diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 4a141dc684e9d..43f4fa8d74281 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -255,6 +255,7 @@ ./programs/less.nix ./programs/liboping.nix ./programs/light.nix + ./programs/lix.nix ./programs/localsend.nix ./programs/mdevctl.nix ./programs/mepo.nix diff --git a/nixos/modules/programs/lix.nix b/nixos/modules/programs/lix.nix new file mode 100644 index 0000000000000..d87ff84eafba1 --- /dev/null +++ b/nixos/modules/programs/lix.nix @@ -0,0 +1,128 @@ +{ + config, + lib, + pkgs, + ... +}: +let + + cfg = config.nix; + + nixPackage = cfg.package.out; + + commonNixDaemonConfig = { + path = [ + nixPackage + config.programs.ssh.package + ]; + + environment = + cfg.envVars + // { + CURL_CA_BUNDLE = config.security.pki.caBundle; + } + // config.networking.proxy.envVars; + + serviceConfig = { + CPUSchedulingPolicy = cfg.daemonCPUSchedPolicy; + IOSchedulingClass = cfg.daemonIOSchedClass; + IOSchedulingPriority = cfg.daemonIOSchedPriority; + }; + }; + + makeNixBuildUser = nr: { + name = "nixbld${toString nr}"; + value = { + description = "Lix build user ${toString nr}"; + uid = builtins.add config.ids.uids.nixbld nr; + isSystemUser = true; + group = "nixbld"; + extraGroups = [ "nixbld" ]; + }; + }; + + nixbldUsers = lib.listToAttrs (map makeNixBuildUser (lib.range 1 cfg.nrBuildUsers)); + +in + +{ + config = lib.mkIf (cfg.enable && nixPackage.pname == "lix") { + environment.systemPackages = [ + nixPackage + pkgs.nix-info + ] + ++ lib.optional (config.programs.bash.completion.enable) pkgs.nix-bash-completions; + + systemd.packages = [ nixPackage ]; + + systemd.tmpfiles.packages = [ nixPackage ]; + + systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; + + systemd.services."nix-daemon@" = lib.mkMerge [ + commonNixDaemonConfig + { + # Do not kill connections serving established connections on upgrade. + restartIfChanged = false; + } + ]; + + systemd.services.nix-daemon = lib.mkMerge [ + commonNixDaemonConfig + { + restartTriggers = [ config.environment.etc."nix/nix.conf".source ]; + + # `stopIfChanged = false` changes to switch behavior + # from stop -> update units -> start + # to update units -> restart + # + # The `stopIfChanged` setting therefore controls a trade-off between a + # more predictable lifecycle, which runs the correct "version" of + # the `ExecStop` line, and on the other hand the availability of + # sockets during the switch, as the effectiveness of the stop operation + # depends on the socket being stopped as well. + # + # As `nix-daemon.service` does not make use of `ExecStop`, we prefer + # to keep the socket up and available. This is important for machines + # that run Nix-based services, such as automated build, test, and deploy + # services, that expect the daemon socket to be available at all times. + # + # Notably, the Nix client does not retry on failure to connect to the + # daemon socket, and the in-process RemoteStore instance will disable + # itself. This makes retries infeasible even for services that are + # aware of the issue. Failure to connect can affect not only new client + # processes, but also new RemoteStore instances in existing processes, + # as well as existing RemoteStore instances that have not saturated + # their connection pool. + # + # Also note that `stopIfChanged = true` does not kill existing + # connection handling daemons, as one might wish to happen before a + # breaking Nix upgrade (which is rare). The daemon forks that handle + # the individual connections split off into their own sessions, causing + # them not to be stopped by systemd. + # If a Nix upgrade does require all existing daemon processes to stop, + # nix-daemon must do so on its own accord, and only when the new version + # starts and detects that Nix's persistent state needs an upgrade. + stopIfChanged = false; + + } + ]; + + # Set up the environment variables for running Nix. + environment.sessionVariables = cfg.envVars; + + nix.nrBuildUsers = lib.mkDefault ( + if cfg.settings.auto-allocate-uids or false then + 0 + else + lib.max 32 (if cfg.settings.max-jobs == "auto" then 0 else cfg.settings.max-jobs) + ); + + users.users = nixbldUsers; + + services.displayManager.hiddenUsers = lib.attrNames nixbldUsers; + + # Legacy configuration conversion. + nix.settings.sandbox-fallback = false; + }; +} diff --git a/nixos/modules/services/system/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix index 2c4769da57645..ef740b9ba8d94 100644 --- a/nixos/modules/services/system/nix-daemon.nix +++ b/nixos/modules/services/system/nix-daemon.nix @@ -16,10 +16,6 @@ let nixPackage = cfg.package.out; - # nixVersion is an attribute which defines the implementation version. - # This is useful for Nix implementations which don't follow Nix's versioning. - isNixAtLeast = lib.versionAtLeast (nixPackage.nixVersion or (lib.getVersion nixPackage)); - makeNixBuildUser = nr: { name = "nixbld${toString nr}"; value = { @@ -187,7 +183,7 @@ in ###### implementation - config = lib.mkIf cfg.enable { + config = lib.mkIf (cfg.enable && nixPackage.pname != "lix") { environment.systemPackages = [ nixPackage pkgs.nix-info @@ -196,26 +192,15 @@ in systemd.packages = [ nixPackage ]; - systemd.tmpfiles = lib.mkMerge [ - (lib.mkIf (isNixAtLeast "2.8") { - packages = [ nixPackage ]; - }) - (lib.mkIf (!isNixAtLeast "2.8") { - rules = [ - "d /nix/var/nix/daemon-socket 0755 root root - -" - ]; - }) - ]; + systemd.tmpfiles.packages = [ nixPackage ]; systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; systemd.services.nix-daemon = { path = [ nixPackage - pkgs.util-linux config.programs.ssh.package - ] - ++ lib.optionals cfg.distributedBuilds [ pkgs.gzip ]; + ]; environment = cfg.envVars @@ -224,15 +209,10 @@ in } // config.networking.proxy.envVars; - unitConfig.RequiresMountsFor = "/nix/store"; - serviceConfig = { CPUSchedulingPolicy = cfg.daemonCPUSchedPolicy; IOSchedulingClass = cfg.daemonIOSchedClass; IOSchedulingPriority = cfg.daemonIOSchedPriority; - LimitNOFILE = 1048576; - Delegate = "yes"; - DelegateSubgroup = "supervisor"; }; restartTriggers = [ config.environment.etc."nix/nix.conf".source ]; @@ -287,10 +267,7 @@ in services.displayManager.hiddenUsers = lib.attrNames nixbldUsers; # Legacy configuration conversion. - nix.settings = lib.mkMerge [ - (lib.mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; }) - ]; - + nix.settings.sandbox-fallback = false; }; } diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix index 2f0c2bb05b01e..05c4735524daa 100644 --- a/pkgs/applications/graphics/ImageMagick/default.nix +++ b/pkgs/applications/graphics/ImageMagick/default.nix @@ -85,13 +85,13 @@ in stdenv.mkDerivation (finalAttrs: { pname = "imagemagick"; - version = "7.1.2-9"; + version = "7.1.2-10"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick"; tag = finalAttrs.version; - hash = "sha256-bXVVnjJhtmcbczZI9rsy2JQ3p2oYX5g5vp3YdsQkdrE="; + hash = "sha256-96lhd0B4yV2s/zVazKrqAcDZvn+yIiXxp8fqyKSfxLc="; }; outputs = [ diff --git a/pkgs/applications/video/jellyfin-media-player/default.nix b/pkgs/applications/video/jellyfin-desktop/default.nix similarity index 53% rename from pkgs/applications/video/jellyfin-media-player/default.nix rename to pkgs/applications/video/jellyfin-desktop/default.nix index 4927d2c563f0f..2e3cbdbec8198 100644 --- a/pkgs/applications/video/jellyfin-media-player/default.nix +++ b/pkgs/applications/video/jellyfin-desktop/default.nix @@ -4,40 +4,48 @@ stdenv, cmake, ninja, + python3, wrapQtAppsHook, qtbase, qtdeclarative, qtwebchannel, qtwebengine, + mpv-unwrapped, mpvqt, libcec, SDL2, libXrandr, + cacert, + nix-update-script, }: stdenv.mkDerivation rec { - pname = "jellyfin-media-player"; + pname = "jellyfin-desktop"; version = "2.0.0"; src = fetchFromGitHub { owner = "jellyfin"; - repo = "jellyfin-media-player"; + repo = "jellyfin-desktop"; rev = "v${version}"; - hash = "sha256-tdjmOeuC3LFEIDSH8X9LG/myvE1FoxwR1zpDQRyaTkQ="; + hash = "sha256-ITlYOrMS6COx9kDRSBi4wM6mzL/Q2G5X9GbABwDIOe4="; + fetchSubmodules = true; }; + patches = [ + ./non-fatal-unique-app.patch + ]; nativeBuildInputs = [ cmake ninja wrapQtAppsHook - ]; + ] + ++ lib.optional stdenv.hostPlatform.isDarwin python3; buildInputs = [ qtbase qtdeclarative qtwebchannel qtwebengine - - mpvqt + mpv-unwrapped # input sources libcec @@ -45,23 +53,33 @@ stdenv.mkDerivation rec { # frame rate switching libXrandr - ]; + cacert + ] + ++ lib.optional (!stdenv.hostPlatform.isDarwin) mpvqt; cmakeFlags = [ "-DCHECK_FOR_UPDATES=OFF" - "-DUSE_STATIC_MPVQT=OFF" # workaround for Qt cmake weirdness "-DQT_DISABLE_NO_DEFAULT_PATH_IN_QT_PACKAGES=ON" + ] + ++ lib.optional stdenv.hostPlatform.isDarwin "-DUSE_STATIC_MPVQT=ON" + ++ lib.optional (!stdenv.hostPlatform.isDarwin) "-DUSE_STATIC_MPVQT=OFF"; + + qtWrapperArgs = [ + "--set QT_STYLE_OVERRIDE Fusion" + "--set NIX_SSL_CERT_FILE ${cacert}/etc/ssl/certs/ca-bundle.crt" ]; postInstall = lib.optionalString stdenv.hostPlatform.isDarwin '' mkdir -p $out/bin $out/Applications - mv "$out/Jellyfin Media Player.app" $out/Applications - ln -s "$out/Applications/Jellyfin Media Player.app/Contents/MacOS/Jellyfin Media Player" $out/bin/jellyfinmediaplayer + mv "$out/Jellyfin Desktop.app" $out/Applications + ln -s "$out/Applications/Jellyfin Desktop.app/Contents/MacOS/Jellyfin Desktop" $out/bin/jellyfindesktop ''; + passthru.updateScript = nix-update-script { }; + meta = { - homepage = "https://github.com/jellyfin/jellyfin-media-player"; + homepage = "https://github.com/jellyfin/jellyfin-desktop"; description = "Jellyfin Desktop Client"; license = with lib.licenses; [ gpl2Only @@ -78,6 +96,6 @@ stdenv.mkDerivation rec { kranzes paumr ]; - mainProgram = "jellyfinmediaplayer"; + mainProgram = "jellyfin-desktop"; }; } diff --git a/pkgs/applications/video/jellyfin-desktop/non-fatal-unique-app.patch b/pkgs/applications/video/jellyfin-desktop/non-fatal-unique-app.patch new file mode 100644 index 0000000000000..de50edd43f966 --- /dev/null +++ b/pkgs/applications/video/jellyfin-desktop/non-fatal-unique-app.patch @@ -0,0 +1,19 @@ +--- a/src/shared/UniqueApplication.h ++++ b/src/shared/UniqueApplication.h +@@ -6,6 +6,7 @@ + #define KONVERGO_UNIQUEAPPLICATION_H + + #include ++#include + #include "Paths.h" + #include "LocalJsonServer.h" + #include "LocalJsonClient.h" +@@ -35,7 +36,7 @@ + }); + + if (!m_server->listen()) +- throw FatalException("Failed to listen to uniqueApp socket: " + m_server->errorString()); ++ qWarning() << "Failed to listen to uniqueApp socket: " << m_server->errorString(); + } + + bool ensureUnique() diff --git a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch index 33c4ffff6fe54..9ece109737582 100644 --- a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch +++ b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch @@ -9,7 +9,7 @@ index 45e9a1f9b0..494ee00c66 100644 +static int is_in_store_path(const char *path) +{ + static char *store_path = NULL; -+ int store_path_len = -1; ++ static ssize_t store_path_len = -1; + + if (store_path_len == -1) { + if ((store_path = getenv("NIX_STORE")) != NULL) @@ -19,7 +19,7 @@ index 45e9a1f9b0..494ee00c66 100644 + } + + if (store_path_len > 0) -+ return strncmp(path, store_path, strlen(store_path)) == 0; ++ return strncmp(path, store_path, store_path_len) == 0; + return 0; +} + diff --git a/pkgs/by-name/ap/apple-sdk/common/plists.nix b/pkgs/by-name/ap/apple-sdk/common/plists.nix index 70184d89429ba..a79581e7767d9 100644 --- a/pkgs/by-name/ap/apple-sdk/common/plists.nix +++ b/pkgs/by-name/ap/apple-sdk/common/plists.nix @@ -16,7 +16,6 @@ let STRIP_PNG_TEXT = "NO"; }; Description = if stdenvNoCC.hostPlatform.isMacOS then "macOS" else "iOS"; - FamilyDisplayName = Description; FamilyIdentifier = lib.toLower xcodePlatform; FamilyName = Description; Identifier = CFBundleIdentifier; diff --git a/pkgs/by-name/aw/awscli2/package.nix b/pkgs/by-name/aw/awscli2/package.nix index c6bac261b91a4..27a45d59650e7 100644 --- a/pkgs/by-name/aw/awscli2/package.nix +++ b/pkgs/by-name/aw/awscli2/package.nix @@ -61,6 +61,7 @@ let setuptools ]; postPatch = null; + patches = [ ]; # FIXME: we might be missing security patches! src = prev.src.override { inherit version; hash = "sha256-+OzBu6VmdBNFfFKauVW/jGe0XbeZ0VkGYmFxnjKFgKA="; diff --git a/pkgs/by-name/cr/cryptsetup/package.nix b/pkgs/by-name/cr/cryptsetup/package.nix index 5ab95727c063e..d310ed986ca9b 100644 --- a/pkgs/by-name/cr/cryptsetup/package.nix +++ b/pkgs/by-name/cr/cryptsetup/package.