++++++++++++ pkgs/tools/networking/curl/default.nix | 6 +++ 2 files changed, 52 insertions(+) create mode 100644 pkgs/tools/networking/curl/configure-ipv6-autodetect.diff diff --git a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff new file mode 100644 index 0000000000000..9797d2c16d11c --- /dev/null +++ b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff @@ -0,0 +1,46 @@ +diff --git a/configure b/configure +index 04d1de1..5de1b41 100755 +--- a/configure ++++ b/configure +@@ -24949,15 +24949,12 @@ else $as_nop + # include + #endif + #endif +-#include /* for exit() */ +-main() ++ ++int main(void) + { + struct sockaddr_in6 s; + (void)s; +- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) +- exit(1); +- else +- exit(0); ++ return socket(AF_INET6, SOCK_STREAM, 0) < 0; + } + + +diff --git a/configure.ac b/configure.ac +index 2d71c83..bd38dd9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1679,15 +1679,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), + # include + #endif + #endif +-#include /* for exit() */ +-main() ++ ++int main(void) + { + struct sockaddr_in6 s; + (void)s; +- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) +- exit(1); +- else +- exit(0); ++ return socket(AF_INET6, SOCK_STREAM, 0) < 0; + } + ]]) + ], diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 48bf59e252661..01208f0a121ca 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -57,6 +57,12 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-FsYqnErw9wPSi9pte783ukcFWtNBTXDexj4uYzbyqC0="; }; + patches = [ + # fix ipv6 autodetect compile error in configure script + # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) + ./configure-ipv6-autodetect.diff + ]; + outputs = [ "bin" "dev" "out" "man" "devdoc" ]; separateDebugInfo = stdenv.isLinux; From 74a30bd168f578217d16ea69664d15392dbc9a1d Mon Sep 17 00:00:00 2001 From: Randy Eckenrode Date: Thu, 4 Jan 2024 18:57:10 -0500 Subject: [PATCH 122/124] nix: fix installCheckPhase crashes on Darwin Ensure that `OBJC_DISABLE_INITIALIZE_FORK_SAFETY=yes` is set when starting the Nix daemon during tests, or the fetchurl.sh test will crash trying to initialize libcurl. This is happening since IPv6 support was enabled in https://github.com/NixOS/nixpkgs/pull/277471. See also: - http://sealiesoftware.com/blog/archive/2017/6/5/Objective-C_and_fork_in_macOS_1013.html - https://github.com/NixOS/nix/pull/2674 (cherry picked from commit 8dd78e6dc9fd8b2aabec9e4b016d44e118209503) --- pkgs/tools/package-management/nix/common.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/package-management/nix/common.nix b/pkgs/tools/package-management/nix/common.nix index 0ea47dd7e17cf..7aa7b1cc1a1da 100644 --- a/pkgs/tools/package-management/nix/common.nix +++ b/pkgs/tools/package-management/nix/common.nix @@ -213,6 +213,11 @@ self = stdenv.mkDerivation { preInstallCheck = lib.optionalString stdenv.isDarwin '' export TMPDIR=$NIX_BUILD_TOP '' + # Prevent crashes in libcurl due to invoking Objective-C `+initialize` methods after `fork`. + # See http://sealiesoftware.com/blog/archive/2017/6/5/Objective-C_and_fork_in_macOS_1013.html. + + lib.optionalString stdenv.isDarwin '' + export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=yes + '' # See https://github.com/NixOS/nix/issues/5687 + lib.optionalString (atLeast25 && stdenv.isDarwin) '' echo "exit 99" > tests/gc-non-blocking.sh From 14e563bcb33f0cd48990695ec9d18b30165c77ed Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 7 Jan 2024 22:16:10 +0100 Subject: [PATCH 123/124] curl: apply 8.5.0 security fixes Fixes: CVE-2023-46218, CVE-2023-46219 --- .../networking/curl/0001-CVE-2023-42619.patch | 132 ++++++++++++++++++ .../networking/curl/0002-CVE-2023-42618.patch | 53 +++++++ pkgs/tools/networking/curl/default.nix | 4 + 3 files changed, 189 insertions(+) create mode 