Merge release-21.11 into staging-next-21.11

author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2022-03-15 00:12:35 +0000
committer: GitHub <noreply@github.com> 2022-03-15 00:12:35 +0000
commit: b03928b82c94a10c8e650c619ee099eed52a85d8 (patch)
tree: c6a2f98b2260d6a9c42c969bedb31bfcc530ba48
parent: Merge release-21.11 into staging-next-21.11 (diff)
parent: Merge pull request #164137 from NixOS/backport-164126-to-release-21.11 (diff)
download: nixpkgs-b03928b82c94a10c8e650c619ee099eed52a85d8.tar.gz
8 files changed, 85 insertions, 35 deletions
diff --git a/pkgs/applications/editors/music/tuxguitar/default.nix b/pkgs/applications/editors/music/tuxguitar/default.nix
index b76e4fa0a7b5..3605f6c6e4e2 100644
--- a/pkgs/applications/editors/music/tuxguitar/default.nix
+++ b/pkgs/applications/editors/music/tuxguitar/default.nix
@@ -2,11 +2,11 @@
 
 let metadata = assert stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux";
   if stdenv.hostPlatform.system == "i686-linux" then
-    { arch = "x86"; sha256 = "afa4b1116aee18e3ddd93132467809d0bcf03715cf9ad55b895f021a13e1cb8a"; }
+    { arch = "x86"; sha256 = "sha256-k4FQrt72VNb5FdYMzxskcVhKlvx8MZelUlLCItxDB7c="; }
   else
-    { arch = "x86_64"; sha256 = "55ab653c601727a2077080e7ea4d76fe7a897379934ed9a5b544e20d490f53f9"; };
+    { arch = "x86_64"; sha256 = "sha256-mj5wVQlY2xFzdulvMdb5Qb5HGwr7RElzIkpOLjaAfGA="; };
 in stdenv.mkDerivation rec {
-  version = "1.5.4";
+  version = "1.5.5";
   pname = "tuxguitar";
 
   src = fetchurl {
diff --git a/pkgs/applications/misc/obsidian/default.nix b/pkgs/applications/misc/obsidian/default.nix
index f293cc60d2a7..876dae6ea0a4 100644
--- a/pkgs/applications/misc/obsidian/default.nix
+++ b/pkgs/applications/misc/obsidian/default.nix
@@ -1,8 +1,8 @@
-{ stdenv, fetchurl, lib, makeWrapper, electron_13, makeDesktopItem, graphicsmagick
+{ stdenv, fetchurl, lib, makeWrapper, electron_16, makeDesktopItem, graphicsmagick
 , writeScript }:
 
 let
-  electron = electron_13;
+  electron = electron_16;
   icon = fetchurl {
     url =
       "https://forum.obsidian.md/uploads/default/original/1X/bf119bd48f748f4fd2d65f2d1bb05d3c806883b5.png";
@@ -31,11 +31,11 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "obsidian";
-  version = "0.12.19";
+  version = "0.13.30";
 
   src = fetchurl {
     url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/obsidian-${version}.tar.gz";
-    sha256 = "sha256-M9U67+mCL/CziTprCAhfrZTWl6i7HRfH24l/xqUqkIg=";
+    sha256 = "ymdqdDD7WWfol/jLBsz8tEzcN7Ed1HSIrkuA51cvKKw=";
   };
 
   nativeBuildInputs = [ makeWrapper graphicsmagick ];
@@ -68,6 +68,7 @@ in stdenv.mkDerivation rec {
     description =
       "A powerful knowledge base that works on top of a local folder of plain text Markdown files";
     homepage = "https://obsidian.md";
+    downloadPage = "https://github.com/obsidianmd/obsidian-releases/releases";
     license = licenses.obsidian;
     maintainers = with maintainers; [ conradmearns zaninime ];
     platforms = [ "x86_64-linux" ];
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index af6a838012ea..0d78fdd8aa5b 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -7,10 +7,10 @@ in
 rec {
   firefox = common rec {
     pname = "firefox";
-    version = "98.0";
+    version = "98.0.1";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
-      sha512 = "5b9186dd2a5dee5f2d2a2ce156fc06e2073cf71a70891a294cf3358218592f19ec3413d33b68d6f38e3cc5f940213e590a188e2b6efc39f416e90a55f89bfd9b";
+      sha512 = "1434ff775e6cdc6d9a75fa0e6d07a4680ada86ecfd7b65208c597ed765e847d900b68df355e6bea6461f6d86ee7a8b2ce3117f23826ad144bd87dfe64ee39b42";
     };
 