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "cryptsetup"; - version = "2.8.1"; + version = "2.8.3"; outputs = [ "bin" @@ -39,7 +39,7 @@ stdenv.mkDerivation (finalAttrs: { url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor finalAttrs.version}/" + "cryptsetup-${finalAttrs.version}.tar.xz"; - hash = "sha256-LDN563ZZfcq1CRFEmwE+JpfEv/zHFtu/DZsOj7u0b7Q="; + hash = "sha256-SoojuLnRoyUEUuQKzq1EIaA+RaOJVK0FlWNPQmaqgA8="; }; patches = [ diff --git a/pkgs/by-name/cu/cups/package.nix b/pkgs/by-name/cu/cups/package.nix index 4bcaf6cd6fc33..bed46c4cfc5fa 100644 --- a/pkgs/by-name/cu/cups/package.nix +++ b/pkgs/by-name/cu/cups/package.nix @@ -25,11 +25,11 @@ stdenv.mkDerivation rec { pname = "cups"; - version = "2.4.15"; + version = "2.4.16"; src = fetchurl { url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz"; - hash = "sha256-7/C71I/xq8u45G4o6Frvr/o5Gh2cTY3JKrOCKhMAjX8="; + hash = "sha256-AzlYcgS0+UKN0FkuswHewL+epuqNzl2WkNVr5YWrqS0="; }; outputs = [ diff --git a/pkgs/by-name/eb/eb-garamond/package.nix b/pkgs/by-name/eb/eb-garamond/package.nix index 7376c05b71211..c4e589d66acad 100644 --- a/pkgs/by-name/eb/eb-garamond/package.nix +++ b/pkgs/by-name/eb/eb-garamond/package.nix @@ -3,22 +3,22 @@ stdenvNoCC, fetchFromGitHub, python3, - ttfautohint, + ttfautohint-nox, }: -stdenvNoCC.mkDerivation rec { +stdenvNoCC.mkDerivation (finalAttrs: { pname = "eb-garamond"; version = "0.016"; src = fetchFromGitHub { owner = "georgd"; repo = "EB-Garamond"; - tag = "v${version}"; + tag = "v${finalAttrs.version}"; hash = "sha256-ajieKhTeH6yv2qiE2xqnHFoMS65//4ZKiccAlC2PXGQ="; }; nativeBuildInputs = [ (python3.withPackages (p: [ p.fontforge ])) - ttfautohint + ttfautohint-nox ]; postPatch = '' @@ -53,4 +53,4 @@ stdenvNoCC.mkDerivation rec { license = lib.licenses.ofl; platforms = lib.platforms.all; }; -} +}) diff --git a/pkgs/by-name/el/elfutils/package.nix b/pkgs/by-name/el/elfutils/package.nix index 4098753735ae7..b9827432a71da 100644 --- a/pkgs/by-name/el/elfutils/package.nix +++ b/pkgs/by-name/el/elfutils/package.nix @@ -57,6 +57,8 @@ stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/main/elfutils/musl-strndupa.patch?id=2e3d4976eeffb4704cf83e2cc3306293b7c7b2e9"; sha256 = "sha256-7daehJj1t0wPtQzTv+/Rpuqqs5Ng/EYnZzrcf2o/Lb0="; }) + # https://patchwork.sourceware.org/project/elfutils/patch/20251205145241.1165646-1-arnout@bzzt.net/ + ./test-run-sysroot-reliability.patch ] ++ lib.optionals stdenv.hostPlatform.isMusl [ ./musl-error_h.patch ]; diff --git a/pkgs/by-name/el/elfutils/test-run-sysroot-reliability.patch b/pkgs/by-name/el/elfutils/test-run-sysroot-reliability.patch new file mode 100644 index 0000000000000..6e5b5890a7583 --- /dev/null +++ b/pkgs/by-name/el/elfutils/test-run-sysroot-reliability.patch @@ -0,0 +1,44 @@ +commit 898804bed022d1ef26e5c0b12550f87fc86f29ed +Author: Arnout Engelen +Date: Thu Dec 4 21:42:40 2025 +0100 + + tests: improve reliability of run-sysroot.sh + + Previously, the 'second' test would test the `RESOLVE_IN_ROOT` feature + when the current libc supports it, even when the currently running + kernel did not yet support it. + + Signed-off-by: Arnout Engelen + +diff --git a/tests/run-sysroot.sh b/tests/run-sysroot.sh +index fe302446..d2041e8a 100755 +--- a/tests/run-sysroot.sh ++++ b/tests/run-sysroot.sh +@@ -46,10 +46,14 @@ TID 431185: + #8 0x0000aaaae56127f0 _start + EOF + +-HAVE_OPENAT2=$(grep '^#define HAVE_OPENAT2_RESOLVE_IN_ROOT' \ +- ${abs_builddir}/../config.h | awk '{print $3}') ++libc_has_openat2_resolve_in_root() { ++ grep '^#define HAVE_OPENAT2_RESOLVE_IN_ROOT' ${abs_builddir}/../config.h | awk '{print $3}' ++} ++kernel_has_openat2_resolve_in_root() { ++ printf "%s\n%s" "5.6.0" "$(uname -r)" | sort -V -C ++} + +-if [[ "$HAVE_OPENAT2" = 1 ]]; then ++if libc_has_openat2_resolve_in_root && kernel_has_openat2_resolve_in_root; then + # Change the layout of files in sysroot to test symlink escape scenario + rm -f "${tmpdir}/sysroot/bin" + mkdir "${tmpdir}/sysroot/bin" +@@ -57,7 +61,8 @@ if [[ "$HAVE_OPENAT2" = 1 ]]; then + ln -s /bin/bash "${tmpdir}/sysroot/usr/bin/bash" + + # Check that stack with --sysroot generates correct backtrace even if target +- # binary is actually absolute symlink pointing outside of sysroot directory ++ # binary is actually absolute symlink to be interpreted relative to the sysroot ++ # directory + testrun "${abs_top_builddir}"/src/stack --core "${tmpdir}/core.bash" \ + --sysroot "${tmpdir}/sysroot" >"${tmpdir}/stack.out" + diff --git a/pkgs/by-name/fo/folly/folly-fix-glog-0.7.patch b/pkgs/by-name/fo/folly/folly-fix-glog-0.7.patch new file mode 100644 index 0000000000000..4f03cf1541da0 --- /dev/null +++ b/pkgs/by-name/fo/folly/folly-fix-glog-0.7.patch @@ -0,0 +1,18 @@ +diff --git a/CMake/folly-deps.cmake b/CMake/folly-deps.cmake +index c72273a73..d0408f2b3 100644 +--- a/CMake/folly-deps.cmake ++++ b/CMake/folly-deps.cmake +@@ -61,10 +61,9 @@ if(LIBGFLAGS_FOUND) + set(FOLLY_LIBGFLAGS_INCLUDE ${LIBGFLAGS_INCLUDE_DIR}) + endif() + +-find_package(Glog MODULE) +-set(FOLLY_HAVE_LIBGLOG ${GLOG_FOUND}) +-list(APPEND FOLLY_LINK_LIBRARIES ${GLOG_LIBRARY}) +-list(APPEND FOLLY_INCLUDE_DIRECTORIES ${GLOG_INCLUDE_DIR}) ++find_package(Glog CONFIG REQUIRED) ++set(FOLLY_HAVE_LIBGLOG True) ++list(APPEND FOLLY_LINK_LIBRARIES glog::glog) + + find_package(LibEvent MODULE REQUIRED) + list(APPEND FOLLY_LINK_LIBRARIES ${LIBEVENT_LIB}) diff --git a/pkgs/by-name/fo/folly/package.nix b/pkgs/by-name/fo/folly/package.nix index 2e6584d324824..eca0493cc2f08 100644 --- a/pkgs/by-name/fo/folly/package.nix +++ b/pkgs/by-name/fo/folly/package.nix @@ -3,7 +3,6 @@ stdenv, fetchFromGitHub, - fetchpatch, cmake, ninja, @@ -139,11 +138,7 @@ stdenv.mkDerivation (finalAttrs: { ./char_traits.patch # - (fetchpatch { - name = "folly-fix-glog-0.7.patch"; - url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-cmake-find-glog.patch?h=folly&id=4b68f47338d4b20111e3ffa1291433120bb899f0"; - hash = "sha256-QGNpS5UNEm+0PW9+agwUVILzpK9t020KXDGyP03OAwE="; - }) + ./folly-fix-glog-0.7.patch # Fix a GCC‐incompatible use of a private trait. # diff --git a/pkgs/by-name/gl/glib/package.nix b/pkgs/by-name/gl/glib/package.nix index fc5a310949577..887d6617d8ef8 100644 --- a/pkgs/by-name/gl/glib/package.nix +++ b/pkgs/by-name/gl/glib/package.nix @@ -74,7 +74,7 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.86.2"; + version = "2.86.3"; outputs = [ "bin" @@ -87,7 +87,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - hash = "sha256-inJOlwhVNX6oEB4ncnICOSoP/VQQqYM2rtVOxZET5hE="; + hash = "sha256-syEdjTS5313KBXh+8K1dfKdd7JmLlw4aqwAB0imXfGU="; }; patches = diff --git a/pkgs/by-name/li/libarchive/package.nix b/pkgs/by-name/li/libarchive/package.nix index 528e52dc6a727..1cfcfd29c4b78 100644 --- a/pkgs/by-name/li/libarchive/package.nix +++ b/pkgs/by-name/li/libarchive/package.nix @@ -31,13 +31,13 @@ assert xarSupport -> libxml2 != null; stdenv.mkDerivation (finalAttrs: { pname = "libarchive"; - version = "3.8.2"; + version = "3.8.4"; src = fetchFromGitHub { owner = "libarchive"; repo = "libarchive"; rev = "v${finalAttrs.version}"; - hash = "sha256-s7duwuNFyYq8obTS3qc6JewJ9f8LJhItlEx8wxnMgwk="; + hash = "sha256-qNz7BAvi3dTNg6Bz2cfqaYGKFJlM4C+y/GARsQRRYsY="; }; outputs = [ diff --git a/pkgs/by-name/li/libcosmicAppHook/libcosmic-app-hook.sh b/pkgs/by-name/li/libcosmicAppHook/libcosmic-app-hook.sh index 7245d51495c05..e6a5231919564 100644 --- a/pkgs/by-name/li/libcosmicAppHook/libcosmic-app-hook.sh +++ b/pkgs/by-name/li/libcosmicAppHook/libcosmic-app-hook.sh @@ -15,11 +15,7 @@ libcosmicAppVergenHook() { libcosmicAppLinkerArgsHook() { # Force linking to certain libraries like libEGL, which are always dlopen()ed - # local flags="CARGO_TARGET_@cargoLinkerVar@_RUSTFLAGS" - - # Temporarily use this simpler solution, it should work for simple cross compilation - # https://github.com/NixOS/nixpkgs/issues/464392 - local flags="RUSTFLAGS" + local flags="CARGO_TARGET_@cargoLinkerVar@_RUSTFLAGS" export "$flags"="${!flags-} -C link-arg=-Wl,--push-state,--no-as-needed" # shellcheck disable=SC2043 diff --git a/pkgs/by-name/li/libcosmicAppHook/package.nix b/pkgs/by-name/li/libcosmicAppHook/package.nix index 150bfd6797623..f3042e13ac8ef 100644 --- a/pkgs/by-name/li/libcosmicAppHook/package.nix +++ b/pkgs/by-name/li/libcosmicAppHook/package.nix @@ -55,10 +55,7 @@ makeSetupHook { lib.makeSearchPath "share" ( lib.optionals includeSettings [ fallbackThemes ] ++ [ targetPackages.cosmic-icons ] ); - # Temporarily using RUSTFLAGS: https://github.com/NixOS/nixpkgs/issues/464392 - # See ./libcosmic-app-hook.sh - # cargoLinkerVar = targetPackages.stdenv.hostPlatform.rust.cargoEnvVarTarget; - + cargoLinkerVar = targetPackages.stdenv.hostPlatform.rust.cargoEnvVarTarget; # force linking for all libraries that may be dlopen'd by libcosmic/iced apps cargoLinkLibs = lib.escapeShellArgs ( [ diff --git a/pkgs/by-name/li/libdrm/package.nix b/pkgs/by-name/li/libdrm/package.nix index 901e7de81f722..a56344d168b25 100644 --- a/pkgs/by-name/li/libdrm/package.nix +++ b/pkgs/by-name/li/libdrm/package.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "libdrm"; - version = "2.4.128"; + version = "2.4.129"; src = fetchurl { url = "https://dri.freedesktop.org/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-O7NduHAMKgtWnyxnKaU/VJV4aFazEIVMjeV3gqIr3aw="; + hash = "sha256-WXgYP5eNaX4mpQugZhdJZO+wq5fKoeyqG4Yfvl3fd9w="; }; outputs = [ diff --git a/pkgs/by-name/li/libimagequant/Cargo.lock b/pkgs/by-name/li/libimagequant/Cargo.lock index eaed4b693bfe0..989062e597b6f 100644 --- a/pkgs/by-name/li/libimagequant/Cargo.lock +++ b/pkgs/by-name/li/libimagequant/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "adler2" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" [[package]] name = "arrayvec" @@ -16,15 +16,15 @@ checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" [[package]] name = "bitflags" -version = "2.8.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" +checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3" [[package]] name = "bytemuck" -version = "1.21.0" +version = "1.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3" +checksum = "1fbdf580320f38b612e485521afda1ee26d10cc9884efaaa750d383e13e3c5f4" [[package]] name = "c_test" @@ -36,24 +36,25 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.10" +version = "1.2.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229" +checksum = "b97463e1064cb1b1c1384ad0a0b9c8abd0988e2a91f52606c80ef14aadb63e36" dependencies = [ + "find-msvc-tools", "shlex", ] [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" [[package]] name = "crc32fast" -version = "1.4.2" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" +checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511" dependencies = [ "cfg-if", ] @@ -85,23 +86,30 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "either" -version = "1.13.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "find-msvc-tools" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a3076410a55c90011c298b04d0cfa770b00fa04e1e3c97d3f6c9de105a03844" [[package]] name = "flate2" -version = "1.0.35" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c" +checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb" dependencies = [ "crc32fast", + "libz-rs-sys", "miniz_oxide", ] [[package]] name = "imagequant" -version = "4.4.0" +version = "4.4.1" dependencies = [ "arrayvec", "lodepng", @@ -122,15 +130,24 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.169" +version = "0.2.177" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" +checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976" + +[[package]] +name = "libz-rs-sys" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "840db8cf39d9ec4dd794376f38acc40d0fc65eec2a8f484f7fd375b84602becd" +dependencies = [ + "zlib-rs", +] [[package]] name = "lodepng" -version = "3.11.0" +version = "3.