diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-12 00:10:46 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-12 00:10:46 +0000 |
| commit | 2c39c226f4a106b1a915d4faf4b51ab7f1c05dd6 (patch) | |
| tree | d6c217c8210426cadb5e8bf2a6989e7133bd3fb2 | |
| parent | Merge #260381: curl: apply patch for CVE-2023-38545 (diff) | |
| parent | Merge pull request #259467 from sersorrel/backport-23.05-xivlauncher-1.0.6 (diff) | |
| download | nixpkgs-2c39c226f4a106b1a915d4faf4b51ab7f1c05dd6.tar.gz | |
Merge release-23.05 into staging-next-23.05
| -rw-r--r-- | pkgs/build-support/build-fhsenv-bubblewrap/default.nix | 1 | ||||
| -rw-r--r-- | pkgs/games/xivlauncher/default.nix | 14 | ||||
| -rw-r--r-- | pkgs/games/xivlauncher/deps.nix | 7 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 28 | ||||
| -rw-r--r-- | pkgs/servers/nosql/redis/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/servers/sip/freeswitch/default.nix | 44 | ||||
| -rw-r--r-- | pkgs/tools/security/clamav/default.nix | 4 |
7 files changed, 69 insertions, 33 deletions
diff --git a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix index 59a9d9666ff3..dc38c183783d 100644 --- a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix @@ -223,6 +223,7 @@ let bin = writeShellScript "${name}-bwrap" (bwrapCmd { initArgs = ''"$@"''; }); in runCommandLocal name { + inherit pname version; inherit meta; passthru = passthru // { diff --git a/pkgs/games/xivlauncher/default.nix b/pkgs/games/xivlauncher/default.nix index 3bb6ba67d03c..b88c3ac9477f 100644 --- a/pkgs/games/xivlauncher/default.nix +++ b/pkgs/games/xivlauncher/default.nix @@ -1,9 +1,9 @@ -{ lib, buildDotnetModule, fetchFromGitHub, dotnetCorePackages, SDL2, libsecret, glib, gnutls, aria2, steam-run, gst_all_1 +{ lib, buildDotnetModule, fetchFromGitHub, dotnetCorePackages, SDL2, libsecret, glib, gnutls, aria2, steam, gst_all_1 , copyDesktopItems, makeDesktopItem, makeWrapper , useSteamRun ? true }: let - rev = "1.0.3"; + rev = "1.0.6"; in buildDotnetModule rec { pname = "XIVLauncher"; @@ -13,7 +13,7 @@ in owner = "goatcorp"; repo = "XIVLauncher.Core"; inherit rev; - hash = "sha256-aQVfW6Ef8X6L6hBEOCY/Py5tEyorXqtOO3v70mD7efA="; + hash = "sha256-P1i12vw9KQOTL7QBxjKPSlda5rvoyl7DGmuuD5iVEQs="; fetchSubmodules = true; }; @@ -39,10 +39,14 @@ in cp src/XIVLauncher.Core/Resources/logo.png $out/share/pixmaps/xivlauncher.png ''; - postFixup = lib.optionalString useSteamRun '' + postFixup = lib.optionalString useSteamRun (let + steam-run = (steam.override { + extraPkgs = pkgs: [ pkgs.libunwind ]; + }).run; + in '' substituteInPlace $out/bin/XIVLauncher.Core \ --replace 'exec' 'exec ${steam-run}/bin/steam-run' - '' + '' + '') + '' wrapProgram $out/bin/XIVLauncher.Core --prefix