100644 pkgs/tools/networking/curl/0001-CVE-2023-42619.patch create mode 100644 pkgs/tools/networking/curl/0002-CVE-2023-42618.patch diff --git a/pkgs/tools/networking/curl/0001-CVE-2023-42619.patch b/pkgs/tools/networking/curl/0001-CVE-2023-42619.patch new file mode 100644 index 0000000000000..9780653916da8 --- /dev/null +++ b/pkgs/tools/networking/curl/0001-CVE-2023-42619.patch @@ -0,0 +1,132 @@ +From 94aa318e2bab65d607a1aa18e5b14b4d3922b9fc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 08:23:17 +0100 +Subject: [PATCH 1/2] fopen: create short(er) temporary file name + +Only using random letters in the name plus a ".tmp" extension. Not by +appending characters to the final file name. + +Reported-by: Maksymilian Arciemowicz + +Closes #12388 + +(cherry picked from commit 73b65e94f3531179de45c6f3c836a610e3d0a846) +--- + lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 60 insertions(+), 5 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index 75b8a7aa5..a73ac068e 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -39,6 +39,51 @@ + #include "curl_memory.h" + #include "memdebug.h" + ++/* ++ The dirslash() function breaks a null-terminated pathname string into ++ directory and filename components then returns the directory component up ++ to, *AND INCLUDING*, a final '/'. If there is no directory in the path, ++ this instead returns a "" string. ++ ++ This function returns a pointer to malloc'ed memory. ++ ++ The input path to this function is expected to have a file name part. ++*/ ++ ++#ifdef _WIN32 ++#define PATHSEP "\\" ++#define IS_SEP(x) (((x) == '/') || ((x) == '\\')) ++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2) ++#define PATHSEP "\\" ++#define IS_SEP(x) ((x) == '\\') ++#else ++#define PATHSEP "/" ++#define IS_SEP(x) ((x) == '/') ++#endif ++ ++static char *dirslash(const char *path) ++{ ++ size_t n; ++ struct dynbuf out; ++ DEBUGASSERT(path); ++ Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH); ++ n = strlen(path); ++ if(n) { ++ /* find the rightmost path separator, if any */ ++ while(n && !IS_SEP(path[n-1])) ++ --n; ++ /* skip over all the path separators, if any */ ++ while(n && IS_SEP(path[n-1])) ++ --n; ++ } ++ if(Curl_dyn_addn(&out, path, n)) ++ return NULL; ++ /* if there was a directory, append a single trailing slash */ ++ if(n && Curl_dyn_addn(&out, PATHSEP, 1)) ++ return NULL; ++ return Curl_dyn_ptr(&out); ++} ++ + /* + * Curl_fopen() opens a file for writing with a temp name, to be renamed + * to the final name when completed. If there is an existing file using this +@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + FILE **fh, char **tempname) + { + CURLcode result = CURLE_WRITE_ERROR; +- unsigned char randsuffix[9]; ++ unsigned char randbuf[41]; + char *tempstore = NULL; + struct_stat sb; + int fd = -1; ++ char *dir; + *tempname = NULL; + ++ dir = dirslash(filename); ++ if(!dir) ++ goto fail; ++ + *fh = fopen(filename, FOPEN_WRITETEXT); + if(!*fh) + goto fail; +- if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) { ++ free(dir); + return CURLE_OK; ++ } + fclose(*fh); + *fh = NULL; + +- result = Curl_rand_alnum(data, randsuffix, sizeof(randsuffix)); ++ result = Curl_rand_alnum(data, randbuf, sizeof(randbuf)); + if(result) + goto fail; + +- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); ++ /* The temp file name should not end up too long for the target file ++ system */ ++ tempstore = aprintf("%s%s.tmp", dir, randbuf); + if(!tempstore) { + result = CURLE_OUT_OF_MEMORY; + goto fail; +@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + if(!