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7720115060cd38dcfe5c758525a43fd34dc615d0566374212ff0dc3b6151eac" +checksum = "77a32335d22e44238e2bb0b4d726964d18952ce1f1279ec3305305d2c61539eb" dependencies = [ "crc32fast", "flate2", @@ -140,24 +157,25 @@ dependencies = [ [[package]] name = "miniz_oxide" -version = "0.8.3" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8402cab7aefae129c6977bb0ff1b8fd9a04eb5b51efc50a70bea51cda0c7924" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" dependencies = [ "adler2", + "simd-adler32", ] [[package]] name = "once_cell" -version = "1.20.2" +version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "rayon" -version = "1.10.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" +checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" dependencies = [ "either", "rayon-core", @@ -165,9 +183,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.1" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -175,9 +193,9 @@ dependencies = [ [[package]] name = "rgb" -version = "0.8.50" +version = "0.8.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a" +checksum = "0c6a884d2998352bb4daf0183589aec883f16a6da1f4dde84d8e2e9a5409a1ce" dependencies = [ "bytemuck", ] @@ -188,12 +206,23 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +[[package]] +name = "simd-adler32" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe" + [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] + +[[package]] +name = "zlib-rs" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f06ae92f42f5e5c42443fd094f245eb656abf56dd7cce9b8b263236565e00f2" diff --git a/pkgs/by-name/li/libimagequant/package.nix b/pkgs/by-name/li/libimagequant/package.nix index ec783eb935710..75f8a26aa77c8 100644 --- a/pkgs/by-name/li/libimagequant/package.nix +++ b/pkgs/by-name/li/libimagequant/package.nix @@ -15,13 +15,13 @@ rustPlatform.buildRustPackage rec { pname = "libimagequant"; - version = "4.4.0"; + version = "4.4.1"; src = fetchFromGitHub { owner = "ImageOptim"; repo = "libimagequant"; rev = version; - hash = "sha256-c9j0wVwTWtNrPy9UUsc0Gxbe6lP82C3DMXe+k/ZBYEw="; + hash = "sha256-A7idjAAJ+syqIahyU+LPZBF+MLxVDymY+M3HM7d/qk0="; }; cargoLock = { diff --git a/pkgs/by-name/li/libopenmpt/package.nix b/pkgs/by-name/li/libopenmpt/package.nix index 23a5ea99f42ec..59c06637b4831 100644 --- a/pkgs/by-name/li/libopenmpt/package.nix +++ b/pkgs/by-name/li/libopenmpt/package.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { pname = "libopenmpt"; - version = "0.8.3"; + version = "0.8.4"; outputs = [ "out" @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz"; - hash = "sha256-JdSGpNqXKIGSdO0JWf15ocY1iVRxDVTBQEfGRXyMqKw="; + hash = "sha256-Yn+b8RqsrmFaHyyYLH6IyyHxGy1vAmeUb3yCxerklDs="; }; enableParallelBuilding = true; diff --git a/pkgs/by-name/li/libxslt/package.nix b/pkgs/by-name/li/libxslt/package.nix index ed1b8770b4cb4..1718598b01e7a 100644 --- a/pkgs/by-name/li/libxslt/package.nix +++ b/pkgs/by-name/li/libxslt/package.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "libxslt"; - version = "1.1.43"; + version = "1.1.45"; outputs = [ "bin" @@ -31,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://gnome/sources/libxslt/${lib.versions.majorMinor finalAttrs.version}/libxslt-${finalAttrs.version}.tar.xz"; - hash = "sha256-Wj1rODylr8I1sXERjpD1/2qifp/qMwMGUjGm1APwGDo="; + hash = "sha256-ms/mhBnE0GpFxVAyGzISdi2S9BRlBiyk6hnmMu5dIW4="; }; patches = [ diff --git a/pkgs/by-name/ma/man-db/package.nix b/pkgs/by-name/ma/man-db/package.nix index 0b173b013f7bf..99f20e044eae6 100644 --- a/pkgs/by-name/ma/man-db/package.nix +++ b/pkgs/by-name/ma/man-db/package.nix @@ -114,8 +114,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; doCheck = - !stdenv.hostPlatform.isMusl # iconv binary - ; + with stdenv.hostPlatform; + !isMusl # iconv binary + # It's unclear what exactly is happening here, but system log shows lines like: + # XprotectService: [com.apple.xprotect:xprotect] File $buildDir/$name/src/.libs/mandb failed on + # loadCmd $out/lib/man-db/libmandb-$version.dylib (loadCmd resolved to: (path not found), bundleURL: (null)) + && !(isDarwin && isAarch64); passthru.tests = { nixos = nixosTests.man; diff --git a/pkgs/by-name/pr/prmers/package.nix b/pkgs/by-name/pr/prmers/package.nix new file mode 100644 index 0000000000000..d412b811d699b --- /dev/null +++ b/pkgs/by-name/pr/prmers/package.nix @@ -0,0 +1,60 @@ +{ + curl, + fetchFromGitHub, + gmp, + lib, + ocl-icd, + opencl-headers, + stdenv, + versionCheckHook, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "prmers"; + version = "4.15.35-alpha"; + + src = fetchFromGitHub { + owner = "cherubrock-seb"; + repo = "PrMers"; + tag = "v${finalAttrs.version}"; + hash = "sha256-LAbWyz1FT9Zza4gewgKeMvQt8rwkfBhHRWBGpN+DIXE="; + }; + + enableParallelBuilding = true; + + buildInputs = [ + curl + gmp + ocl-icd + opencl-headers + ]; + + installPhase = '' + runHook preInstall + + make install PREFIX=$out KERNEL_PATH=$out/bin/kernels + + runHook postInstall + ''; + + doInstallCheck = true; + nativeInstallCheckInputs = [ + versionCheckHook + ]; + + versionCheckProgramArg = "-v"; + + meta = { + description = "GPU-accelerated Mersenne primality testing"; + longDescription = '' + PrMers is a high-performance GPU application for Lucas–Lehmer (LL), PRP, and P-1 testing of Mersenne numbers. + It uses OpenCL and integer NTT/IBDWT kernels and is built for long, reliable runs with checkpointing and PrimeNet submission. + ''; + homepage = "https://github.com/cherubrock-seb/PrMers"; + downloadPage = "https://github.com/cherubrock-seb/PrMers/releases/tag/v${finalAttrs.version}"; + maintainers = with lib.maintainers; [ dstremur ]; + license = lib.licenses.mit; + platforms = lib.platforms.linux; + mainProgram = "prmers"; + }; +}) diff --git a/pkgs/by-name/re/re2c/package.nix b/pkgs/by-name/re/re2c/package.nix index ea0ae6fe3fdb6..f3cd39eb7c811 100644 --- a/pkgs/by-name/re/re2c/package.nix +++ b/pkgs/by-name/re/re2c/package.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation rec { pname = "re2c"; - version = "4.3"; + version = "4.3.1"; src = fetchFromGitHub { owner = "skvadrik"; repo = "re2c"; rev = version; - hash = "sha256-zPOENMfXXgTwds1t+Lrmz9+GTHJf2yRpQsGT7nLRvcg="; + hash = "sha256-ihtAB6HLgYhX+FKPFy01RByy/M468YrHv2v5wB9bJws="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/sd/sdl2-compat/package.nix b/pkgs/by-name/sd/sdl2-compat/package.nix index e16eb5927cec0..fde780a230426 100644 --- a/pkgs/by-name/sd/sdl2-compat/package.nix +++ b/pkgs/by-name/sd/sdl2-compat/package.nix @@ -2,7 +2,6 @@ cmake, lib, fetchFromGitHub, - fetchpatch2, ninja, sdl3, stdenv, @@ -31,13 +30,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "sdl2-compat"; - version = "2.32.58"; + version = "2.32.60"; src = fetchFromGitHub { owner = "libsdl-org"; repo = "sdl2-compat"; tag = "release-${finalAttrs.version}"; - hash = "sha256-Ngmr/KG5dQ1IDVafn2Jw/29hFCzPGKc9GOenT/4fsIM="; + hash = "sha256-8nhSyifEeYEZj9tqid1x67jhxqmrR61NwQ/g0Z8vbw8="; }; nativeBuildInputs = [ @@ -74,12 +73,6 @@ stdenv.mkDerivation (finalAttrs: { patches = [ ./find-headers.patch - - # https://github.com/libsdl-org/sdl2-compat/pull/545 - (fetchpatch2 { - url = "https://github.com/libsdl-org/sdl2-compat/commit/b799076c72c2492224e81544f58f92b737cccbd3.patch?full_index=1"; - hash = "sha256-fAc8yBlT+XFHDKcF4MFgBAz2WtXGmhYzNNrjaGSr+do="; - }) ]; setupHook = ./setup-hook.sh; diff --git a/pkgs/by-name/sd/sdl3/package.nix b/pkgs/by-name/sd/sdl3/package.nix index 0e5feb85776ad..48ef594995ad4 100644 --- a/pkgs/by-name/sd/sdl3/package.nix +++ b/pkgs/by-name/sd/sdl3/package.nix @@ -61,7 +61,7 @@ assert lib.assertMsg (ibusSupport -> dbusSupport) "SDL3 requires dbus support to stdenv.mkDerivation (finalAttrs: { pname = "sdl3"; - version = "3.2.26"; + version = "3.2.28"; outputs = [ "lib" @@ -74,18 +74,14 @@ stdenv.mkDerivation (finalAttrs: { owner = "libsdl-org"; repo = "SDL"; tag = "release-${finalAttrs.version}"; - hash = "sha256-edcub/zeho4mB3tItp+PSD5l+H6jUPm3seiBP6ppT0k="; + hash = "sha256-nfnvzog1bON2IaBOeWociV82lmRY+qXgdeXBe6GYlww="; }; postPatch = # Tests timeout on Darwin - # `testtray` loads assets from a relative path, which we are patching to be absolute lib.optionalString (finalAttrs.finalPackage.doCheck) '' substituteInPlace test/CMakeLists.txt \ --replace-fail 'set(noninteractive_timeout 10)' 'set(noninteractive_timeout 30)' - - substituteInPlace test/testtray.c \ - --replace-warn '../test/' '${placeholder "installedTests"}/share/assets/' '' + lib.optionalString waylandSupport '' substituteInPlace src/video/wayland/SDL_waylandmessagebox.c \ diff --git a/pkgs/by-name/ut/util-linux/package.nix b/pkgs/by-name/ut/util-linux/package.nix index cd354611f9acd..0b1cb579bfd34 100644 --- a/pkgs/by-name/ut/util-linux/package.nix +++ b/pkgs/by-name/ut/util-linux/package.nix @@ -40,11 +40,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "util-linux" + lib.optionalString isMinimal "-minimal"; - version = "2.41.2"; + version = "2.41.3"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor finalAttrs.version}/util-linux-${finalAttrs.version}.tar.xz"; - hash = "sha256-YGKh2JtXGmGTLm/AIR82BgxBg1aLge6GbPNjvOn2WD4="; + hash = "sha256-MzDYc/D861VguJp9wU5PMoi72IDpaQPtm1DsK1eZ5Ys="; }; patches = [ diff --git a/pkgs/by-name/w3/w3m/https.patch b/pkgs/by-name/w3/w3m/https.patch new file mode 100644 index 0000000000000..31286a70d5ae2 --- /dev/null +++ b/pkgs/by-name/w3/w3m/https.patch @@ -0,0 +1,19 @@ +Fedora patch; see https://bugzilla.redhat.com/show_bug.cgi?id=707994 + +--- old/url.c 2011-01-04 14:52:24.000000000 +0530 ++++ new/url.c 2011-09-02 18:25:43.305652690 +0530 +@@ -82,11 +82,11 @@ + {"ftp", SCM_FTP}, + {"local", SCM_LOCAL}, + {"file", SCM_LOCAL}, +- /* {"exec", SCM_EXEC}, */ ++ {"exec", SCM_EXEC}, + {"nntp", SCM_NNTP}, +- /* {"nntp", SCM_NNTP_GROUP}, */ ++ {"nntp", SCM_NNTP_GROUP}, + {"news", SCM_NEWS}, +- /* {"news", SCM_NEWS_GROUP}, */ ++ {"news", SCM_NEWS_GROUP}, + {"data", SCM_DATA}, + #ifndef USE_W3MMAILER + {"mailto", SCM_MAILTO}, diff --git a/pkgs/by-name/w3/w3m/package.nix b/pkgs/by-name/w3/w3m/package.nix index c9d00588502aa..73e82859bf633 100644 --- a/pkgs/by-name/w3/w3m/package.nix +++ b/pkgs/by-name/w3/w3m/package.nix @@ -2,7 +2,6 @@ lib, stdenv, fetchFromSourcehut, - fetchpatch, ncurses, boehmgc, gettext, @@ -66,11 +65,7 @@ stdenv.mkDerivation (finalAttrs: { patches = [ ./RAND_egd.libressl.patch - (fetchpatch { - name = "https.patch"; - url = "https://aur.archlinux.org/cgit/aur.git/plain/https.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; - sha256 = "08skvaha1hjyapsh8zw5dgfy433mw2hk7qy9yy9avn8rjqj7kjxk"; - }) + ./https.patch ]; postPatch = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' diff --git a/pkgs/by-name/wo/wolfssl/package.nix b/pkgs/by-name/wo/wolfssl/package.nix index b85e2c2016e06..e904c4dfefcca 100644 --- a/pkgs/by-name/wo/wolfssl/package.nix +++ b/pkgs/by-name/wo/wolfssl/package.nix @@ -17,13 +17,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "wolfssl-${variant}"; - version = "5.8.2"; + version = "5.8.4"; src = fetchFromGitHub { owner = "wolfSSL"; repo = "wolfssl"; tag = "v${finalAttrs.version}-stable"; - hash = "sha256-rWBfpI6tdpKvQA/XdazBvU5hzyai5PtKRBpM4iplZDU="; + hash = "sha256-vfJKmDdM0r591t5GnuSS7NyiUYXCQOTKbWLVydB3N9s="; }; postPatch = '' diff --git a/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-detection.patch b/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-detection.patch index 810d8e6f69a12..41e1c4c89869d 100644 --- a/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-detection.patch +++ b/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-detection.patch @@ -1,11 +1,12 @@ --- a/libgcc/config.host +++ b/libgcc/config.host -@@ -239,7 +239,7 @@ case ${host} in +@@ -239,8 +239,8 @@ case ${host} in x86_64-*-darwin2[0-2]*) tmake_file="t-darwin-min-11 t-darwin-libgccs1 $tmake_file" ;; - *-*-darwin2*) +- tmake_file="t-darwin-min-11 $tmake_file" + *-*-darwin2* | *-*-darwin) - tmake_file="t-darwin-min-11 $tmake_file" ++ tmake_file="t-darwin-min-11 t-darwin-libgccs1 $tmake_file" ;; *-*-darwin1[89]*) diff --git a/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-fix-reexport.patch b/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-fix-reexport.patch new file mode 100644 index 0000000000000..dbb790e1eec3a --- /dev/null +++ b/pkgs/development/compilers/gcc/patches/15/libgcc-darwin-fix-reexport.patch @@ -0,0 +1,11 @@ +--- a/libgcc/config/t-slibgcc-darwin ++++ b/libgcc/config/t-slibgcc-darwin +@@ -139,8 +139,7 @@ libgcc_s.1.dylib: all-multi libgcc_s.