GST_PLUGIN_SYSTEM_PATH_1_0 ":" "$GST_PLUGIN_SYSTEM_PATH_1_0" # the reference to aria2 gets mangled as UTF-16LE and isn't detectable by nix: https://github.com/NixOS/nixpkgs/issues/220065 mkdir -p $out/nix-support diff --git a/pkgs/games/xivlauncher/deps.nix b/pkgs/games/xivlauncher/deps.nix index 240b0e19a9d2..10b646fc8c41 100644 --- a/pkgs/games/xivlauncher/deps.nix +++ b/pkgs/games/xivlauncher/deps.nix @@ -23,18 +23,18 @@ (fetchNuGet { pname = "Microsoft.CodeAnalysis.Common"; version = "4.0.1"; sha256 = "0axjv1nhk1z9d4c51d9yxdp09l8yqqnqaifhqcwnxnv0r4y5cka9"; }) (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp"; version = "4.0.1"; sha256 = "1h6jfifg7pw2vacpdds4v4jqnaydg9b108irf315wzx6rh8yv9cb"; }) (fetchNuGet { pname = "Microsoft.CodeAnalysis.NetAnalyzers"; version = "6.0.0"; sha256 = "06zy947m5lrbwb684g42ijb07r5jsqycvfnphc6cqfdrfnzqv6k9"; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.NetAnalyzers"; version = "7.0.0"; sha256 = "1rl5zi8s213g70nvqfacf50ff8vqvaj8i7jxv0gjw2hkz73dg4h1"; }) (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; sha256 = "08vh1r12g6ykjygq5d3vq09zylgb84l63k49jc4v8faw9g93iqqm"; }) (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; sha256 = "193xwf33fbm0ni3idxzbr5fdq3i2dlfgihsac9jj7whj0gd902nh"; }) (fetchNuGet { pname = "Microsoft.Win32.Primitives"; version = "4.3.0"; sha256 = "0j0c1wj4ndj21zsgivsc24whiya605603kxrbiw6wkfdync464wq"; }) (fetchNuGet { pname = "Microsoft.Win32.Registry"; version = "6.0.0-preview.5.21301.5"; sha256 = "02712s86n2i8s5j6vxdayqwcc7r538yw3frhf1gfrc6ah6hvqnzc"; }) (fetchNuGet { pname = "Microsoft.Win32.SystemEvents"; version = "6.0.0"; sha256 = "0c6pcj088g1yd1vs529q3ybgsd2vjlk5y1ic6dkmbhvrp5jibl9p"; }) (fetchNuGet { pname = "Mono.Cecil"; version = "0.9.6.1"; sha256 = "1fr7969h5q611l5227xw6nvv5rzap76vbpk0wg9hxbcxk3hn7szf"; }) - (fetchNuGet { pname = "Mono.Nat"; version = "3.0.1"; sha256 = "1xy3c9wsiz8k3rx8v60y6gnps337rsb5jpyj0r6g384prg6z4vh0"; }) - (fetchNuGet { pname = "MonoTorrent"; version = "2.0.0"; sha256 = "016cbjsy1gp60g6w0mdya11ky3lfr3scg20k1p7lglbnzv7ixycq"; }) (fetchNuGet { pname = "NETStandard.Library"; version = "1.6.1"; sha256 = "1z70wvsx2d847a2cjfii7b83pjfs34q05gb037fdjikv5kbagml8"; }) (fetchNuGet { pname = "NETStandard.Library"; version = "2.0.3"; sha256 = "1fn9fxppfcg4jgypp2pmrpr6awl3qz1xmnri0cygpkwvyx27df1y"; }) (fetchNuGet { pname = "Newtonsoft.Json"; version = "12.0.2"; sha256 = "0w2fbji1smd2y7x25qqibf1qrznmv4s6s0jvrbvr6alb7mfyqvh5"; }) - (fetchNuGet { pname = "ReusableTasks"; version = "2.0.0"; sha256 = "0qag69n8kx164minz3h50g6f7cdq15r89vikcd1llbkdwq4qldaa"; }) + (fetchNuGet { pname = "PInvoke.Kernel32"; version = "0.7.124"; sha256 = "0n1245s2p5735n8xgmahrx7g8mw32pxdn4rr9dydb9r6mvgm9bhk"; }) + (fetchNuGet { pname = "PInvoke.Windows.Core"; version = "0.7.124"; sha256 = "16qkn91gh3aiab2330q5j1vlx2ni4m4kkz04dvsqlm8lr7ldizlz"; }) (fetchNuGet { pname = "runtime.any.System.Collections"; version = "4.3.0"; sha256 = "0bv5qgm6vr47ynxqbnkc7i797fdi8gbjjxii173syrx14nmrkwg0"; }) (fetchNuGet { pname = "runtime.any.System.Diagnostics.Tools"; version = "4.3.0"; sha256 = "1wl76vk12zhdh66vmagni66h5xbhgqq7zkdpgw21jhxhvlbcl8pk"; }) (fetchNuGet { pname = "runtime.any.System.Diagnostics.Tracing"; version = "4.3.0"; sha256 = "00j6nv2xgmd3bi347k00m7wr542wjlig53rmj28pmw7ddcn97jbn"; }) @@ -77,6 +77,7 @@ (fetchNuGet { pname = "runtime.unix.System.Private.Uri"; version = "4.3.0"; sha256 = "1jx02q6kiwlvfksq1q9qr17fj78y5v6mwsszav4qcz9z25d5g6vk"; }) (fetchNuGet { pname = "runtime.unix.System.Runtime.Extensions"; version = "4.3.0"; sha256 = "0pnxxmm8whx38dp6yvwgmh22smknxmqs5n513fc7m4wxvs1bvi4p"; }) (fetchNuGet { pname = "Serilog"; version = "2.12.0"; sha256 = "0lqxpc96qcjkv9pr1rln7mi4y7n7jdi4vb36c2fv3845w1vswgr4"; }) + (fetchNuGet { pname = "Serilog.Enrichers.Sensitive"; version = "1.7.2"; sha256 = "1f3r4jrfiz47vnvy7m0w6d8280nhhna67xwbagx1i557m9qvjssg"; }) (fetchNuGet { pname = "Serilog.Enrichers.Thread"; version = "3.1.0"; sha256 = "1y75aiv2k1sxnh012ixkx92fq1yl8srqggy8l439igg4p223hcqi"; }) (fetchNuGet { pname = "Serilog.Sinks.Async"; version = "1.5.0"; sha256 = "0bcb3n6lmg5wfj806mziybfmbb8gyiszrivs3swf0msy8w505gyg"; }) (fetchNuGet { pname = "Serilog.Sinks.Console"; version = "3.1.1"; sha256 = "0j99as641y1k6havwwkhyr0n08vibiblmfjj6nz051mz8g3864fn"; }) diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index d99acc2f11ad..31f3908dab63 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,35 +4,35 @@ "hash": "sha256:19hnqly7ins0ycirjwrp3g0am43h2i62qfd1y81yhiy1dpyhbbc9" }, "6.5": { - "version": "6.5.6", - "hash": "sha256:1xnjjm50ks18ifrp36md2p2xca4lw160y57j9p152w2l2i16vqvq" + "version": "6.5.7", + "hash": "sha256:135v3y2vgc83dca4xi7q52wqi4dkfal74k1y73jwzj85h12fl28d" }, "6.4": { "version": "6.4.16", "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" }, "6.1": { - "version": "6.1.56", - "hash": "sha256:1327in80nl0ghbjignjsdw0w5crj4d06d5fivj4q6af26bggvply" + "version": "6.1.57", + "hash": "sha256:1ccidrxswblxw9yaa45y6ds16pc7647f6fz36xxxhljivhyzxszr" }, "5.15": { - "version": "5.15.134", - "hash": "sha256:1lxra3h8pq41hdr1acazwcqk6r8alv9p840ys19nivaprfp84wgk" + "version": "5.15.135", + "hash": "sha256:0w3i8jvzqvfnlarcvg89k1144ln96fszv16lzrn16zr3kri5x0ql" }, "5.10": { - "version": "5.10.197", - "hash": "sha256:1awkm7lln5gf6kld9z5h4mg39bd778jsdswwlwb7iv7bn03lafhq" + "version": "5.10.198", + "hash": "sha256:01gsw96anw44nh8ii3zipp6vh61m1n8yf0bv2fzznr23k771y51b" }, "5.4": { - "version": "5.4.257", - "hash": "sha