diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-05-28 00:15:31 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-28 00:15:31 +0000 |
| commit | 9536eea4eed046b71db17115b5b5306c306eda68 (patch) | |
| tree | bd37c99762c4b5ae53d22a91298dd2d0d8b5ecde | |
| parent | Merge staging-next-21.11 into staging-21.11 (diff) | |
| parent | Merge release-21.11 into staging-next-21.11 (diff) | |
| download | nixpkgs-9536eea4eed046b71db17115b5b5306c306eda68.tar.gz | |
Merge staging-next-21.11 into staging-21.11
18 files changed, 272 insertions, 161 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 3a9e07187e2d..c397936a7cc7 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -160,9 +160,20 @@ let ./patches/no-build-timestamps.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags: ./patches/widevine-79.patch + ] ++ optionals (versionRange "102" "103") [ + # https://dawn-review.googlesource.com/c/dawn/+/88582 + # Wrap get_gitHash in try-catch to prevent failures in tarball builds. + ./patches/m102-fix-dawn_version_generator-failure.patch ]; postPatch = '' + # Workaround/fix for https://bugs.chromium.org/p/chromium/issues/detail?id=1313361: + substituteInPlace BUILD.gn \ + --replace '"//infra/orchestrator:orchestrator_all",' "" + # Disable build flags that require LLVM 15: + substituteInPlace build/config/compiler/BUILD.gn \ + --replace '"-Xclang",' "" \ + --replace '"-no-opaque-pointers",' "" # remove unused third-party for lib in ${toString gnSystemLibraries}; do if [ -d "third_party/$lib" ]; then @@ -182,6 +193,7 @@ let --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" fi chmod -x third_party/webgpu-cts/src/tools/run_deno + chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ diff --git a/pkgs/applications/networking/browsers/chromium/patches/m102-fix-dawn_version_generator-failure.patch b/pkgs/applications/networking/browsers/chromium/patches/m102-fix-dawn_version_generator-failure.patch new file mode 100644 index 000000000000..e9391541e435 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/m102-fix-dawn_version_generator-failure.patch @@ -0,0 +1,43 @@ +From e9ffd084ec1ff9f7bfc86879732953dc58256958 Mon Sep 17 00:00:00 2001 +From: Loko Kung <lokokung@google.com> +Date: Tue, 3 May 2022 00:28:53 +0000 +Subject: [PATCH] Wrap get_gitHash in try-catch to prevent failures in tarball + builds. + +Bug: chromium:1321370 +Change-Id: If39d2236d1b4d965f7bd189f6bd1cdc70436c41d +Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/88582 +Commit-Queue: Loko Kung <lokokung@google.com> +Reviewed-by: Austin Eng <enga@chromium.org> +Kokoro: Kokoro <noreply+kokoro@google.com> +(cherry picked from commit 03ddfbb81fb4127ca37ea53e70fcb34fe851e24e) +--- + third_party/dawn/generator/dawn_version_generator.py | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/third_party/dawn/generator/dawn_version_generator.py b/third_party/dawn/generator/dawn_version_generator.py +index 1907e88da..3c1927bee 100644 +--- a/third_party/dawn/generator/dawn_version_generator.py ++++ b/third_party/dawn/generator/dawn_version_generator.py +@@ -23,11 +23,14 @@ def get_git(): + + + def get_gitHash(dawnDir): +- result = subprocess.run([get_git(), 'rev-parse', 'HEAD'], +- stdout=subprocess.PIPE, +- cwd=dawnDir) +- if result.returncode == 0: +- return result.stdout.decode('utf-8').strip() ++ try: ++ result = subprocess.run([get_git(), "rev-parse", "HEAD"], ++ stdout=subprocess.PIPE, ++ cwd=dawnDir) ++ if result.returncode == 0: ++ return result.stdout.decode("utf-8").strip() ++ except Exception: ++ return "" + # No hash was available (possibly) because the directory was not a git checkout. Dawn should + # explicitly handle its absenece and disable features relying