     meta = {
@@ -32,10 +32,10 @@ rec {
 
   firefox-esr-91 = common rec {
     pname = "firefox-esr";
-    version = "91.7.0esr";
+    version = "91.7.1esr";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
-      sha512 = "925811989d8a91d826ba356bd46ac54be8153288ec0319c28d2bfbe89191e62e107691159dd7ca247253e2a4952eb59a5b9613e3feea3f5351238d4822e26301";
+      sha512 = "c56aa38e9d706ff1f1838d2639dac82109dcffb54a7ea17326ae306604d78967ac32da13676756999bc1aa0bf50dc4e7072936ceb16e2e834bea48382ae4b48c";
     };
 
     meta = {
diff --git a/pkgs/games/factorio/versions.json b/pkgs/games/factorio/versions.json
index 0c159d6773ec..3c083c555d27 100644
--- a/pkgs/games/factorio/versions.json
+++ b/pkgs/games/factorio/versions.json
@@ -2,48 +2,56 @@
   "x86_64-linux": {
     "alpha": {
       "experimental": {
-        "name": "factorio_alpha_x64-1.1.45.tar.xz",
+        "name": "factorio_alpha_x64-1.1.56.tar.xz",
         "needsAuth": true,
-        "sha256": "1gqf8p253qwlsg66fzh6nb264ckmg2wrrvg7grcxxniki7whd759",
+        "sha256": "1i9mcq8m48ar0b3x53zgi5x9rsaddmlm2wqaphyf81xampl7ivcx",
         "tarDirectory": "x64",
-        "url": "https://factorio.com/get-download/1.1.45/alpha/linux64",
-        "version": "1.1.45"
+        "url": "https://factorio.com/get-download/1.1.56/alpha/linux64",
+        "version": "1.1.56"
       },
       "stable": {
-        "name": "factorio_alpha_x64-1.1.46.tar.xz",
+        "name": "factorio_alpha_x64-1.1.53.tar.xz",
         "needsAuth": true,
-        "sha256": "sha256-ikvtD5X0WRBVMsByXLXC5jtVZeIFQIsWlZ9vzomYdGU=",
+        "sha256": "1l5sk9rhf4pq9l87w5sv4a1ikqx8rpby5hf4xn7sdsm9mshd3wyw",
         "tarDirectory": "x64",
-        "url": "https://factorio.com/get-download/1.1.46/alpha/linux64",
-        "version": "1.1.46"
+        "url": "https://factorio.com/get-download/1.1.53/alpha/linux64",
+        "version": "1.1.53"
       }
     },
     "demo": {
+      "experimental": {
+        "name": "factorio_demo_x64-1.1.56.tar.xz",
+        "needsAuth": false,
+        "sha256": "0g1gphysh79h1frcjpfd5i3fpi05y8mq9gwmgnmalmr56w5n4qlz",
+        "tarDirectory": "x64",
+        "url": "https://factorio.com/get-download/1.1.56/demo/linux64",
+        "version": "1.1.56"
+      },
       "stable": {
-        "name": "factorio_demo_x64-1.1.46.tar.xz",
+        "name": "factorio_demo_x64-1.1.53.tar.xz",
         "needsAuth": false,
-        "sha256": "sha256-CJVk1b3GXqs8xV2a7Pa6p6JxEOy86xAnRfz6kphCDHk=",
+        "sha256": "0m3mk296w4azma2v5z6pay1caqql2jfnlcyyd120laxl4rdg2k76",
         "tarDirectory": "x64",
-        "url": "https://factorio.com/get-download/1.1.46/demo/linux64",
-        "version": "1.1.46"
+        "url": "https://factorio.com/get-download/1.1.53/demo/linux64",
+        "version": "1.1.53"
       }
     },
     "headless": {
       "experimental": {
-        "name": "factorio_headless_x64-1.1.45.tar.xz",
+        "name": "factorio_headless_x64-1.1.56.tar.xz",
         "needsAuth": false,
-        "sha256": "1ga35yricj5k2b00hwyb7jgpa0c4v73q3lj9sn424rjxixy6naxf",
+        "sha256": "174fvi9slpdp3y8j46w0w0ays7i7gy98il74xx5wxh7s94zb1b68",
         "tarDirectory": "x64",
-        "url": "https://factorio.com/get-download/1.1.45/headless/linux64",
-        "version": "1.1.45"
+        "url": "https://factorio.com/get-download/1.1.56/headless/linux64",
+        "version": "1.1.56"
       },
       "stable": {
-        "name": "factorio_headless_x64-1.1.46.tar.xz",
+        "name": "factorio_headless_x64-1.1.53.tar.xz",
         "needsAuth": false,
-        "sha256": "sha256-xJ/NBwQR6tdwoAz/1RZmcGwutqETWgzyAlpg5ls2ba0=",
+        "sha256": "18ra52h32nhdqxz6vagp9nw3an5pgamariy0ny050xr2xpidw3v1",
         "tarDirectory": "x64",
-        "url": "https://factorio.com/get-download/1.1.46/headless/linux64",
-        "version": "1.1.46"
+        "url": "https://factorio.com/get-download/1.1.53/headless/linux64",
+        "version": "1.1.53"
       }
     }
   }
diff --git a/pkgs/servers/nats-server/2.6.0-CVE-2022-26652.patch b/pkgs/servers/nats-server/2.6.0-CVE-2022-26652.patch
new file mode 100644
index 000000000000..7dfaebd5783c
--- /dev/null
+++ b/pkgs/servers/nats-server/2.6.0-CVE-2022-26652.patch
@@ -0,0 +1,40 @@
+Based on upstream https://github.com/nats-io/nats-server/commit/b4128693ed61aa0c32179af07677bcf1d8301dcd
+with test changes removed (as we don't run them (yet)) and
+the path -> filepath changes omitted as it is for the benefit
+of windows, which we don't really support
+
+--- a/server/stream.go
++++ b/server/stream.go
+@@ -3620,6 +3619,17 @@
+ 	}
+ 	defer os.RemoveAll(sdir)
+ 
++	logAndReturnError := func() error {
++		a.mu.RLock()
++		err := fmt.Errorf("unexpected content (account=%s)", a.Name)
++		if a.srv != nil {
++			a.srv.Errorf("Stream restore failed due to %v", err)
++		}
++		a.mu.RUnlock()
++		return err
++	}
++	sdirCheck := filepath.Clean(sdir) + string(os.PathSeparator)
++
+ 	tr := tar.NewReader(s2.NewReader(r))
+ 	for {
+ 		hdr, err := tr.Next()
+@@ -3629,7 +3639,13 @@
+ 		if err != nil {
+ 			return nil, err
+ 		}
+-		fpath := path.Join(sdir, filepath.Clean(hdr.Name))
++		if hdr.Typeflag != tar.TypeReg && hdr.Typeflag != tar.TypeRegA {
++			return nil, logAndReturnError()
++		}
++		fpath := filepath.Join(sdir, filepath.Clean(hdr.Name))
++		if !strings.HasPrefix(fpath, sdirCheck) {
++			return nil, logAndReturnError()
++		}
+ 		os.MkdirAll(filepath.Dir(fpath), defaultDirPerms)
+ 		fd, err := os.OpenFile(fpath, os.O_CREATE|os.O_RDWR, 0600)
+ 		if err != nil {
diff --git a/pkgs/servers/nats-server/default.nix b/pkgs/servers/nats-server/default.nix
index 2ed93ccce0d9..8163f2077982 100644
--- a/pkgs/servers/nats-server/default.nix
+++ b/pkgs/servers/nats-server/default.nix
@@ -17,6 +17,7 @@ buildGoPackage rec {
 