256:1w1x91slzg9ggakqhyxnmvz77v2cwfk8bz0knrpgz9qya9q5jxrf" + "version": "5.4.258", + "hash": "sha256:0gk2xav1ng565l1qsqlr8ja6m4j5g8rfj66vad1fmdd1lwaihw1r" }, "4.19": { - "version": "4.19.295", - "hash": "sha256:1b1qslpk1kka7nxam48s22xsqd9qmp716hmibgfsjxl5y3jc4cmp" + "version": "4.19.296", + "hash": "sha256:1bk051canr4fb00j6x9ff2wam2f20whw4h4z767x2cn2kmv6cqb3" }, "4.14": { - "version": "4.14.326", - "hash": "sha256:0y0lvzidw775mgx211wnc1c6223iqv8amz5y9jkz9h7l3l7y8p2m" + "version": "4.14.327", + "hash": "sha256:0nharfyxlr17yan86zrhlbq7idm0g3zvvvmy2zbw7m9dhgc8bw5z" } } diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index b71bbf52d8ed..dc004ea900f1 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "redis"; - version = "7.0.12"; + version = "7.0.13"; src = fetchurl { url = "https://download.redis.io/releases/${pname}-${version}.tar.gz"; - hash = "sha256-ndg9WyeLsr8OOb/rdcPoFwAk7brxG6E7cDeylFz0irc="; + hash = "sha256-lwZXdNX7g4jrDYkTRY3s/LFn01bkDTHdAc0wwcw5FnM="; }; patches = [ diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index 499bef7e2375..55721a38cd8b 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -1,12 +1,28 @@ -{ fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook -, ncurses, gnutls, readline -, openssl, perl, sqlite, libjpeg, speex, pcre, libuuid -, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt - +{ fetchFromGitHub +, fetchpatch +, stdenv +, lib +, pkg-config +, autoreconfHook +, ncurses +, gnutls +, readline +, openssl +, perl +, sqlite +, libjpeg +, speex +, pcre +, libuuid +, ldns +, libedit +, yasm +, which +, libsndfile +, libtiff +, libxcrypt , callPackage - , SystemConfiguration - , modules ? null , nixosTests }: @@ -110,6 +126,20 @@ stdenv.mkDerivation rec { done ''; + ## TODO Validate with the next upstream release + patches = [ + (fetchpatch { + name = "CVE-2023-44488.patch"; + url = "https://github.com/signalwire/freeswitch/commit/f1fb05214e4f427dcf922f531431ab649cf0622b.patch"; + hash = "sha256-6GMebE6O2EBx60NE2LSRVljaiLm9T4zTrkIpwGvaB08="; + }) + (fetchpatch { + name = "CVE-2023-5217.patch"; + url = "https://github.com/signalwire/freeswitch/commit/6f9e72c585265d8def8a613b36cd4f524c201980.patch"; + hash = "sha256-l64mBpyq/TzRM78n73kbuD0UNsk5zIH5QNJlMKdPfr4="; + }) + ]; + strictDeps = true; nativeBuildInputs = [ pkg-config autoreconfHook perl which yasm ]; buildInputs = [ diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index aa8c68382a39..d2de1571cb01 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "1.0.1"; + version = "1.0.3"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - hash = "sha256-CHLcG4L/TNfo5DI/r17kGh9mroCGXQVCkIW5RjVdhu4="; + hash = "sha256-h3lFjcMf3uEjLriYbwktJVaLOfXTN8DLzZwau13CiGs="; }; patches = [ |