on the hash, i.e. caching. + return '' +-- +2.36.0 diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 1c059346aafe..4eae1d13099f 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -1,63 +1,63 @@ { "stable": { - "version": "101.0.4951.64", - "sha256": "1xyqm32y9v1hn8ji6qfw6maynqgg3266j58dq4x4aqsm2gj9cn4w", - "sha256bin64": "14ijrj7h2y72ppyysz6jv40c01lbnan7z69cl24asch2zjlgwv8v", + "version": "102.0.5005.61", + "sha256": "07vbi3gn9g4n04b2qi2hm34r122snrqaifa46yk3pyh1d79rfdqs", + "sha256bin64": "100n8k3d9k5bq58irc36ig6m5m0lxggffyk4crqqqcib2anqd0zv", "deps": { "gn": { - "version": "2022-03-14", + "version": "2022-04-14", "url": "https://gn.googlesource.com/gn", - "rev": "bd99dbf98cbdefe18a4128189665c5761263bcfb", - "sha256": "0nql15ckjqkm001xajq3qyn4h4q80i7x6dm9zinxxr1a8q5lppx3" + "rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167", + "sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h" } }, "chromedriver": { - "version": "101.0.4951.41", - "sha256_linux": "0zsh6cm7h1m0k5mx1cd29knxjxaadjjcbp7m5fr2mx9c21a1nlcr", - "sha256_darwin": "09py50436y81lw2vk44256dmzsg8dqj14fd0g0gs1cc3ps6q4awl", - "sha256_darwin_aarch64": "0krjijd0zgwg8d44miz43xrjdlvfiymbrrz5r1hzpx64555ch12y" + "version": "102.0.5005.27", + "sha256_linux": "1978xwj9kf8nihgakmnzgibizq6wp74qp2d2fxgrsgggjy1clmbv", + "sha256_darwin": "0abnqpdm5hgirzj9g2zwkjcc7cwnnr3va4qn09g5yqndlbvi9nqd", + "sha256_darwin_aarch64": "0mw7vypghnw3qdci8g11hgfwbfln471dq1mymxn4bi7691xxb6a2" } }, "beta": { - "version": "101.0.4951.41", - "sha256": "0dzsbr309n70jg7fpq2qfnrgcm4553akvdmnzhss1fc85s467609", - "sha256bin64": "1jbj5cykxamf32c1s4gsid1wxcsdf4hng2d19q9h7b2ashkvvrbi", + "version": "102.0.5005.49", + "sha256": "16r9mrsagy8lspr4pcrzfpw0vw0ym9m7n41a9yipjhm2arlhw5b2", + "sha256bin64": "0lyk6rd9c1gyvxsmq1bl7asr7carzyaan306ddvwxsy5rfh53jxa", "deps": { "gn": { - "version": "2022-03-14", + "version": "2022-04-14", "url": "https://gn.googlesource.com/gn", - "rev": "bd99dbf98cbdefe18a4128189665c5761263bcfb", - "sha256": "0nql15ckjqkm001xajq3qyn4h4q80i7x6dm9zinxxr1a8q5lppx3" + "rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167", + "sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h" } } }, "dev": { - "version": "102.0.5005.12", - "sha256": "11n03hz3g8h7srywxrjwrdrxybdjvmdjrnigjlrwjkydprg1l7ab", - "sha256bin64": "0hc56a98ikkbgdw36dpz9k6r15jmjmnm7faml8z59vixxlvkrw7y", + "version": "103.0.5056.0", + "sha256": "1mvi7yc38cxn39wqm8ybrn862gaw293rb6lwcszc6rmzwd9jmd29", + "sha256bin64": "06371adaz8llzfjykc72vjvpy3xrgvqzz9kdrr82jdx1pjdbv29d", "deps": { "gn": { - "version": "2022-04-14", + "version": "2022-05-09", "url": "https://gn.googlesource.com/gn", - "rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167", - "sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h" + "rev": "bf4e17dc67b2a2007475415e3f9e1d1cf32f6e35", + "sha256": "0d2lb4alsx32zsdw3jxpxbzal350mim237p2y984h4r6fd1ddzyi" } } }, "ungoogled-chromium": { - "version": "101.0.4951.64", - "sha256": "1xyqm32y9v1hn8ji6qfw6maynqgg3266j58dq4x4aqsm2gj9cn4w", - "sha256bin64": "14ijrj7h2y72ppyysz6jv40c01lbnan7z69cl24asch2zjlgwv8v", + "version": "102.0.5005.61", + "sha256": "07vbi3gn9g4n04b2qi2hm34r122snrqaifa46yk3pyh1d79rfdqs", + "sha256bin64": "100n8k3d9k5bq58irc36ig6m5m0lxggffyk4crqqqcib2anqd0zv", "deps": { "gn": { - "version": "2022-03-14", + "version": "2022-04-14", "url": "https://gn.googlesource.com/gn", - "rev": "bd99dbf98cbdefe18a4128189665c5761263bcfb", - "sha256": "0nql15ckjqkm001xajq3qyn4h4q80i7x6dm9zinxxr1a8q5lppx3" + "rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167", + "sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h" }, "ungoogled-patches": { - "rev": "101.0.4951.64-1", - "sha256": "0k7w6xvjf1yzyak9ywvcdw762d8zbx6d8haz35q87jz0mxfn2mr3" + "rev": "102.0.5005.61-1", + "sha256": "1hlyi6k894blkkqmqsizx72bag2vj6wlpza0fvi8db5wp6i5b58g" } } } diff --git a/pkgs/applications/networking/browsers/google-chrome/default.nix b/pkgs/applications/networking/browsers/google-chrome/default.nix index 39e9f1cb443c..bb9976e63e32 100644 --- a/pkgs/applications/networking/browsers/google-chrome/default.nix +++ b/pkgs/applications/networking/browsers/google-chrome/default.nix @@ -32,7 +32,7 @@ , channel ? "stable" # Necessary for USB audio devices. -, pulseSupport ? true, libpulseaudio ? null +, pulseSupport ? true, libpulseaudio # Only needed for getting information about upstream binaries , chromium diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index e66a432836da..b6485a32851c 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,61 +2,61 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.280-hardened1.patch", - "sha256": "0hkn7rbgvnv9v7pzrg5g6ygmdzlrjl3yama9kp9aw0xw2akghmb4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.280-hardened1/linux-hardened-4.14.280-hardened1.patch" + "name": "linux-hardened-4.14.281-hardened1.patch", + "sha256": "1i70qrv9dfpp0szl2m6icrnzpgw1r21nr4b6bbpdf1gmq22y9gf1", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.281-hardened1/linux-hardened-4.14.281-hardened1.patch" }, - "sha256": "01jr0f7mq919s7xxvv8sc1mg6isc1ggij33l2s0n6jvykm23ghrr", - "version": "4.14.280" + "sha256": "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis", + "version": "4.14.281" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.244-hardened1.patch", - "sha256": "063q4vd0spk602s4if751341jaansh0764qq7fhy764j31678n0j", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.244-hardened1/linux-hardened-4.19.244-hardened1.patch" + "name": "linux-hardened-4.19.245-hardened1.patch", + "sha256": "181bsz4zzw1hmk3l0cxrgfxlf1z5gy86bxrnwxh08n3j35biywf2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.245-hardened1/linux-hardened-4.19.245-hardened1.patch" }, - "sha256": "1g9562v6ny196rw2n3kj43nrz65qa7imwnmfasvj6x8fm8bdhz79", - "version": "4.19.244" + "sha256": "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr", + "version": "4.19.245" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.117-hardened1.patch", - "sha256": "1l53sjknm8q76r1jljm321cmh6ic36pc9w5rmi68lbds19ndfpx3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.117-hardened1/linux-hardened-5.10.117-hardened1.patch" + "name": "linux-hardened-5.10.118-hardened1.patch", + "sha256": "0kn33lzb92p80rvy3jzkhnv5izr8h082x400s6ihxp1sqdal0fb7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.118-hardened1/linux-hardened-5.10.118-hardened1.patch" }, - "sha256": "1iyw3nmsga2binmrhfnzsf1pvn2bs21a8jw6vm89k26z5h8zfgkh", - "version": "5.10.117" + "sha256": "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65", + "version": "5.10.118" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.41-hardened1.patch", - "sha256": "1y98rvn4qyx8w8bjchfzsd7g9gkhfm20cwaj3p88sgq7q81kyz8s", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.41-hardened1/linux-hardened-5.15.41-hardened1.patch" + "name": "linux-hardened-5.15.43-hardened1.patch", + "sha256": "03ilpzhr01567aaadwwk3qdnh9hlm427ihyrr59dwlwsfcqy2fd9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.43-hardened1/linux-hardened-5.15.43-hardened1.patch" }, - "sha256": "07jrsr54rvhry3g401h58r1773zinq49dbrkb9v1p6q27gyb2z1w", - "version": "5.15.41" + "sha256": "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6", + "version": "5.15.43" }, "5.17": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.17.9-hardened1.patch", - "sha256": "0n7zz04vnajpsfn662fxx75jinnr0kpqwzyypgwn99v4lmsxvza1", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