   patches = [
     ./2.6.0-CVE-2022-24450.patch
+    ./2.6.0-CVE-2022-26652.patch
   ];
 
   meta = {
diff --git a/pkgs/tools/networking/wget/default.nix b/pkgs/tools/networking/wget/default.nix
index 423363b56c28..e0fdbdff0b3a 100644
--- a/pkgs/tools/networking/wget/default.nix
+++ b/pkgs/tools/networking/wget/default.nix
@@ -6,11 +6,11 @@
 
 stdenv.mkDerivation rec {
   pname = "wget";
-  version = "1.21.2";
+  version = "1.21.3";
 
   src = fetchurl {
     url = "mirror://gnu/wget/${pname}-${version}.tar.lz";
-    sha256 = "sha256-FyejMKhqyss+V2Fc4mj18pl4v3rexKvmow03Age8kbM=";
+    sha256 = "sha256-29L7XkcUnUdS0Oqg2saMxJzyDUbfT44yb/yPGLKvTqU=";
   };
 
   patches = [
diff --git a/pkgs/tools/package-management/nix-eval-jobs/default.nix b/pkgs/tools/package-management/nix-eval-jobs/default.nix
index a9cf1238441c..c301725d3448 100644
--- a/pkgs/tools/package-management/nix-eval-jobs/default.nix
+++ b/pkgs/tools/package-management/nix-eval-jobs/default.nix
@@ -4,7 +4,7 @@
 , fetchFromGitHub
 , meson
 , ninja
-, nix
+, nix_2_4
 , nlohmann_json
 , pkg-config
 , stdenv
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   };
   buildInputs = [
     boost
-    nix
+    nix_2_4
     nlohmann_json
   ];
   nativeBuildInputs = [
author	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2022-03-15 00:12:35 +0000
committer	GitHub <noreply@github.com>	2022-03-15 00:12:35 +0000
commit	b03928b82c94a10c8e650c619ee099eed52a85d8 (patch)
tree	c6a2f98b2260d6a9c42c969bedb31bfcc530ba48
parent	Merge release-21.11 into staging-next-21.11 (diff)
parent	Merge pull request #164137 from NixOS/backport-164126-to-release-21.11 (diff)
download	nixpkgs-b03928b82c94a10c8e650c619ee099eed52a85d8.tar.gz