$(SHLIB_SOVERSION)$(SHLIB_EXT) + $(CC) -arch $${arch} -nodefaultlibs -dynamiclib -nodefaultrpaths \ + -o libgcc_s.1$(SHLIB_EXT)_T_$${mlib} \ + -Wl,-reexport_library,libgcc_s.$(SHLIB_SOVERSION)$(SHLIB_EXT)_T_$${mlib} \ + -lSystem \ +- -Wl,-reexported_symbols_list,$(srcdir)/config/darwin-unwind.ver \ + -install_name $(SHLIB_RPATH)/libgcc_s.1.dylib \ + -compatibility_version 1 -current_version 1.1 ; \ + done diff --git a/pkgs/development/compilers/gcc/patches/default.nix b/pkgs/development/compilers/gcc/patches/default.nix index 93a1d4eb5cf35..d439a4133e78b 100644 --- a/pkgs/development/compilers/gcc/patches/default.nix +++ b/pkgs/development/compilers/gcc/patches/default.nix @@ -160,13 +160,17 @@ optionals noSysDirs ( ## Darwin -# Fixes detection of Darwin on x86_64-darwin. Otherwise, GCC uses a deployment target of 10.5, which crashes ld64. +# Fixes detection of Darwin on x86_64-darwin and aarch64-darwin. Otherwise, GCC uses a deployment target of 10.5, which crashes ld64. ++ optional ( + # this one would conflict with gcc-14-darwin-aarch64-support.patch is14 && stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64 ) ../patches/14/libgcc-darwin-detection.patch +++ optional (atLeast15 && stdenv.hostPlatform.isDarwin) ../patches/15/libgcc-darwin-detection.patch + +# Fix libgcc_s.1.dylib build on Darwin 11+ by not reexporting unwind symbols that don't exist ++ optional ( - atLeast15 && stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64 -) ../patches/15/libgcc-darwin-detection.patch + atLeast15 && stdenv.hostPlatform.isDarwin +) ../patches/15/libgcc-darwin-fix-reexport.patch # Fix detection of bootstrap compiler Ada support (cctools as) on Nix Darwin ++ optional (stdenv.hostPlatform.isDarwin && langAda) ./ada-cctools-as-detection-configure.patch diff --git a/pkgs/development/compilers/llvm/default.nix b/pkgs/development/compilers/llvm/default.nix index 2493597be8252..1e4f24cbc83f8 100644 --- a/pkgs/development/compilers/llvm/default.nix +++ b/pkgs/development/compilers/llvm/default.nix @@ -25,7 +25,7 @@ let "18.1.8".officialRelease.sha256 = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; "20.1.8".officialRelease.sha256 = "sha256-ysyB/EYxi2qE9fD5x/F2zI4vjn8UDoo1Z9ukiIrjFGw="; - "21.1.2".officialRelease.sha256 = "sha256-SgZdBL0ivfv6/4EqmPQ+I57qT2t6i/rqnm20+T1BsFY="; + "21.1.7".officialRelease.sha256 = "sha256-SaRJ7+iZMhhBdcUDuJpMAY4REQVhrvYMqI2aq3Kz08o="; "22.0.0-git".gitRelease = { rev = "2c72af88213c0f9c507d9c8b34a39de8173a6fcc"; rev-version = "22.0.0-unstable-2025-12-28"; diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index fc6123ff03723..5691047c7c59b 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -399,6 +399,10 @@ stdenv.mkDerivation (finalAttrs: { # backport fix for https://github.com/python/cpython/issues/95855 ./platform-triplet-detection.patch ] + ++ optionals (version == "3.13.10" || version == "3.14.1") [ + # https://github.com/python/cpython/issues/142218 + ./${lib.versions.majorMinor version}/gh-142218.patch + ] ++ optionals (stdenv.hostPlatform.isMinGW) ( let # https://src.fedoraproject.org/rpms/mingw-python3 diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index d1ac795c472f7..9c5dc4671b56a 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -20,10 +20,10 @@ sourceVersion = { major = "3"; minor = "13"; - patch = "9"; + patch = "11"; suffix = ""; }; - hash = "sha256-7V7zTNo2z6Lzo0DwfKx+eBT5HH88QR9tNWIyOoZsXGY="; + hash = "sha256-Fu3nu3zb+oldEbBkL6DlI/KR5khxlNU89tOzOMOhfqI="; }; }; @@ -91,10 +91,10 @@ sourceVersion = { major = "3"; minor = "14"; - patch = "0"; + patch = "2"; suffix = ""; }; - hash = "sha256-Ipna5ULTlc44g6ygDTyRAwfNaOCy9zNgmMjnt+7p8+k="; + hash = "sha256-zlQ6uFS8JWthtx6bJ/gx/9G/1gpHnWOfi+f5dXz1c+k="; inherit passthruFun; }; diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix index 03cebad999426..4e7a3b2e97ba0 100644 --- a/pkgs/development/libraries/c-ares/default.nix +++ b/pkgs/development/libraries/c-ares/default.nix @@ -18,12 +18,12 @@ stdenv.mkDerivation rec { pname = "c-ares"; - version = "1.34.5"; + version = "1.34.6"; src = fetchurl { # Note: tag name varies in some versions, e.g. v1.30.0, c-ares-1_17_0. url = "https://github.com/c-ares/c-ares/releases/download/v${version}/c-ares-${version}.tar.gz"; - hash = "sha256-fZNXkOmvCBwlxJX9E8LPzaR5KYNBjpY1jvbnMg7gY0Y="; + hash = "sha256-kS3XzDs+innFL9f7nA9Ozwqqc+Re/aiAJmotbia4TvU="; }; outputs = [ diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix index 3546929bcc4ff..10720a06a06ed 100644 --- a/pkgs/development/libraries/gstreamer/bad/default.nix +++ b/pkgs/development/libraries/gstreamer/bad/default.nix @@ -322,6 +322,9 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "doc" enableDocumentation) (lib.mesonEnable "directfb" false) (lib.mesonEnable "lcevcdecoder" lcevcdecSupport) + (lib.mesonEnable "ldac" ldacbtSupport) + (lib.mesonEnable "webrtcdsp" webrtcAudioProcessingSupport) + (lib.mesonEnable "isac" webrtcAudioProcessingSupport) ] ++ lib.optionals (!stdenv.hostPlatform.isLinux) [ "-Ddoc=disabled" # needs gstcuda to be enabled which is Linux-only diff --git a/pkgs/development/libraries/libxml2/common.nix b/pkgs/development/libraries/libxml2/common.nix index 88751671c479a..4b2f04bbc8f08 100644 --- a/pkgs/development/libraries/libxml2/common.nix +++ b/pkgs/development/libraries/libxml2/common.nix @@ -120,13 +120,6 @@ stdenv'.mkDerivation (finalAttrs: { moveToOutput lib/libxml2.a "$static" ''; - # TODO: Drop this; works around code signing issue on `staging-next-25.11`. - rebuildHack = - if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 && pythonSupport then - true - else - null; - passthru = { inherit pythonSupport; diff --git a/pkgs/development/python-modules/beautifulsoup4/default.nix b/pkgs/development/python-modules/beautifulsoup4/default.nix index 2e4c4078f8822..e81d3040df6a2 100644 --- a/pkgs/development/python-modules/beautifulsoup4/default.nix +++ b/pkgs/development/python-modules/beautifulsoup4/default.nix @@ -35,7 +35,7 @@ buildPythonPackage rec { pname = "beautifulsoup4"; - version = "4.13.4"; + version = "4.14.3"; pyproject = true; outputs = [ @@ -45,15 +45,15 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - hash = "sha256-27PE4c6uau/r2vJCMkcmDNBiQwpBDjjGbyuqUKhDcZU="; + hash = "sha256-YpKxxRhtNWu6Zp759/BRdXCZVlrZraXdYwvZ3l+n+4Y="; }; patches = [ - # backport test fix for behavior changes in libxml 2.14.3 + # Fix tests with python 3.13.10 / 3.14.1 (fetchpatch { - url = "https://git.launchpad.net/beautifulsoup/patch/?id=53d328406ec8c37c0edbd00ace3782be63e2e7e5"; + url = "https://git.launchpad.net/beautifulsoup/patch/?id=55f655ffb7ef03bdd1df0f013743831fe54e3c7a"; excludes = [ "CHANGELOG" ]; - hash = "sha256-RtavbpnfT6x0A8L3tAvCXwKUpty1ASPGJKdks7evBr8="; + hash = "sha256-DJl1pey0NdJH+SyBH9+y6gwUvQCmou0D9xcRAEV8OBw="; }) ]; diff --git a/pkgs/development/python-modules/blessed/default.nix b/pkgs/development/python-modules/blessed/default.nix index 98e27dccac5b9..82c357dfdb8a5 100644 --- a/pkgs/development/python-modules/blessed/default.nix +++ b/pkgs/development/python-modules/blessed/default.nix @@ -1,39 +1,50 @@ { lib, + stdenv, buildPythonPackage, - fetchPypi, - six, + fetchFromGitHub, + flit-core, wcwidth, - pytest, + six, + pytestCheckHook, mock, glibcLocales, }: -buildPythonPackage rec { +buildPythonPackage { pname = "blessed"; - version = "1.21.0"; - format = "setuptools"; + # We need https://github.com/jquast/blessed/pull/311 to fix 3.13 + version = "1.25-unstable-2025-12-05"; + pyproject = true; - src = fetchPypi { - inherit pname version; - hash = "sha256-7Oi7xHWKuRdkUvTjpxnXAIjrVzl5jNVYLJ4F8qKDN+w="; + src = fetchFromGitHub { + owner = "jquast"; + repo = "blessed"; + rev = "cee680ff7fb3ad31f42ae98582ba74629f1fd6b0"; + hash = "sha256-4K1W0LXJKkb2wKE6D+IkX3oI5KxkpKbO661W/VTHgts="; }; + build-system = [ flit-core ]; + + dependencies = [ + wcwidth + six + ]; + nativeCheckInputs = [ - pytest + pytestCheckHook mock glibcLocales ]; # Default tox.ini parameters not needed - checkPhase = '' + preCheck = '' rm tox.ini - pytest ''; - propagatedBuildInputs = [ - wcwidth - six + disabledTestPaths = lib.optionals stdenv.hostPlatform.isDarwin [ + # Fail with several AssertionError + "tests/test_sixel.py" ]; meta = { diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 3cbbdcb1333ff..8438091346f9a 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -92,6 +92,10 @@ buildPythonPackage rec { postPatch = '' substituteInPlace tests/utils_tests/test_autoreload.py \ --replace "/usr/bin/python" "${python.interpreter}" + + # test broke in 3.13 and django 4.2 is eol + substituteInPlace tests/utils_tests/test_html.py \ + --replace test_strip_tags do_not_test_strip_tags '' + lib.optionalString (pythonAtLeast "3.12" && stdenv.hostPlatform.system == "aarch64-linux") '' # Test regression after xz was reverted from 5.6.0 to 5.4.6 diff --git a/pkgs/development/python-modules/django/5_2.nix b/pkgs/development/python-modules/django/5_2.nix index 1d0e0399a90c0..699678257061c 100644 --- a/pkgs/development/python-modules/django/5_2.nix +++ b/pkgs/development/python-modules/django/5_2.nix @@ -3,7 +3,7 @@ stdenv, buildPythonPackage, fetchFromGitHub, - pythonAtLeast, + fetchpatch, pythonOlder, replaceVars, @@ -63,6 +63,18 @@ buildPythonPackage rec { ./django_5_tests_pythonpath.patch # disable test that expects timezone issues ./django_5_disable_failing_tests.patch + + # 3.14.1/3.13.10 comapt + (fetchpatch { + # https://github.com/django/django/pull/20390 + url = "https://github.com/django/django/commit/5ca0f62213911a77dd4a62e843db7e420cc98b78.patch"; + hash = "sha256-SpVdbS4S5wqvrrUOoZJ7d2cIbtmgI0mvxwwCveSA068="; + }) + (fetchpatch { + # https://github.com/django/django/pull/20392 + url = "https://github.com/django/django/commit/9cc231e8243091519f5d627cd02ee40bbb853ced.patch"; + hash = "sha256-/aimmqxurMCCntraxOtybEq8qNgZgQWLD5Gxs/3pkIU="; + }) ] ++ lib.optionals withGdal [ (replaceVars ./django_5_set_geos_gdal_lib.patch { diff --git a/pkgs/development/python-modules/filelock/default.nix b/pkgs/development/python-modules/filelock/default.nix index 926bc2ad5cfda..760286a19faf8 100644 --- a/pkgs/development/python-modules/filelock/default.nix +++ b/pkgs/development/python-modules/filelock/default.nix @@ -12,12 +12,12 @@ buildPythonPackage rec { pname = "filelock"; - version = "3.20.0"; + version = "3.20.1"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-cR6UO07GvkLh1OZpC0jcF1yCKWdGa7McDCk/NDNME/Q="; + hash = "sha256-uDYJSLNRuA9CCHjYUWUZoiBLB6783P0kkSpdMxJ/GIw="; }; build-system = [ diff --git a/pkgs/development/python-modules/flax/default.nix b/pkgs/development/python-modules/flax/default.nix index 57f649c2d58b5..6ddfd0f8e20fe 100644 --- a/pkgs/development/python-modules/flax/default.nix +++ b/pkgs/development/python-modules/flax/default.nix @@ -102,6 +102,18 @@ buildPythonPackage rec { # AssertionError: nnx_model.kernel.value.sharding = NamedSharding(... "test_linen_to_nnx_metadata" + + # AssertionError: 'Linear_0' not found in State({}) + "test_compact_basic" + # KeyError: 'intermediates' + "test_linen_submodule" + "test_pure_nnx_submodule" + # KeyError: 'counts + "test_mutable_state" + # AttributeError: 'Top' object has no attribute '_pytree__state'. Did you mean: '_pytree__flatten'? + "test_shared_modules" + # AttributeError: 'MLP' object has no attribute 'scope + "test_transforms" ]; passthru = { diff --git a/pkgs/development/python-modules/pygame-ce/0001-Use-SDL_AllocFormat-instead-of-creating-it-manually.patch b/pkgs/development/python-modules/pygame-ce/0001-Use-SDL_AllocFormat-instead-of-creating-it-manually.patch deleted file mode 100644 index 1e1f407dbc193..0000000000000 --- a/pkgs/development/python-modules/pygame-ce/0001-Use-SDL_AllocFormat-instead-of-creating-it-manually.