.9-hardened1/linux-hardened-5.17.9-hardened1.patch" + "name": "linux-hardened-5.17.11-hardened1.patch", + "sha256": "01l4k1j23ckkifjxwaq9lcfp7ynpasyn5f7nqsff6xx2wcg0qyxf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.11-hardened1/linux-hardened-5.17.11-hardened1.patch" }, - "sha256": "0y2rmn86z3cvgv71b6sjjyafnlbanlib1kjpjjqzjbgg86y2890p", - "version": "5.17.9" + "sha256": "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p", + "version": "5.17.11" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.195-hardened1.patch", - "sha256": "1q7a211jw22nl1yz3k3cv6g4h7csir0wwyypzij54xbg3k7by0p9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.195-hardened1/linux-hardened-5.4.195-hardened1.patch" + "name": "linux-hardened-5.4.196-hardened1.patch", + "sha256": "11q9sadncbz84yhsai7xdbrgmcbghj0hc1lqc45767v1f3snmpyi", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.196-hardened1/linux-hardened-5.4.196-hardened1.patch" }, - "sha256": "078380qhds2jwfmrchna6p27wpfb74pvnj4xiyc5k38gysfmnbzj", - "version": "5.4.195" + "sha256": "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig", + "version": "5.4.196" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 4c4d7c932450..bfed578429ef 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.280"; + version = "4.14.281"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "01jr0f7mq919s7xxvv8sc1mg6isc1ggij33l2s0n6jvykm23ghrr"; + sha256 = "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index ea79db67ed75..606fe18413fe 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.244"; + version = "4.19.245"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1g9562v6ny196rw2n3kj43nrz65qa7imwnmfasvj6x8fm8bdhz79"; + sha256 = "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 9f82f1805e90..93570b9b5c0e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.315"; + version = "4.9.316"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1171p90s00jxg1clyz8kp81ilmdzygg131mxysr6lpkaisahkjg6"; + sha256 = "05yd7djm6dcxv3vaylhmj3p0yml421azv8qabmhv4ric1f99idjp"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index daeabc538370..aa4a489692d9 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.117"; + version = "5.10.118"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1iyw3nmsga2binmrhfnzsf1pvn2bs21a8jw6vm89k26z5h8zfgkh"; + sha256 = "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.15.nix b/pkgs/os-specific/linux/kernel/linux-5.15.nix index 215073eea422..49f448acc5d8 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.41"; + version = "5.15.43"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "07jrsr54rvhry3g401h58r1773zinq49dbrkb9v1p6q27gyb2z1w"; + sha256 = "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.17.nix b/pkgs/os-specific/linux/kernel/linux-5.17.nix index 46384061684d..19e521432fde 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.17.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.17.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.17.9"; + version = "5.17.11"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0y2rmn86z3cvgv71b6sjjyafnlbanlib1kjpjjqzjbgg86y2890p"; + sha256 = "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 1d5bbc07832f..b2d9a81d0f8b 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.195"; + version = "5.4.196"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "078380qhds2jwfmrchna6p27wpfb74pvnj4xiyc5k38gysfmnbzj"; + sha256 = "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig"; }; } // (args.argsOverride or {})) diff --git a/pkgs/servers/mastodon/default.nix b/pkgs/servers/mastodon/default.nix index 075389e325a4..0b7304a32edd 100644 --- a/pkgs/servers/mastodon/default.nix +++ b/pkgs/servers/mastodon/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { yarnOfflineCache = fetchYarnDeps { yarnLock = "${src}/yarn.lock"; - sha256 = "sha256-FCwyJJwZ3/CVPT8LUid+KJcWCmFQet8Cftl7DVYhZ6I="; + sha256 = "sha256-2NSibx026ENAqphGGhNoLwUldWTEPbDBrYu3hgeRlnM="; }; mastodon-gems = bundlerEnv { diff --git a/pkgs/servers/mastodon/gemset.nix b/pkgs/servers/mastodon/gemset.nix index a6deedbcb81c..bdfd11d5ce3e 100644 --- a/pkgs/servers/mastodon/gemset.nix +++ b/pkgs/servers/mastodon/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0znrdixzpbr7spr4iwp19z3r2f2klggh9pmnsiix8qrvccc5lsdl"; + sha256 = "0p8zkh5ww16y8n1jp12y1gjrmll7m7305c91p419f10qrw4x8cgc"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; actionmailbox = { dependencies = ["actionpack" "activejob" "activerecord" "activestorage" "activesupport" "mail"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17mcv2qfjkix1q18nj6kidrhdwxd0rdzssdkdanrpp905z0sx0mw"; + sha256 = "0z52r7k3ig09zjvfcb8xnrl9vl0ssii22c2h7gx26nq8wb7yjkwq"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; actionmailer = { dependencies = ["actionpack" "actionview" "activejob" "activesupport" "mail" "rails-dom-testing"]; @@ -27,10 +27,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1084nk3fzq76gzl6kc9dwb586g3kcj1kmp8w1nsrhpl523ljgl1s"; + sha256 = "186bkhrp8j81nrw5xznbi0nyhk49gdv6ynd80pcyk5lxhfkiw1wc"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; actionpack = { dependencies = ["actionview" "activesupport" "rack" "rack-test" "rails-dom-testing" "rails-html-sanitizer"]; @@ -38,10 +38,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1b2vxprwfkza3h6z3pq508hsjh1hz9f8d7739j469mqlxsq5jh1l"; + sha256 = "1walbq04v4qvgnz39cbfhz9bzhsf14q1h7gd0kgjy3frld6ysrhb"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; actiontext = { dependencies = ["actionpack" "activerecord" "activestorage" "activesupport" "nokogiri"]; @@ -49,10 +49,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ld6x9x05b1n40rjp83hsi4byp15zvb3lmvfk2h8jgxfrpb47c6j"; + sha256 = "0s6v0vnnm8zrxc3pr058r8bvgs6fxgjhadbc5r1sv1mrbyvvm1h0"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; actionview = { dependencies = ["activesupport" "builder" "erubi" "rails-dom-testing" "rails-html-sanitizer"]; @@ -60,10 +60,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0y54nw3x38lj0qh36hlzjw82px328k01fyrk21d6xlpn1w0j98gv"; + sha256 = "05r0h7pvc0szqmgnra0j3j8ap7dmiyw9s6qksx41v5cxknmfi0h3"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; active_model_serializers = { dependencies = ["actionpack" "activemodel" "case_transform" "jsonapi-renderer"]; @@ -92,10 +92,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1i6s8ppwnf0zcz466i5qi2gd7fdgxkl22db50mxkyfnbwnzbfw49"; + sha256 = "0gjvxrzdbg0dsyqx7wsmxqfvlpl37zvzq3d1cylhb5qslsw6ml05"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; activemodel = { dependencies = ["activesupport"]; @@ -103,10 +103,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01bbxwbih29qcmqrrvqymlc6hjf0r38rpwdfgaimisp5vms3xxsn"; + sha256 = "1f0ai51icvvx5q0jd1l89k0dlwzpsrkqlj6x43f8qc4bd1ya9glx"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; activerecord = { dependencies = ["activemodel" "activesupport"]; @@ -114,10 +114,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yscjy5766g67ip3g7614b0hhrpgz5qk22nj8ghzcjqh3fj2k2n0"; + sha256 = "0khjnkvmiyap1g3rvw9hp16mzai4smqcg5hxhq28pll25ljzxdbp"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; activestorage = { dependencies = ["actionpack" "activejob" "activerecord" "activesupport" "marcel" "mini_mime"]; @@ -125,10 +125,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1m0m7k0p5b7dfpmh9aqfs5fapaymkml3gspirpaq6w9w55ahf6pv"; + sha256 = "03w600j4jzgfycy2xm6cxry3q5rpvx1jvr7msy1jx65sa2shgjha"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; activesupport = { dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"]; @@ -136,10 +136,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ylj0nwk9y5hbgv93wk8kkbg9z9bv1052ic37n9ib34w0bkgrzw4"; + sha256 = "08wzpwgdm03vzb8gqr8bvfdarb89g5ah0skvwqk6qv87p55xqkyw"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; addressable = { dependencies = ["public_suffix"]; @@ -250,10 +250,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1afpq7sczg91xx5xi4xlgcwrrhmy3k6mrk60ph8avbfiyxgw27pc"; + sha256 = "0vqb2bfq5db7x66f4n4z30c953y5q8pwwl2067nxhz6j0c486pzm"; type = "gem"; }; - version = "1.582.0"; + version = "1.587.0"; }; aws-sdk-core = { dependencies = ["aws-eventstream" "aws-partitions" "aws-sigv4" "jmespath"]; @@ -283,10 +283,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17pc197a6axmnj6rbhgsvks2w0mv2mmr2bwh1k4mazbfp72ss87i"; + sha256 = "1r6dxz3llgxbbm66jq5mkzk0i6qsxwv0d9s0ipwb23vv3bgp23yf"; type = "gem"; }; - version = "1.113.2"; + version = "1.114.0"; }; aws-sigv4 = { dependencies = ["aws-eventstream"]; @@ -379,10 +379,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bk1xz5w29cq84svnrlgcrwvy1lpkwqrv6cmkkivs3yrym09av14"; + sha256 = "1m188ypcl2lb1hin21fmyk9d4fbjw4w7cr2k6l37jasw3rmgnvjv"; type = "gem"; }; - version = "5.2.2"; + version = "5.2.3"; }; browser = { groups = ["default"]; @@ -508,10 +508,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dv75hs45456mi76h720gxk959gpg4f6091hmk42y0ln6kp2x7i0"; + sha256 = "05df76mfhfab6d7ir0qy5xf1ad6kqdh2p6vfqv7nhlx45k1y4ysg"; type = "gem"; }; - version = "3.36.0"; + version = "3.37.1"; }; case_transform = { dependencies = ["activesupport"]; @@ -775,16 +775,6 @@ }; version = "2.7.6"; }; - e2mmap = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0n8gxjb63dck3vrmsdcqqll7xs7f3wk78mw8w0gdk9wp5nx6pvj5"; - type = "gem"; - }; - version = "0.1.0"; - }; ed25519 = { groups = ["default"]; platforms = []; @@ -895,10 +885,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1694ndj701a8q4c4bwxz53kx94ih1rr4pgr4gk7a6c8k4jsbjgwi"; + sha256 = "025lapimxw0db74gf2yd6zypqq1yvfblhk7wkd6h3r1szk7k8r8p"; type = "gem"; }; - version = "2.20.0"; + version = "2.21.0"; }; faraday = { dependencies = ["faraday-em_http" "faraday-em_synchrony" "faraday-excon" "faraday-httpclient" "faraday-multipart" "faraday-net_http" "faraday-net_http_persistent" "faraday-patron" "faraday-rack" "faraday-retry" "ruby2_keywords"]; @@ -1312,10 +1302,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hiblss98hmybs82xsaavhz1cwlhhx92jzlx8ypkriylxhhwmigk"; + sha256 = "03frq52fad0qs2gy7769nywv7bnspxccbsv10akzgx7icfjsjldv"; type = "gem"; }; - version = "1.0.9"; + version = "1.0.10"; }; idn-ruby = { groups = ["default"]; @@ -1545,10 +1535,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fpx5p8n0jq4bdazb2vn19sqkmh398rk9b2pa3gdi43snfn485cr"; + sha256 = "18ymp6l3bv7abz07k6qbbi9c9vsiahq30d2smh4qzsvag8j5m5v1"; type = "gem"; }; - version = "2.17.0"; + version = "2.18.0"; }; mail = { dependencies = ["mini_mime"]; @@ -1762,10 +1752,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g43ii497cwdqhfnaxfl500bq5yfc5hfv5df1lvf6wcjnd708ihd"; + sha256 = "11w59ga9324yx6339dgsflz3dsqq2mky1qqdwcg6wi5s1bf2yldi"; type = "gem"; }; - version = "1.13.4"; + version = "1.13.6"; }; nsa = { dependencies = ["activesupport" "concurrent-ruby" "sidekiq" "statsd-ruby"]; @@ -1899,10 +1889,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zaghgvva2q4jqbachg8jvpwgbg3w1jqr0d00m8rqciqznjgsw3c"; + sha256 = "0xhfghgidj8cbdnqp01f7kvnrv1f60izpkd9dhxsvpdzkfsdg97d"; type = "gem"; }; - version = "3.1.1.0"; + version = "3.1.2.0"; }; parslet = { groups = ["default"]; @@ -2036,10 +2026,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + sha256 = "1f3knlwfwm05sfbaihrxm4g772b79032q14c16q4b38z8bi63qcb"; type = "gem"; }; - version = "4.0.6"; + version = "4.0.7"; }; puma = { dependencies = ["nio4r"]; @@ -2154,10 +2144,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08a9wl2g4q403jc9iziqh37c64yccp6rzxz6avy0l7ydslpxggv8"; + sha256 = "06wzq30c2f9jhsbkxwg9n18xwyh66fnpbndkrvq1c4mrl2rx478z"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; rails-controller-testing = { dependencies = ["actionpack" "actionview" "activesupport"]; @@ -2220,10 +2210,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lirp0g1n114gwkqbqki2fjqwnbyzhn30z97jhikqldd0r54f4b9"; + sha256 = "16dyjmy42v51acmx1ba2xxncvx368ss5rww6bsf1lwgyk4vqn41h"; type = "gem"; }; - version = "6.1.5.1"; + version = "6.1.6"; }; rainbow = { groups = ["default" "development" "test"]; @@ -2293,10 +2283,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0a6nxfq3ln1i109jx172n33s73a90l8g04h8p56bmw9phj467h9k"; + sha256 = "01rmdc7ryjyajk3a4mdn68y4bvp3ly9xv610wia3291hsiqncrb6"; type = "gem"; }; - version = "2.3.0"; + version = "2.4.0"; }; request_store = { dependencies = ["rack"]; @@ -2453,10 +2443,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00d9nzlnbxr3jqkya2b2rcahs9l22qpdk5qf3y7pws8m555l8slk"; + sha256 = "0k2wp9sxqpdyc12kp8qafls0yn44vq90zxd830s7y7rxp9xq3018"; type = "gem"; }; - version = "1.27.0"; + version = "1.29.1"; }; rubocop-ast = { dependencies = ["parser"]; @@ -2464,10 +2454,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k9izkr5rhw3zc309yjp17z7496l74j4li3zrcgpgqfnqwz695qx"; + sha256 = "1b3p4wy68jkyq8vhm5y568wlhsihy3ilnp2c6ig18xcw1slnkypl"; type = "gem"; }; - version = "1.17.0"; + version = "1.18.0"; }; rubocop-rails = { dependencies = ["activesupport" "rack" "rubocop"]; @@ -2581,10 +2571,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fq3nxpj1c9s2bi056p9cldb7zy45bgdkjq8721zypw1pkvllb7f"; + sha256 = "0b06kw7frd8hrb7373pvfd39qap00ykkvipgymgwxfjzrgz0ag0d"; type = "gem"; }; - version = "6.4.1"; + version = "6.4.2"; }; sidekiq-bulk = { dependencies = ["sidekiq"]; @@ -2598,15 +2588,15 @@ version = "0.2.0"; }; sidekiq-scheduler = { - dependencies = ["e2mmap" "redis" "rufus-scheduler" "sidekiq" "thwait" "tilt"]; + dependencies = ["redis" "rufus-scheduler" "sidekiq" "tilt"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ncly0glyvcx8cm976c811iw70y5wyix6iwfsmmgfvi0jmy1h4v3"; + sha256 = "0kn0zzpl778345a9pc3dfc7lkgr8h1gwajs6miylmyd9krkh0yfm"; type = "gem"; }; - version = "3.2.0"; + version = "4.0.0"; }; sidekiq-unique-jobs = { dependencies = ["brpoplpush-redis_script" "concurrent-ruby" "sidekiq" "thor"]; @@ -2614,10 +2604,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ibrdlpvlra8wxkhapiipwrx8v9y6wpmxlfn5r53swvhmlkrjqgq"; + sha256 = "170i40s7rsw66cplq2akia409vxnb8i34ypy99qpx0pxs8rp4c4d"; type = "gem"; }; - version = "7.1.21"; + version = "7.1.22"; }; simple-navigation = { dependencies = ["activesupport"]; @@ -2740,10 +2730,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ixpwp14hrygif8c1wn05gh4d4nq1940p3grh95r4dqmpjdqn0sr"; + sha256 = "1628qf2ynldqz20h5lkaivk166qknk15gxg130n9pvz568k1sdp8"; type = "gem"; }; - version = "2.2.1"; + version = "3.0.0"; }; strong_migrations = { dependencies = ["activerecord"]; @@ -2809,17 +2799,6 @@ }; version = "1.2.1"; }; - thwait = { - dependencies = ["e2mmap"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0q0fqlh0668j66z0g3s5yhqs39368az2ycxyphsx4c5nib5r4kak"; - type = "gem"; - }; - version = "0.2.0"; - }; tilt = { groups = ["default"]; platforms = []; diff --git a/pkgs/servers/mastodon/source.nix b/pkgs/servers/mastodon/source.nix index 6d4dc034ff65..151782e479fe 100644 --- a/pkgs/servers/mastodon/source.nix +++ b/pkgs/servers/mastodon/source.nix @@ -2,8 +2,8 @@ { fetchgit, applyPatches }: let src = fetchgit { url = "https://github.com/mastodon/mastodon.git"; - rev = "v3.5.2"; - sha256 = "03sk0rzf7zy0vpq6f5f909hx5gbnan5b5h068grgzv2v7lj11was"; + rev = "v3.5.3"; + sha256 = "1z0fgyvzz7nlbg2kaxsh53c4bq4y6n5f9r8lyfa7vzvz9nwrkqiq"; }; in applyPatches { inherit src; diff --git a/pkgs/servers/mastodon/version.nix b/pkgs/servers/mastodon/version.nix index 843ef5820f92..d23f68c28be8 100644 --- a/pkgs/servers/mastodon/version.nix +++ b/pkgs/servers/mastodon/version.nix @@ -1 +1 @@ -"3.5.2" +"3.5.3" diff --git a/pkgs/tools/system/logrotate/default.nix b/pkgs/tools/system/logrotate/default.nix index 72e6f5ec71be..4ba13b72bede 100644 --- a/pkgs/tools/system/logrotate/default.nix +++ b/pkgs/tools/system/logrotate/default.nix @@ -14,6 +14,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-OJOV++rtN9ry+l0c0eanpu/Pwu8cOHfyEaDWp3FZjkw="; }; + patches = [ + # Fix CVE-2022-1348 by backporting two upstream commits + # - 1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9 and + # - addbd293242b0b78aa54f054e6c1d249451f137d + # in a custom patch, as cherry-picking directly failed. + ./fix-cve-2022-1348.diff + ]; + # Logrotate wants to access the 'mail' program; to be done. configureFlags = [ "--with-compress-command=${gzip}/bin/gzip" diff --git a/pkgs/tools/system/logrotate/fix-cve-2022-1348.diff b/pkgs/tools/system/logrotate/fix-cve-2022-1348.diff new file mode 100644 index 000000000000..14b65cdaa33a --- /dev/null +++ b/pkgs/tools/system/logrotate/fix-cve-2022-1348.diff @@ -0,0 +1,69 @@ +diff --git a/logrotate.c b/logrotate.c +index d7a1c19..45b985a 100644 +--- a/logrotate.c ++++ b/logrotate.c +@@ -2514,6 +2514,7 @@ static int writeState(const char *stateFilename) + struct tm now; + time_t now_time, last_time; + char *prevCtx; ++ int force_mode = 0; + + localtime_r(&nowSecs, &now); + +@@ -2581,7 +2582,13 @@ static int writeState(const char *stateFilename) + + close(fdcurr); + +- fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, 0); ++ if (sb.st_mode & (mode_t)S_IROTH) { ++ /* drop world-readable flag to prevent others from locking */ ++ sb.st_mode &= ~(mode_t)S_IROTH; ++ force_mode = 1; ++ } ++ ++ fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, force_mode); + #ifdef WITH_ACL + if (prev_acl) { + acl_free(prev_acl); +@@ -2915,14 +2922,16 @@ static int readState(const char *stateFilename) + static int lockState(const char *stateFilename, int skip_state_lock) + { + int lockFd = open(stateFilename, O_RDWR | O_CLOEXEC); ++ struct stat sb; ++ + if (lockFd == -1) { + if (errno == ENOENT) { + message(MESS_DEBUG, "Creating stub state file: %s\n", + stateFilename); + +- /* create a stub state file with mode 0644 */ ++ /* create a stub state file with mode 0640 */ + lockFd = open(stateFilename, O_CREAT | O_EXCL | O_WRONLY, +- S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH); ++ S_IWUSR | S_IRUSR | S_IRGRP); + if (lockFd == -1) { + message(MESS_ERROR, "error creating stub state file %s: %s\n", + stateFilename, strerror(errno)); +@@ -2942,6 +2951,22 @@ static int lockState(const char *stateFilename, int skip_state_lock) + return 0; + } + ++ if (fstat(lockFd, &sb) == -1) { ++ message(MESS_ERROR, "error stat()ing state file %s: %s\n", ++ stateFilename, strerror(errno)); ++ close(lockFd); ++ return 1; ++ } ++ ++ if (sb.st_mode & S_IROTH) { ++ message(MESS_ERROR, "state file %s is world-readable and thus can" ++ " be locked from other unprivileged users." ++ " Skipping lock acquisition...\n", ++ stateFilename); ++ close(lockFd); ++ return 0; ++ } ++ + if (flock(lockFd, LOCK_EX | LOCK_NB) == -1) { + if (errno == EWOULDBLOCK) { + message(MESS_ERROR, "state file %s is already locked\n" |