*fh) + goto fail; + ++ free(dir); + *tempname = tempstore; + return CURLE_OK; + +@@ -105,7 +160,7 @@ fail: + } + + free(tempstore); +- ++ free(dir); + return result; + } + +-- +2.42.0 + diff --git a/pkgs/tools/networking/curl/0002-CVE-2023-42618.patch b/pkgs/tools/networking/curl/0002-CVE-2023-42618.patch new file mode 100644 index 0000000000000..b70f52e754208 --- /dev/null +++ b/pkgs/tools/networking/curl/0002-CVE-2023-42618.patch @@ -0,0 +1,53 @@ +From 7a4d226be90cf590dbece4762806400dc7d1b024 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH 2/2] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 + +(cherry picked from commit 2b0994c29a721c91c572cff7808c572a24d251eb) +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index af01203a9..57b2ad9a5 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1029,15 +1029,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain, strlen(domain)); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " +-- +2.42.0 + diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 01208f0a121ca..c1d806c89b3fe 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -61,6 +61,10 @@ stdenv.mkDerivation (finalAttrs: { # fix ipv6 autodetect compile error in configure script # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) ./configure-ipv6-autodetect.diff + # https://curl.se/docs/CVE-2023-46219.html + ./0001-CVE-2023-42619.patch + # https://curl.se/docs/CVE-2023-46218.html + ./0002-CVE-2023-42618.patch ]; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; From b62fdff47cea9264c760d8182a5300b74400c463 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 2 Jan 2024 12:56:02 +0100 Subject: [PATCH 124/124] inetutils: 2.4 -> 2.5 Changes: ``` * Noteworthy changes in release 2.4 (2022-10-25) [stable] ** ifconfig *** Support specifying prefix netmask lengths in -A. Patch by Samuel Thibault . ** Hurd: tell pfinet translator interfaces to configure Patch by Samuel Thibault . ** ftp *** Avoid crash caused by signed integer overflow resulting in out-of-bounds buffer access. Reported by AiDai in . *** Avoid crash caused by heap buffer overflow. Reported by ZFeiXQ in . *** Avoid crash caused by NULL pointer dereference. Reported by AiDai in . *** Avoid crash caused by infinite macro recursion. Reported by AiDai in . ** telnetd *** Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). CVE-2022-39028 https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html ** telnet *** Fix a buffer overflow problem. CVE-2019-0053 https://cgit.freebsd.org/src/commit/?id=14aab889f4e50072a6b914eb95ebbfa939539dad ** tftp *** Avoid crashing when given unexpected or invalid commands from tty. Reported by AiDai in . ** Various bugs fixes, internal improvements and clean ups. Update of gnulib and build fixes for C23. ``` (cherry picked from commit 448dd9faddfbc1052c8013f93d719f805230064b) --- pkgs/tools/networking/inetutils/default.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/pkgs/tools/networking/inetutils/default.nix b/pkgs/tools/networking/inetutils/default.nix index 9b1723a4d122a..53901be2f5922 100644 --- a/pkgs/tools/networking/inetutils/default.nix +++ b/pkgs/tools/networking/inetutils/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchpatch , ncurses , perl , help2man @@ -11,11 +10,11 @@ stdenv.mkDerivation rec { pname = "inetutils"; - version = "2.4"; + version = "2.5"; src = fetchurl { url = "mirror://gnu/${pname}/${pname}-${version}.tar.xz"; - sha256 = "sha256-F4nWsbGlff4qere1M+6fXf2cv1tZuxuzwmEu0I0PaLI="; + hash = "sha256-h2l9YKMeELXLhqnwZR4ex77pgyDQSMBzlDGqw9V2T7Y="; }; outputs = ["out" "apparmor"]; @@ -23,11 +22,6 @@ stdenv.mkDerivation rec { patches = [ # https://git.congatec.com/yocto/meta-openembedded/commit/3402bfac6b595c622e4590a8ff5eaaa854e2a2a3 ./inetutils-1_9-PATH_PROCNET_DEV.patch - (fetchpatch { - name = "CVE-2023-40303.patch"; - url = "https://git.savannah.gnu.org/cgit/inetutils.git/patch/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6"; - hash = "sha256-I5skN537owfpFpAZr4vDKPHuERI6+oq5/hFW2RQeUxI="; - }) ]; strictDeps = true;