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 3e3fbdc11ab00c4c04eb68c40b23979245c987fa Mon Sep 17 00:00:00 2001 -From: Marcin Serwin -Date: Sat, 8 Nov 2025 19:47:41 +0100 -Subject: [PATCH] Use SDL_AllocFormat instead of creating it manually - -According to the docs, `SDL_PixelFormat` is a read-only structure. -Creating it manually leaves out some important fields like `format` and -`next` pointer to be undefined. - -Signed-off-by: Marcin Serwin ---- - src_c/surface.c | 80 ++++++++++++++----------------------------------- - 1 file changed, 23 insertions(+), 57 deletions(-) - -diff --git a/src_c/surface.c b/src_c/surface.c -index f118a4db4..e51e80554 100644 ---- a/src_c/surface.c -+++ b/src_c/surface.c -@@ -1844,9 +1844,8 @@ surf_convert(pgSurfaceObject *self, PyObject *args) - */ - int bpp = 0; - SDL_Palette *palette = SDL_AllocPalette(default_palette_size); -- SDL_PixelFormat format; -+ Uint32 format_enum = 0; - -- memcpy(&format, surf->format, sizeof(format)); - if (pg_IntFromObj(argobject, &bpp)) { - Uint32 Rmask, Gmask, Bmask, Amask; - -@@ -1904,30 +1903,23 @@ surf_convert(pgSurfaceObject *self, PyObject *args) - "nonstandard bit depth given"); - } - } -- format.Rmask = Rmask; -- format.Gmask = Gmask; -- format.Bmask = Bmask; -- format.Amask = Amask; -+ format_enum = SDL_MasksToPixelFormatEnum(bpp, Rmask, Gmask, -+ Bmask, Amask); - } - else if (PySequence_Check(argobject) && - PySequence_Size(argobject) == 4) { -- Uint32 mask; -+ Uint32 Rmask, Gmask, Bmask, Amask; - -- if (!pg_UintFromObjIndex(argobject, 0, &format.Rmask) || -- !pg_UintFromObjIndex(argobject, 1, &format.Gmask) || -- !pg_UintFromObjIndex(argobject, 2, &format.Bmask) || -- !pg_UintFromObjIndex(argobject, 3, &format.Amask)) { -+ if (!pg_UintFromObjIndex(argobject, 0, &Rmask) || -+ !pg_UintFromObjIndex(argobject, 1, &Gmask) || -+ !pg_UintFromObjIndex(argobject, 2, &Bmask) || -+ !pg_UintFromObjIndex(argobject, 3, &Amask)) { - pgSurface_Unprep(self); - return RAISE(PyExc_ValueError, - "invalid color masks given"); - } -- mask = -- format.Rmask | format.Gmask | format.Bmask | format.Amask; -- for (bpp = 0; bpp < 32; ++bpp) { -- if (!(mask >> bpp)) { -- break; -- } -- } -+ format_enum = SDL_MasksToPixelFormatEnum(bpp, Rmask, Gmask, -+ Bmask, Amask); - } - else { - pgSurface_Unprep(self); -@@ -1935,22 +1927,11 @@ surf_convert(pgSurfaceObject *self, PyObject *args) - PyExc_ValueError, - "invalid argument specifying new format to convert to"); - } -- format.BitsPerPixel = (Uint8)bpp; -- format.BytesPerPixel = (bpp + 7) / 8; -- if (PG_FORMAT_BitsPerPixel((&format)) > 8) { -- /* Allow a 8 bit source surface with an empty palette to be -- * converted to a format without a palette (pygame-ce issue -- * #146). If the target format has a non-NULL palette pointer -- * then SDL_ConvertSurface checks that the palette is not -- * empty-- that at least one entry is not black. -- */ -- format.palette = NULL; -- } -- if (SDL_ISPIXELFORMAT_INDEXED(SDL_MasksToPixelFormatEnum( -- PG_FORMAT_BitsPerPixel((&format)), format.Rmask, -- format.Gmask, format.Bmask, format.Amask))) { -+ SDL_PixelFormat *format = SDL_AllocFormat(format_enum); -+ -+ if (SDL_ISPIXELFORMAT_INDEXED(format_enum)) { - if (SDL_ISPIXELFORMAT_INDEXED(PG_SURF_FORMATENUM(surf))) { -- SDL_SetPixelFormatPalette(&format, surf->format->palette); -+ SDL_SetPixelFormatPalette(format, surf->format->palette); - } - else { - /* Give the surface something other than an all white -@@ -1958,12 +1939,13 @@ surf_convert(pgSurfaceObject *self, PyObject *args) - */ - SDL_SetPaletteColors(palette, default_palette_colors, 0, - default_palette_size); -- SDL_SetPixelFormatPalette(&format, palette); -+ SDL_SetPixelFormatPalette(format, palette); - } - } -- newsurf = PG_ConvertSurface(surf, &format); -+ newsurf = PG_ConvertSurface(surf, format); - SDL_SetSurfaceBlendMode(newsurf, SDL_BLENDMODE_NONE); - SDL_FreePalette(palette); -+ SDL_FreeFormat(format); - } - } - else { -@@ -4540,29 +4522,13 @@ pgSurface_Blit(pgSurfaceObject *dstobj, pgSurfaceObject *srcobj, - } - else { - SDL_PixelFormat *fmt = src->format; -- SDL_PixelFormat newfmt; -+ SDL_PixelFormat *newfmt = -+ SDL_AllocFormat(SDL_MasksToPixelFormatEnum( -+ fmt->BitsPerPixel, fmt->Rmask, fmt->Gmask, fmt->Bmask, 0)); - -- newfmt.palette = 0; /* Set NULL (or SDL gets confused) */ --#if SDL_VERSION_ATLEAST(3, 0, 0) -- newfmt.bits_per_pixel = fmt->bits_per_pixel; -- newfmt.bytes_per_pixel = fmt->bytes_per_pixel; --#else -- newfmt.BitsPerPixel = fmt->BitsPerPixel; -- newfmt.BytesPerPixel = fmt->BytesPerPixel; --#endif -- newfmt.Amask = 0; -- newfmt.Rmask = fmt->Rmask; -- newfmt.Gmask = fmt->Gmask; -- newfmt.Bmask = fmt->Bmask; -- newfmt.Ashift = 0; -- newfmt.Rshift = fmt->Rshift; -- newfmt.Gshift = fmt->Gshift; -- newfmt.Bshift = fmt->Bshift; -- newfmt.Aloss = 0; -- newfmt.Rloss = fmt->Rloss; -- newfmt.Gloss = fmt->Gloss; -- newfmt.Bloss = fmt->Bloss; -- src = PG_ConvertSurface(src, &newfmt); -+ src = PG_ConvertSurface(src, newfmt); -+ -+ SDL_FreeFormat(newfmt); - if (src) { - #if SDL_VERSION_ATLEAST(3, 0, 0) - result = SDL_BlitSurface(src, srcrect, dst, dstrect) ? 0 : -1; --- -2.51.0 - diff --git a/pkgs/development/python-modules/pygame-ce/default.nix b/pkgs/development/python-modules/pygame-ce/default.nix index 1f132ab7fab0c..ed120e12e7613 100644 --- a/pkgs/development/python-modules/pygame-ce/default.nix +++ b/pkgs/development/python-modules/pygame-ce/default.nix @@ -62,11 +62,8 @@ buildPythonPackage rec { ); }) - # Can be removed with the next SDL3 bump. + # Can be removed after the SDL 3.4.0 bump. ./skip-rle-tests.patch - - # https://github.com/pygame-community/pygame-ce/pull/3639 - ./0001-Use-SDL_AllocFormat-instead-of-creating-it-manually.patch ]; postPatch = '' diff --git a/pkgs/development/python-modules/pygame-ce/skip-rle-tests.patch b/pkgs/development/python-modules/pygame-ce/skip-rle-tests.patch index f7ecc1ccb3305..6b488f0c880a0 100644 --- a/pkgs/development/python-modules/pygame-ce/skip-rle-tests.patch +++ b/pkgs/development/python-modules/pygame-ce/skip-rle-tests.patch @@ -2,14 +2,6 @@ diff --git a/test/surface_test.py b/test/surface_test.py index c2c91f4f5..58d916de8 100644 --- a/test/surface_test.py +++ b/test/surface_test.py -@@ -404,6 +404,7 @@ class SurfaceTypeTest(unittest.TestCase): - finally: - pygame.display.quit() - -+ @unittest.skipIf(True, "https://github.com/libsdl-org/SDL/pull/14429") - def test_solarwolf_rle_usage_2(self): - """Test for RLE status after setting alpha""" - @@ -435,6 +436,7 @@ class SurfaceTypeTest(unittest.TestCase): finally: pygame.display.quit() diff --git a/pkgs/development/python-modules/tabulate/default.nix b/pkgs/development/python-modules/tabulate/default.nix index ac3450f87e1e8..b845af0e46054 100644 --- a/pkgs/development/python-modules/tabulate/default.nix +++ b/pkgs/development/python-modules/tabulate/default.nix @@ -35,6 +35,11 @@ buildPythonPackage rec { ] ++ lib.flatten (builtins.attrValues optional-dependencies); + # Tests against stdlib behavior which changed in https://github.com/python/cpython/pull/139070 + disabledTests = [ + "test_wrap_multiword_non_wide" + ]; + meta = { description = "Pretty-print tabular data"; mainProgram = "tabulate"; diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 4078baca698ab..316a281a106fb 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -5,6 +5,7 @@ pythonAtLeast, pythonOlder, fetchPypi, + fetchpatch, python, # build-system @@ -56,9 +57,7 @@ buildPythonPackage rec { pname = "twisted"; version = "25.5.0"; - format = "pyproject"; - - disabled = pythonOlder "3.6"; + pyproject = true; src = fetchPypi { inherit pname version; @@ -66,15 +65,30 @@ buildPythonPackage rec { hash = "sha256-HesnI1jLa+Hj6PxvnIs2946w+nwiM9Lb4R7G/uBOoxY="; }; + patches = [ + (fetchpatch { + # https://github.com/twisted/twisted/pull/12508 + url = "https://github.com/twisted/twisted/commit/ef6160aa2595adfba0c71da6db65b7a7252f23e9.patch"; + hash = "sha256-zHkEWT0lvWf86RlkzU5Wx6R5ear04cfpxB7wjgdpw5c="; + }) + # https://github.com/twisted/twisted/pull/12511 + ./python314-urljoin-compat.patch + (fetchpatch { + # https://github.com/twisted/twisted/pull/12551 + url = "https://github.com/twisted/twisted/commit/b1173fa307a9752eedd63890113eb610c3cca4a0.patch"; + hash = "sha256-DWEygdo1b8uQOeFLy0/zcRNuuKJdSsF7cQM7RH04Puw="; + }) + ]; + __darwinAllowLocalNetworking = true; - nativeBuildInputs = [ + build-system = [ hatchling hatch-fancy-pypi-readme incremental ]; - propagatedBuildInputs = [ + dependencies = [ attrs automat constantly @@ -172,6 +186,12 @@ buildPythonPackage rec { "ProcessTestsBuilder_AsyncioSelectorReactorTests.test_processEnded" "ProcessTestsBuilder_SelectReactorTests.test_processEnded" ]; + "src/twisted/internet/test/test_tcp.py" = [ + # marked as flaky on macOS by upstream + # https://github.com/twisted/twisted/blob/twisted-25.5.0/src/twisted/internet/test/test_tcp.py + "AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort" + "AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbortLater" + ]; }; in lib.concatStringsSep "\n" ( diff --git a/pkgs/development/python-modules/twisted/python314-urljoin-compat.patch b/pkgs/development/python-modules/twisted/python314-urljoin-compat.patch new file mode 100644 index 0000000000000..dbae3bf605fab --- /dev/null +++ b/pkgs/development/python-modules/twisted/python314-urljoin-compat.patch @@ -0,0 +1,13 @@ +diff --git a/src/twisted/web/client.py b/src/twisted/web/client.py +index d3cd11fb84..5f18965759 100644 +--- a/src/twisted/web/client.py ++++ b/src/twisted/web/client.py +@@ -220,7 +220,7 @@ def _urljoin(base, url): + """ + base, baseFrag = urldefrag(base) + url, urlFrag = urldefrag(urljoin(base, url)) +- return urljoin(url, b"#" + (urlFrag or baseFrag)) ++ return urljoin(url, b"#" + (urlFrag or baseFrag)).strip(b"#") + + + def _makeGetterFactory(url, factoryFactory, contextFactory=None, *args, **kwargs): diff --git a/pkgs/development/python-modules/urllib3/CVE-2025-66418.patch b/pkgs/development/python-modules/urllib3/CVE-2025-66418.patch new file mode 100644 index 0000000000000..361430afc25e8 --- /dev/null +++ b/pkgs/development/python-modules/urllib3/CVE-2025-66418.patch @@ -0,0 +1,73 @@ +From 2284e948f74b40365ff772ef50d06a1930670537 Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Fri, 5 Dec 2025 16:41:33 +0200 +Subject: [PATCH 2/2] Unbounded number of links in the decompression chain + +https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 + +Fixes: CVE-2025-66418 +--- + changelog/GHSA-gm62-xv2j-4w53.security.rst | 4 ++++ + src/urllib3/response.py | 12 +++++++++++- + test/test_response.py | 10 ++++++++++ + 3 files changed, 25 insertions(+), 1 deletion(-) + create mode 100644 changelog/GHSA-gm62-xv2j-4w53.security.rst + +diff --git a/changelog/GHSA-gm62-xv2j-4w53.security.rst b/changelog/GHSA-gm62-xv2j-4w53.security.rst +new file mode 100644 +index 00000000..6646eaa3 +--- /dev/null ++++ b/changelog/GHSA-gm62-xv2j-4w53.security.rst +@@ -0,0 +1,4 @@ ++Fixed a security issue where an attacker could compose an HTTP response with ++virtually unlimited links in the ``Content-Encoding`` header, potentially ++leading to a denial of service (DoS) attack by exhausting system resources ++during decoding. The number of allowed chained encodings is now limited to 5. +diff --git a/src/urllib3/response.py b/src/urllib3/response.py +index 0303ce89..7ea7176f 100644 +--- a/src/urllib3/response.py ++++ b/src/urllib3/response.py +@@ -342,8 +342,18 @@ class MultiDecoder(ContentDecoder): + they were applied. + """ + ++ # Maximum allowed number of chained HTTP encodings in the ++ # Content-Encoding header. ++ max_decode_links = 5 ++ + def __init__(self, modes: str) -> None: +- self._decoders = [_get_decoder(m.strip()) for m in modes.split(",")] ++ encodings = [m.strip() for m in modes.split(",")] ++ if len(encodings) > self.max_decode_links: ++ raise DecodeError( ++ "Too many content encodings in the chain: " ++ f"{len(encodings)} > {self.max_decode_links}" ++ ) ++ self._decoders = [_get_decoder(e) for e in encodings] + + def flush(self) -> bytes: + return self._decoders[0].flush() +diff --git a/test/test_response.py b/test/test_response.py +index 301b04ce..3a728990 100644 +--- a/test/test_response.py ++++ b/test/test_response.py +@@ -843,6 +843,16 @@ class TestResponse: + assert r.read(9 * 37) == b"foobarbaz" * 37 + assert r.read() == b"" + ++ def test_read_multi_decoding_too_many_links(self) -> None: ++ fp = BytesIO(b"foo") ++ with pytest.raises( ++ DecodeError, match="Too many content encodings in the chain: 6 > 5" ++ ): ++ HTTPResponse( ++ fp, ++ headers={"content-encoding": "gzip, deflate, br, zstd, gzip, deflate"}, ++ ) ++ + def test_body_blob(self) -> None: + resp = HTTPResponse(b"foo") + assert resp.data == b"foo" +-- +2.51.2 + diff --git a/pkgs/development/python-modules/urllib3/CVE-2025-66471.patch b/pkgs/development/python-modules/urllib3/CVE-2025-66471.patch new file mode 100644 index 0000000000000..e38444bdb221e --- /dev/null +++ b/pkgs/development/python-modules/urllib3/CVE-2025-66471.patch @@ -0,0 +1,811 @@ +From 1c23a491ec4945a08f419f04f75ca7a0d13aef35 Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Fri, 5 Dec 2025 16:40:41 +0200 +Subject: [PATCH 1/2] Streaming API improperly handles highly compressed data + +https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 + +Fixes: CVE-2025-66471 +--- + pyproject.toml | 5 +- + src/urllib3/response.py | 278 ++++++++++++++++++++++++++++++++++------ + test/test_response.py | 269 +++++++++++++++++++++++++++++++++++++- + 3 files changed, 506 insertions(+), 46 deletions(-) + +diff --git a/pyproject.toml b/pyproject.toml +index 60fce65d..b785bf13 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -41,8 +41,8 @@ dynamic = ["version"] + + [project.optional-dependencies] + brotli = [ +- "brotli>=1.0.9; platform_python_implementation == 'CPython'", +- "brotlicffi>=0.8.0; platform_python_implementation != 'CPython'" ++ "brotli>=1.2.0; platform_python_implementation == 'CPython'", ++ "brotlicffi>=1.2.0.0; platform_python_implementation != 'CPython'" + ] + # Once we drop support for Python 3.13 this extra can be removed. + # We'll need a deprecation period for the 'zstandard' module support +@@ -160,6 +160,7 @@ filterwarnings = [ + '''default:ssl\.PROTOCOL_TLSv1_1 is deprecated:DeprecationWarning''', + '''default:ssl\.PROTOCOL_TLSv1_2 is deprecated:DeprecationWarning''', + '''default:ssl NPN is deprecated, use ALPN instead:DeprecationWarning''', ++ '''default:Brotli >= 1.2.0 is required to prevent decompression bombs\.:urllib3.exceptions.DependencyWarning''', + # https://github.com/SeleniumHQ/selenium/issues/13328 + '''default:unclosed file <_io\.BufferedWriter name='/dev/null'>:ResourceWarning''', + # https://github.com/SeleniumHQ/selenium/issues/14686 +diff --git a/src/urllib3/response.py b/src/urllib3/response.py +index 5632dab3..0303ce89 100644 +--- a/src/urllib3/response.py ++++ b/src/urllib3/response.py +@@ -33,6 +33,7 @@ from .connection import BaseSSLError, HTTPConnection, HTTPException + from .exceptions import ( + BodyNotHttplibCompatible, + DecodeError, ++ DependencyWarning, + HTTPError, + IncompleteRead, + InvalidChunkLength, +@@ -52,7 +53,11 @@ log = logging.getLogger(__name__) + + + class ContentDecoder: +- def decompress(self, data: bytes) -> bytes: ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: ++ raise NotImplementedError() ++ ++ @property ++ def has_unconsumed_tail(self) -> bool: + raise NotImplementedError() + + def flush(self) -> bytes: +@@ -62,30 +67,57 @@ class ContentDecoder: + class DeflateDecoder(ContentDecoder): + def __init__(self) -> None: + self._first_try = True +- self._data = b"" ++ self._first_try_data = b"" ++ self._unfed_data = b"" + self._obj = zlib.decompressobj() + +- def decompress(self, data: bytes) -> bytes: +- if not data: ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: ++ data = self._unfed_data + data ++ self._unfed_data = b"" ++ if not data and not self._obj.unconsumed_tail: + return data ++ original_max_length = max_length ++ if original_max_length < 0: ++ max_length = 0 ++ elif original_max_length == 0: ++ # We should not pass 0 to the zlib decompressor because 0 is ++ # the default value that will make zlib decompress without a ++ # length limit. ++ # Data should be stored for subsequent calls. ++ self._unfed_data = data ++ return b"" + ++ # Subsequent calls always reuse `self._obj`. zlib requires ++ # passing the unconsumed tail if decompression is to continue. + if not self._first_try: +- return self._obj.decompress(data) ++ return self._obj.decompress( ++ self._obj.unconsumed_tail + data, max_length=max_length ++ ) + +- self._data += data ++ # First call tries with RFC 1950 ZLIB format. ++ self._first_try_data += data + try: +- decompressed = self._obj.decompress(data) ++ decompressed = self._obj.decompress(data, max_length=max_length) + if decompressed: + self._first_try = False +- self._data = None # type: ignore[assignment] ++ self._first_try_data = b"" + return decompressed ++ # On failure, it falls back to RFC 1951 DEFLATE format. + except zlib.error: + self._first_try = False + self._obj = zlib.decompressobj(-zlib.MAX_WBITS) + try: +- return self.decompress(self._data) ++ return self.decompress( ++ self._first_try_data, max_length=original_max_length ++ ) + finally: +- self._data = None # type: ignore[assignment] ++ self._first_try_data = b"" ++ ++ @property ++ def has_unconsumed_tail(self) -> bool: ++ return bool(self._unfed_data) or ( ++ bool(self._obj.unconsumed_tail) and not self._first_try ++ ) + + def flush(self) -> bytes: + return self._obj.flush() +@@ -101,27 +133,61 @@ class GzipDecoder(ContentDecoder): + def __init__(self) -> None: + self._obj = zlib.decompressobj(16 + zlib.MAX_WBITS) + self._state = GzipDecoderState.FIRST_MEMBER ++ self._unconsumed_tail = b"" + +- def decompress(self, data: bytes) -> bytes: ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: + ret = bytearray() +- if self._state == GzipDecoderState.SWALLOW_DATA or not data: ++ if self._state == GzipDecoderState.SWALLOW_DATA: ++ return bytes(ret) ++ ++ if max_length == 0: ++ # We should not pass 0 to the zlib decompressor because 0 is ++ # the default value that will make zlib decompress without a ++ # length limit. ++ # Data should be stored for subsequent calls. ++ self._unconsumed_tail += data ++ return b"" ++ ++ # zlib requires passing the unconsumed tail to the subsequent ++ # call if decompression is to continue. ++ data = self._unconsumed_tail + data ++ if not data and self._obj.eof: + return bytes(ret) ++ + while True: + try: +- ret += self._obj.decompress(data) ++ ret += self._obj.decompress( ++ data, max_length=max(max_length - len(ret), 0) ++ ) + except zlib.error: + previous_state = self._state + # Ignore data after the first error + self._state = GzipDecoderState.SWALLOW_DATA ++ self._unconsumed_tail = b"" + if previous_state == GzipDecoderState.OTHER_MEMBERS: + # Allow trailing garbage acceptable in other gzip clients + return bytes(ret) + raise +- data = self._obj.unused_data ++ ++ self._unconsumed_tail = data = ( ++ self._obj.unconsumed_tail or self._obj.unused_data ++ ) ++ if max_length > 0 and len(ret) >= max_length: ++ break ++ + if not data: + return bytes(ret) +- self._state = GzipDecoderState.OTHER_MEMBERS +- self._obj = zlib.decompressobj(16 + zlib.MAX_WBITS) ++ # When the end of a gzip member is reached, a new decompressor ++ # must be created for unused (possibly future) data. ++ if self._obj.eof: ++ self._state = GzipDecoderState.OTHER_MEMBERS ++ self._obj = zlib.decompressobj(16 + zlib.MAX_WBITS) ++ ++ return bytes(ret) ++ ++ @property ++ def has_unconsumed_tail(self) -> bool: ++ return bool(self._unconsumed_tail) + + def flush(self) -> bytes: + return self._obj.flush() +@@ -136,9 +202,35 @@ if brotli is not None: + def __init__(self) -> None: + self._obj = brotli.Decompressor() + if hasattr(self._obj, "decompress"): +- setattr(self, "decompress", self._obj.decompress) ++ setattr(self, "_decompress", self._obj.decompress) + else: +- setattr(self, "decompress", self._obj.process) ++ setattr(self, "_decompress", self._obj.process) ++ ++ # Requires Brotli >= 1.2.0 for `output_buffer_limit`. ++ def _decompress(self, data: bytes, output_buffer_limit: int = -1) -> bytes: ++ raise NotImplementedError() ++ ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: ++ try: ++ if max_length > 0: ++ return self._decompress(data, output_buffer_limit=max_length) ++ else: ++ return self._decompress(data) ++ except TypeError: ++ # Fallback for Brotli/brotlicffi/brotlipy versions without ++ # the `output_buffer_limit` parameter. ++ warnings.warn( ++ "Brotli >= 1.2.0 is required to prevent decompression bombs.", ++ DependencyWarning, ++ ) ++ return self._decompress(data) ++ ++ @property ++ def has_unconsumed_tail(self) -> bool: ++ try: ++ return not self._obj.can_accept_more_data() ++ except AttributeError: ++ return False + + def flush(self) -> bytes: + if hasattr(self._obj, "flush"): +@@ -156,16 +248,46 @@ try: + def __init__(self) -> None: + self._obj = zstd.ZstdDecompressor() + +- def decompress(self, data: bytes) -> bytes: +- if not data: ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: ++ if not data and not self.has_unconsumed_tail: + return b"" +- data_parts = [self._obj.decompress(data)] +- while self._obj.eof and self._obj.unused_data: +- unused_data = self._obj.unused_data ++ if self._obj.eof: ++ data = self._obj.unused_data + data + self._obj = zstd.ZstdDecompressor() +- data_parts.append(self._obj.decompress(unused_data)) ++ part = self._obj.decompress(data, max_length=max_length) ++ length = len(part) ++ data_parts = [part] ++ # Every loop iteration is supposed to read data from a separate frame. ++ # The loop breaks when: ++ # - enough data is read; ++ # - no more unused data is available; ++ # - end of the last read frame has not been reached (i.e., ++ # more data has to be fed). ++ while ( ++ self._obj.eof ++ and self._obj.unused_data ++ and (max_length < 0 or length < max_length) ++ ): ++ unused_data = self._obj.unused_data ++ if not self._obj.needs_input: ++ self._obj = zstd.ZstdDecompressor() ++ part = self._obj.decompress( ++ unused_data, ++ max_length=(max_length - length) if max_length > 0 else -1, ++ ) ++ if part_length := len(part): ++ data_parts.append(part) ++ length += part_length ++ elif self._obj.needs_input: ++ break + return b"".join(data_parts) + ++ @property ++ def has_unconsumed_tail(self) -> bool: ++ return not (self._obj.needs_input or self._obj.eof) or bool( ++ self._obj.unused_data ++ ) ++ + def flush(self) -> bytes: + if not self._obj.eof: + raise DecodeError("Zstandard data is incomplete") +@@ -226,10 +348,35 @@ class MultiDecoder(ContentDecoder): + def flush(self) -> bytes: + return self._decoders[0].flush() + +- def decompress(self, data: bytes) -> bytes: +- for d in reversed(self._decoders): +- data = d.decompress(data) +- return data ++ def decompress(self, data: bytes, max_length: int = -1) -> bytes: ++ if max_length <= 0: ++ for d in reversed(self._decoders): ++ data = d.decompress(data) ++ return data ++ ++ ret = bytearray() ++ # Every while loop iteration goes through all decoders once. ++ # It exits when enough data is read or no more data can be read. ++ # It is possible that the while loop iteration does not produce ++ # any data because we retrieve up to `max_length` from every ++ # decoder, and the amount of bytes may be insufficient for the ++ # next decoder to produce enough/any output. ++ while True: ++ any_data = False ++ for d in reversed(self._decoders): ++ data = d.decompress(data, max_length=max_length - len(ret)) ++ if data: ++ any_data = True ++ # We should not break when no data is returned because ++ # next decoders may produce data even with empty input. ++ ret += data ++ if not any_data or len(ret) >= max_length: ++ return bytes(ret) ++ data = b"" ++ ++ @property ++ def has_unconsumed_tail(self) -> bool: ++ return any(d.has_unconsumed_tail for d in self._decoders) + + + def _get_decoder(mode: str) -> ContentDecoder: +@@ -262,9 +409,6 @@ class BytesQueueBuffer: + + * self.buffer, which contains the full data + * the largest chunk that we will copy in get() +- +- The worst case scenario is a single chunk, in which case we'll make a full copy of +- the data inside get(). + """ + + def __init__(self) -> None: +@@ -286,6 +430,10 @@ class BytesQueueBuffer: + elif n < 0: + raise ValueError("n should be > 0") + ++ if len(self.buffer[0]) == n and isinstance(self.buffer[0], bytes): ++ self._size -= n ++ return self.buffer.popleft() ++ + fetched = 0 + ret = io.BytesIO() + while fetched < n: +@@ -492,7 +640,11 @@ class BaseHTTPResponse(io.IOBase): + self._decoder = _get_decoder(content_encoding) + + def _decode( +- self, data: bytes, decode_content: bool | None, flush_decoder: bool ++ self, ++ data: bytes, ++ decode_content: bool | None, ++ flush_decoder: bool, ++ max_length: int | None = None, + ) -> bytes: + """ + Decode the data passed in and potentially flush the decoder. +@@ -505,9 +657,12 @@ class BaseHTTPResponse(io.IOBase): + ) + return data + ++ if max_length is None or flush_decoder: ++ max_length = -1 ++ + try: + if self._decoder: +- data = self._decoder.decompress(data) ++ data = self._decoder.decompress(data, max_length=max_length) + self._has_decoded_content = True + except self.DECODER_ERROR_CLASSES as e: + content_encoding = self.headers.get("content-encoding", "").lower() +@@ -974,6 +1129,14 @@ class HTTPResponse(BaseHTTPResponse): + elif amt is not None: + cache_content = False + ++ if self._decoder and self._decoder.has_unconsumed_tail: ++ decoded_data = self._decode( ++ b"", ++ decode_content, ++ flush_decoder=False, ++ max_length=amt - len(self._decoded_buffer), ++ ) ++ self._decoded_buffer.put(decoded_data) + if len(self._decoded_buffer) >= amt: + return self._decoded_buffer.get(amt) + +@@ -981,7 +1144,11 @@ class HTTPResponse(BaseHTTPResponse): + + flush_decoder = amt is None or (amt != 0 and not data) + +- if not data and len(self._decoded_buffer) == 0: ++ if ( ++ not data ++ and len(self._decoded_buffer) == 0 ++ and not (self._decoder and self._decoder.has_unconsumed_tail) ++ ): + return data + + if amt is None: +@@ -998,7 +1165,12 @@ class HTTPResponse(BaseHTTPResponse): + ) + return data + +- decoded_data = self._decode(data, decode_content, flush_decoder) ++ decoded_data = self._decode( ++ data, ++ decode_content, ++ flush_decoder, ++ max_length=amt - len(self._decoded_buffer), ++ ) + self._decoded_buffer.put(decoded_data) + + while len(self._decoded_buffer) < amt and data: +@@ -1006,7 +1178,12 @@ class HTTPResponse(BaseHTTPResponse): + # For example, the GZ file header takes 10 bytes, we don't want to read + # it one byte at a time + data = self._raw_read(amt) +- decoded_data = self._decode(data, decode_content, flush_decoder) ++ decoded_data = self._decode( ++ data, ++ decode_content, ++ flush_decoder, ++ max_length=amt - len(self._decoded_buffer), ++ ) + self._decoded_buffer.put(decoded_data) + data = self._decoded_buffer.get(amt) + +@@ -1041,6 +1218,20 @@ class HTTPResponse(BaseHTTPResponse): + "Calling read1(decode_content=False) is not supported after " + "read1(decode_content=True) was called." + ) ++ if ( ++ self._decoder ++ and self._decoder.has_unconsumed_tail ++ and (amt is None or len(self._decoded_buffer) < amt) ++ ): ++ decoded_data = self._decode( ++ b"", ++ decode_content, ++ flush_decoder=False, ++ max_length=( ++ amt - len(self._decoded_buffer) if amt is not None else None ++ ), ++ ) ++ self._decoded_buffer.put(decoded_data) + if len(self._decoded_buffer) > 0: + if amt is None: + return self._decoded_buffer.get_all() +@@ -1056,7 +1247,9 @@ class HTTPResponse(BaseHTTPResponse): + self._init_decoder() + while True: + flush_decoder = not data +- decoded_data = self._decode(data, decode_content, flush_decoder) ++ decoded_data = self._decode( ++ data, decode_content, flush_decoder, max_length=amt ++ ) + self._decoded_buffer.put(decoded_data) + if decoded_data or flush_decoder: + break +@@ -1087,7 +1280,11 @@ class HTTPResponse(BaseHTTPResponse): + if self.chunked and self.supports_chunked_reads(): + yield from self.read_chunked(amt, decode_content=decode_content) + else: +- while not is_fp_closed(self._fp) or len(self._decoded_buffer) > 0: ++ while ( ++ not is_fp_closed(self._fp) ++ or len(self._decoded_buffer) > 0 ++ or (self._decoder and self._decoder.has_unconsumed_tail) ++ ): + data = self.read(amt=amt, decode_content=decode_content) + + if data: +@@ -1250,7 +1447,10 @@ class HTTPResponse(BaseHTTPResponse): + break + chunk = self._handle_chunk(amt) + decoded = self._decode( +- chunk, decode_content=decode_content, flush_decoder=False ++ chunk, ++ decode_content=decode_content, ++ flush_decoder=False, ++ max_length=amt, + ) + if decoded: + yield decoded +diff --git a/test/test_response.py b/test/test_response.py +index 9552689f..301b04ce 100644 +--- a/test/test_response.py ++++ b/test/test_response.py +@@ -1,6 +1,7 @@ + from __future__ import annotations + + import contextlib ++import gzip + import http.client as httplib + import socket + import ssl +@@ -43,6 +44,26 @@ def zstd_compress(data: bytes) -> bytes: + return zstd.compress(data) # type: ignore[no-any-return] + + ++def deflate2_compress(data: bytes) -> bytes: ++ compressor = zlib.compressobj(6, zlib.DEFLATED, -zlib.MAX_WBITS) ++ return compressor.compress(data) + compressor.flush() ++ ++ ++if brotli: ++ try: ++ brotli.Decompressor().process(b"", output_buffer_limit=1024) ++ _brotli_gte_1_2_0_available = True ++ except (AttributeError, TypeError): ++ _brotli_gte_1_2_0_available = False ++else: ++ _brotli_gte_1_2_0_available = False ++try: ++ zstd_compress(b"") ++ _zstd_available = True ++except ModuleNotFoundError: ++ _zstd_available = False ++ ++ + class TestBytesQueueBuffer: + def test_single_chunk(self) -> None: + buffer = BytesQueueBuffer() +@@ -118,12 +139,19 @@ class TestBytesQueueBuffer: + + assert len(get_func(buffer)) == 10 * 2**20 + ++ @pytest.mark.parametrize( ++ "get_func", ++ (lambda b: b.get(len(b)), lambda b: b.get_all()), ++ ids=("get", "get_all"), ++ ) + @pytest.mark.limit_memory("10.01 MB", current_thread_only=True) +- def test_get_all_memory_usage_single_chunk(self) -> None: ++ def test_memory_usage_single_chunk( ++ self, get_func: typing.Callable[[BytesQueueBuffer], bytes] ++ ) -> None: + buffer = BytesQueueBuffer() + chunk = bytes(10 * 2**20) # 10 MiB + buffer.put(chunk) +- assert buffer.get_all() is chunk ++ assert get_func(buffer) is chunk + + + # A known random (i.e, not-too-compressible) payload generated with: +@@ -426,7 +454,26 @@ class TestResponse: + assert r.data == b"foo" + + @onlyZstd() +- def test_decode_multiframe_zstd(self) -> None: ++ @pytest.mark.parametrize( ++ "read_amt", ++ ( ++ # Read all data at once. ++ None, ++ # Read one byte at a time, data of frames will be returned ++ # separately. ++ 1, ++ # Read two bytes at a time, the second read should return ++ # data from both frames. ++ 2, ++ # Read three bytes at a time, the whole frames will be ++ # returned separately in two calls. ++ 3, ++ # Read four bytes at a time, the first read should return ++ # data from the first frame and a part of the second frame. ++ 4, ++ ), ++ ) ++ def test_decode_multiframe_zstd(self, read_amt: int | None) -> None: + data = ( + # Zstandard frame + zstd_compress(b"foo") +@@ -441,8 +488,57 @@ class TestResponse: + ) + + fp = BytesIO(data) +- r = HTTPResponse(fp, headers={"content-encoding": "zstd"}) +- assert r.data == b"foobar" ++ result = bytearray() ++ r = HTTPResponse( ++ fp, headers={"content-encoding": "zstd"}, preload_content=False ++ ) ++ total_length = 6 ++ while len(result) < total_length: ++ chunk = r.read(read_amt, decode_content=True) ++ if read_amt is None: ++ assert len(chunk) == total_length ++ else: ++ assert len(chunk) == min(read_amt, total_length - len(result)) ++ result += chunk ++ assert bytes(result) == b"foobar" ++ ++ @onlyZstd() ++ def test_decode_multiframe_zstd_with_max_length_close_to_compressed_data_size( ++ self, ++ ) -> None: ++ """ ++ Test decoding when the first read from the socket returns all ++ the compressed frames, but then it has to be decompressed in a ++ couple of read calls. ++ """ ++ data = ( ++ # Zstandard frame ++ zstd_compress(b"x" * 1024) ++ # skippable frame (must be ignored) ++ + bytes.fromhex( ++ "50 2A 4D 18" # Magic_Number (little-endian) ++ "07 00 00 00" # Frame_Size (little-endian) ++ "00 00 00 00 00 00 00" # User_Data ++ ) ++ # Zstandard frame ++ + zstd_compress(b"y" * 1024) ++ ) ++ ++ fp = BytesIO(data) ++ r = HTTPResponse( ++ fp, headers={"content-encoding": "zstd"}, preload_content=False ++ ) ++ # Read the whole first frame. ++ assert r.read(1024) == b"x" * 1024 ++ assert len(r._decoded_buffer) == 0 ++ # Read the whole second frame in two reads. ++ assert r.read(512) == b"y" * 512 ++ assert len(r._decoded_buffer) == 0 ++ assert r.read(512) == b"y" * 512 ++ assert len(r._decoded_buffer) == 0 ++ # Ensure no more data is left. ++ assert r.read() == b"" ++ assert len(r._decoded_buffer) == 0 + + @onlyZstd() + def test_chunked_decoding_zstd(self) -> None: +@@ -535,6 +631,169 @@ class TestResponse: + decoded_data += part + assert decoded_data == data + ++ _test_compressor_params: list[ ++ tuple[str, tuple[str, typing.Callable[[bytes], bytes]] | None] ++ ] = [ ++ ("deflate1", ("deflate", zlib.compress)), ++ ("deflate2", ("deflate", deflate2_compress)), ++ ("gzip", ("gzip", gzip.compress)), ++ ] ++ if _brotli_gte_1_2_0_available: ++ _test_compressor_params.append(("brotli", ("br", brotli.compress))) ++ else: ++ _test_compressor_params.append(("brotli", None)) ++ if _zstd_available: ++ _test_compressor_params.append(("zstd", ("zstd", zstd_compress))) ++ else: ++ _test_compressor_params.append(("zstd", None)) ++ ++ @pytest.mark.parametrize("read_method", ("read", "read1")) ++ @pytest.mark.parametrize( ++ "data", ++ [d[1] for d in _test_compressor_params], ++ ids=[d[0] for d in _test_compressor_params], ++ ) ++ def test_read_with_all_data_already_in_decompressor( ++ self, ++ request: pytest.FixtureRequest, ++ read_method: str, ++ data: tuple[str, typing.Callable[[bytes], bytes]] | None, ++ ) -> None: ++ if data is None: ++ pytest.skip(f"Proper {request.node.callspec.id} decoder is not available") ++ original_data = b"bar" * 1000 ++ name, compress_func = data ++ compressed_data = compress_func(original_data) ++ fp = mock.Mock(read=mock.Mock(return_value=b"")) ++ r = HTTPResponse(fp, headers={"content-encoding": name}, preload_content=False) ++ # Put all data in the decompressor's buffer. ++ r._init_decoder() ++ assert r._decoder is not None # for mypy ++ decoded = r._decoder.decompress(compressed_data, max_length=0) ++ if name == "br": ++ # It's known that some Brotli libraries do not respect ++ # `max_length`. ++ r._decoded_buffer.put(decoded) ++ else: ++ assert decoded == b"" ++ # Read the data via `HTTPResponse`. ++ read = getattr(r, read_method) ++ assert read(0) == b"" ++ assert read(2500) == original_data[:2500] ++ assert read(500) == original_data[2500:] ++ assert read(0) == b"" ++ assert read() == b"" ++ ++ @pytest.mark.parametrize( ++ "delta", ++ ( ++ 0, # First read from socket returns all compressed data. ++ -1, # First read from socket returns all but one byte of compressed data. ++ ), ++ ) ++ @pytest.mark.parametrize("read_method", ("read", "read1")) ++ @pytest.mark.parametrize( ++ "data", ++ [d[1] for d in _test_compressor_params], ++ ids=[d[0] for d in _test_compressor_params], ++ ) ++ def test_decode_with_max_length_close_to_compressed_data_size( ++ self, ++ request: pytest.FixtureRequest, ++ delta: int, ++ read_method: str, ++ data: tuple[str, typing.Callable[[bytes], bytes]] | None, ++ ) -> None: ++ """ ++ Test decoding when the first read from the socket returns all or ++ almost all the compressed data, but then it has to be ++ decompressed in a couple of read calls. ++ """ ++ if data is None: ++ pytest.skip(f"Proper {request.node.callspec.id} decoder is not available") ++ ++ original_data = b"foo" * 1000 ++ name, compress_func = data ++ compressed_data = compress_func(original_data) ++ fp = BytesIO(compressed_data) ++ r = HTTPResponse(fp, headers={"content-encoding": name}, preload_content=False) ++ initial_limit = len(compressed_data) + delta ++ read = getattr(r, read_method) ++ initial_chunk = read(amt=initial_limit, decode_content=True) ++ assert len(initial_chunk) == initial_limit ++ assert ( ++ len(read(amt=len(original_data), decode_content=True)) ++ == len(original_data) - initial_limit ++ ) ++ ++ # Prepare 50 MB of compressed data outside of the test measuring ++ # memory usage. ++ _test_memory_usage_decode_with_max_length_params: list[ ++ tuple[str, tuple[str, bytes] | None] ++ ] = [ ++ ( ++ params[0], ++ (params[1][0], params[1][1](b"A" * (50 * 2**20))) if params[1] else None, ++ ) ++ for params in _test_compressor_params ++ ] ++ ++ @pytest.mark.parametrize( ++ "data", ++ [d[1] for d in _test_memory_usage_decode_with_max_length_params], ++ ids=[d[0] for d in _test_memory_usage_decode_with_max_length_params], ++ ) ++ @pytest.mark.parametrize("read_method", ("read", "read1", "read_chunked", "stream")) ++ # Decoders consume different amounts of memory during decompression. ++ # We set the 10 MB limit to ensure that the whole decompressed data ++ # is not stored unnecessarily. ++ # ++ # FYI, the following consumption was observed for the test with ++ # `read` on CPython 3.14.0: ++ # - deflate: 2.3 MiB ++ # - deflate2: 2.1 MiB ++ # - gzip: 2.1 MiB ++ # - brotli: ++ # - brotli v1.2.0: 9 MiB ++ # - brotlicffi v1.2.0.0: 6 MiB ++ # - brotlipy v0.7.0: 105.8 MiB ++ # - zstd: 4.5 MiB ++ @pytest.mark.limit_memory("10 MB", current_thread_only=True) ++ def test_memory_usage_decode_with_max_length( ++ self, ++ request: pytest.FixtureRequest, ++ read_method: str, ++ data: tuple[str, bytes] | None, ++ ) -> None: ++ if data is None: ++ pytest.skip(f"Proper {request.node.callspec.id} decoder is not available") ++ ++ name, compressed_data = data ++ limit = 1024 * 1024 # 1 MiB ++ if read_method in ("read_chunked", "stream"): ++ httplib_r = httplib.HTTPResponse(MockSock) # type: ignore[arg-type] ++ httplib_r.fp = MockChunkedEncodingResponse([compressed_data]) # type: ignore[assignment] ++ r = HTTPResponse( ++ httplib_r, ++ preload_content=False, ++ headers={"transfer-encoding": "chunked", "content-encoding": name}, ++ ) ++ next(getattr(r, read_method)(amt=limit, decode_content=True)) ++ else: ++ fp = BytesIO(compressed_data) ++ r = HTTPResponse( ++ fp, headers={"content-encoding": name}, preload_content=False ++ ) ++ getattr(r, read_method)(amt=limit, decode_content=True) ++ ++ # Check that the internal decoded buffer is empty unless brotli ++ # is used. ++ # Google's brotli library does not fully respect the output ++ # buffer limit: https://github.com/google/brotli/issues/1396 ++ # And unmaintained brotlipy cannot limit the output buffer size. ++ if name != "br" or brotli.__name__ == "brotlicffi": ++ assert len(r._decoded_buffer) == 0 ++ + def test_multi_decoding_deflate_deflate(self) -> None: + data = zlib.compress(zlib.compress(b"foo")) + +-- +2.51.2 + diff --git a/pkgs/development/python-modules/urllib3/default.nix b/pkgs/development/python-modules/urllib3/default.nix index ca51c00796914..09a9be4ef4c79 100644 --- a/pkgs/development/python-modules/urllib3/default.nix +++ b/pkgs/development/python-modules/urllib3/default.nix @@ -32,6 +32,13 @@ let hash = "sha256-P8R3M8fkGdS8P2s9wrT4kLt0OQajDVa6Slv6S7/5J2A="; }; + patches = [ + # https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 + ./CVE-2025-66471.patch + # https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 + ./CVE-2025-66418.patch + ]; + build-system = [ hatchling hatch-vcs diff --git a/pkgs/development/python-modules/uvloop/default.nix b/pkgs/development/python-modules/uvloop/default.nix index ed4c643c22455..8b1fd4ff32798 100644 --- a/pkgs/development/python-modules/uvloop/default.nix +++ b/pkgs/development/python-modules/uvloop/default.nix @@ -4,7 +4,6 @@ buildPythonPackage, pythonOlder, fetchFromGitHub, - fetchpatch, # build-system cython, @@ -70,6 +69,9 @@ buildPythonPackage rec { "tests/test_tcp.py::Test_AIO_TCP::test_create_connection_open_con_addr" # ConnectionAbortedError: SSL handshake is taking longer than 15.0 seconds "tests/test_tcp.py::Test_AIO_TCPSSL::test_create_connection_ssl_1" + # Fails randomly on hydra + # https://github.com/MagicStack/uvloop/issues/709 + "tests/test_process.py::TestAsyncio_AIO_Process::test_cancel_post_init" ] ++ lib.optionals (pythonOlder "3.11") [ "tests/test_tcp.py::Test_UV_TCPSSL::test_create_connection_ssl_failed_certificat" diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 70829aecb81ab..8b5be89bbafab 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -28,14 +28,14 @@ buildPythonPackage rec { pname = "werkzeug"; - version = "3.1.3"; + version = "3.1.4"; pyproject = true; disabled = pythonOlder "3.9"; src = fetchPypi { inherit pname version; - hash = "sha256-YHI86UXBkyhnl5DjKCzHWKpKYEDkuzMPU9MPpUbUR0Y="; + hash = "sha256-zTzZixuS3Dt7OZUDiCbGgJfcsW+bqmOr418g6v65/l4="; }; build-system = [ flit-core ]; diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 0096d2f8dffca..faaf7b2c01e24 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -126,6 +126,8 @@ let ]; teams = [ lib.teams.nix ]; + # FIXME: https://github.com/NixOS/nixpkgs/issues/476794 + patches_common = lib.optional (stdenv.system == "aarch64-darwin") ./patches/skip-nix-shell.patch; in lib.makeExtensible ( self: @@ -135,6 +137,7 @@ lib.makeExtensible ( version = "2.28.5"; hash = "sha256-oIfAHxO+BCtHXJXLHBnsKkGl1Pw+Uuq1PwNxl+lZ+Oc="; self_attribute_name = "nix_2_28"; + patches = patches_common; }; nixComponents_2_29 = nixDependencies.callPackage ./modular/packages.nix rec { @@ -151,45 +154,51 @@ lib.makeExtensible ( nix_2_29 = addTests "nix_2_29" self.nixComponents_2_29.nix-everything; - nixComponents_2_30 = nixDependencies.callPackage ./modular/packages.nix rec { - version = "2.30.3"; - inherit maintainers teams; - otherSplices = generateSplicesForNixComponents "nixComponents_2_30"; - src = fetchFromGitHub { - owner = "NixOS"; - repo = "nix"; - tag = version; - hash = "sha256-kBuwzMgIE9Tmve0Rpp+q+YCsE2mw9d62M/950ViWeJ0="; - }; - }; + nixComponents_2_30 = + (nixDependencies.callPackage ./modular/packages.nix rec { + version = "2.30.3"; + inherit maintainers teams; + otherSplices = generateSplicesForNixComponents "nixComponents_2_30"; + src = fetchFromGitHub { + owner = "NixOS"; + repo = "nix"; + tag = version; + hash = "sha256-kBuwzMgIE9Tmve0Rpp+q+YCsE2mw9d62M/950ViWeJ0="; + }; + }).appendPatches + patches_common; nix_2_30 = addTests "nix_2_30" self.nixComponents_2_30.nix-everything; - nixComponents_2_31 = nixDependencies.callPackage ./modular/packages.nix rec { - version = "2.31.2"; - inherit (self.nix_2_30.meta) maintainers teams; - otherSplices = generateSplicesForNixComponents "nixComponents_2_31"; - src = fetchFromGitHub { - owner = "NixOS"; - repo = "nix"; - tag = version; - hash = "sha256-NLGXPLjENLeKVOg3OZgHXZ+1x6sPIKq9FHH8pxbCrDI="; - }; - }; + nixComponents_2_31 = + (nixDependencies.callPackage ./modular/packages.nix rec { + version = "2.31.2"; + inherit (self.nix_2_30.meta) maintainers teams; + otherSplices = generateSplicesForNixComponents "nixComponents_2_31"; + src = fetchFromGitHub { + owner = "NixOS"; + repo = "nix"; + tag = version; + hash = "sha256-NLGXPLjENLeKVOg3OZgHXZ+1x6sPIKq9FHH8pxbCrDI="; + }; + }).appendPatches + patches_common; nix_2_31 = addTests "nix_2_31" self.nixComponents_2_31.nix-everything; - nixComponents_2_32 = nixDependencies.callPackage ./modular/packages.nix rec { - version = "2.32.4"; - inherit (self.nix_2_31.meta) maintainers teams; - otherSplices = generateSplicesForNixComponents "nixComponents_2_32"; - src = fetchFromGitHub { - owner = "NixOS"; - repo = "nix"; - tag = version; - hash = "sha256-8QYnRyGOTm3h/Dp8I6HCmQzlO7C009Odqyp28pTWgcY="; - }; - }; + nixComponents_2_32 = + (nixDependencies.callPackage ./modular/packages.nix rec { + version = "2.32.4"; + inherit (self.nix_2_31.meta) maintainers teams; + otherSplices = generateSplicesForNixComponents "nixComponents_2_32"; + src = fetchFromGitHub { + owner = "NixOS"; + repo = "nix"; + tag = version; + hash = "sha256-8QYnRyGOTm3h/Dp8I6HCmQzlO7C009Odqyp28pTWgcY="; + }; + }).appendPatches + patches_common; nix_2_32 = addTests "nix_2_32" self.nixComponents_2_32.nix-everything; diff --git a/pkgs/tools/package-management/nix/patches/skip-nix-shell.patch b/pkgs/tools/package-management/nix/patches/skip-nix-shell.patch new file mode 100644 index 0000000000000..1a54a291bf357 --- /dev/null +++ b/pkgs/tools/package-management/nix/patches/skip-nix-shell.patch @@ -0,0 +1,5 @@ +--- a/tests/functional/meson.build ++++ b/tests/functional/meson.build +@@ -90 +90 @@ suites = [ +- 'nix-shell.sh', ++ #'nix-shell.sh', diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix index a681ff46aef86..3a39749b5a1c5 100644 --- a/pkgs/tools/text/diffutils/default.nix +++ b/pkgs/tools/text/diffutils/default.nix @@ -44,8 +44,14 @@ stdenv.mkDerivation rec { # Disable stack-related gnulib tests on x86_64-darwin because they have problems running under # Rosetta 2: test-c-stack hangs, test-sigsegv-catch-stackoverflow and test-sigaction fail. + # Disable all gnulib tests when building on Darwin due to test-nl_langinfo-mt failure + # known by upstream https://www.mail-archive.com/bug-gnulib@gnu.org/msg50806.html postPatch = - if + if stdenv.buildPlatform.isDarwin then + '' + sed -i 's:gnulib-tests::g' Makefile.in + '' + else if ((stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) || (stdenv.hostPlatform.isAarch32)) then '' diff --git a/pkgs/tools/text/gnugrep/default.nix b/pkgs/tools/text/gnugrep/default.nix index b0f1cbc803c9b..71b06d4273f35 100644 --- a/pkgs/tools/text/gnugrep/default.nix +++ b/pkgs/tools/text/gnugrep/default.nix @@ -38,8 +38,9 @@ stdenv.mkDerivation { # Some gnulib tests fail # - on Musl: https://github.com/NixOS/nixpkgs/pull/228714 # - on x86_64-darwin: https://github.com/NixOS/nixpkgs/pull/228714#issuecomment-1576826330 + # - when building on Darwin (cross-compilation): test-nl_langinfo-mt fails postPatch = - if stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) then + if stdenv.hostPlatform.isMusl || stdenv.buildPlatform.isDarwin then '' sed -i 's:gnulib-tests::g' Makefile.in '' diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index eef2e04eae502..bee3aedabbf53 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -752,6 +752,7 @@ mapAliases { jdk23_headless = throw "OpenJDK 23 was removed as it has reached its end of life"; # Added 2025-11-04 jdk24 = throw "OpenJDK 24 was removed as it has reached its end of life"; # Added 2025-10-04 jdk24_headless = throw "OpenJDK 24 was removed as it has reached its end of life"; # Added 2025-10-04 + jellyfin-media-player = jellyfin-desktop; # Added 2025-12-14 jesec-rtorrent = throw "'jesec-rtorrent' has been removed due to lack of maintenance upstream."; # Added 2025-11-20 jikespg = throw "'jikespg' has been removed due to lack of maintenance upstream."; # Added 2025-06-10 jing = jing-trang; # Added 2025-09-18 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 46264b0590608..431592ab74c65 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2083,7 +2083,7 @@ with pkgs; intensity-normalization = with python3Packages; toPythonApplication intensity-normalization; - jellyfin-media-player = kdePackages.callPackage ../applications/video/jellyfin-media-player { }; + jellyfin-desktop = kdePackages.callPackage ../applications/video/jellyfin-desktop { }; jellyfin-mpv-shim = python3Packages.callPackage ../applications/video/jellyfin-mpv-shim { };