From 0ea54d925fb94d3d0b1661d7de8eac0bcd30c233 Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Mon, 26 Aug 2024 13:18:40 +0200 Subject: [PATCH 1/2] Update nixpkgs (2024-08-28) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pull upstream NixOS changes, security fixes and package updates: - asterisk: 20.9.1 -> 20.9.2 - bash: 5.2p26 -> 5.2p32 - chromedriver: 127.0.6533.99 -> 128.0.6613.84 - chromium: 127.0.6533.99 -> 128.0.6613.84 - curl: fix CVE-2024-6197 - dovecot: 2.3.21 -> 2.3.21.1 (CVE-2024-23184, CVE-2024-23185) - element-web: 1.11.73 -> 1.11.75 - github-runner: 2.319.0 -> 2.319.1 - gitlab: 17.1.3 -> 17.2.4 - go: 1.22.5 -> 1.22.6 - grafana: 10.4.6 -> 10.4.7 (CVE-2024-6837) - k3s: 1.30.2+k3s2 -> 1.30.3+k3s1 - linux: 5.15.164 -> 5.15.165 - mastodon: 4.2.10 -> 4.2.12 - matrix-synapse: 1.112.0 -> 1.113.0 - mysql80: 8.0.37 -> 8.0.39 - nginx: 1.26.1 -> 1.26.2 - openldap: 2.6.7 -> 2.6.8 - openvpn: 2.6.10 -> 2.6.12 - postgresql_12: 12.19 -> 12.20 (CVE-2024-7348) - postgresql_13: 13.15 -> 13.16 - postgresql_14: 14.12 -> 14.13 - postgresql_15: 15.7 -> 15.8 - postgresql_16: 16.3 -> 16.4 - webkitgtk: 2.44.2 → 2.44.3 - wget: add patch for CVE-2024-38428 PL-132940 --- flake.lock | 6 +- release/package-versions.json | 140 +++++++++++++++++----------------- release/versions.json | 4 +- 3 files changed, 75 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index de64ce520..ccdbe75d8 100644 --- a/flake.lock +++ b/flake.lock @@ -410,11 +410,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1723534182, - "narHash": "sha256-tE+xUiePq4vT/XUVYyIHD/GLabdj6uSTZ8jwkgbCGUM=", + "lastModified": 1724858933, + "narHash": "sha256-F/S6sVz00ljxgPAu9C6r7BbkmfkLy0KihEdvRCobFTY=", "owner": "flyingcircusio", "repo": "nixpkgs", - "rev": "67385d65beeb877876792d396dc979f132fb2fe1", + "rev": "ac9a8c52e1e69847cef1d41c9661034dc3909149", "type": "github" }, "original": { diff --git a/release/package-versions.json b/release/package-versions.json index 7112520b6..fac776f59 100644 --- a/release/package-versions.json +++ b/release/package-versions.json @@ -10,9 +10,9 @@ "version": "2.4.62" }, "asterisk": { - "name": "asterisk-20.9.1", + "name": "asterisk-20.9.2", "pname": "asterisk", - "version": "20.9.1" + "version": "20.9.2" }, "auditbeat7-oss": { "name": "auditbeat-oss-7.17.16", @@ -35,9 +35,9 @@ "version": "2.15.43" }, "bash": { - "name": "bash-5.2p26", + "name": "bash-5.2p32", "pname": "bash", - "version": "5.2p26" + "version": "5.2p32" }, "bind": { "name": "bind-9.18.28", @@ -65,19 +65,19 @@ "version": "7.10.0" }, "ceph": { - "name": "ceph-18.2.1", + "name": "ceph-18.2.4", "pname": "ceph", - "version": "18.2.1" + "version": "18.2.4" }, "chromedriver": { - "name": "chromedriver-127.0.6533.99", + "name": "chromedriver-128.0.6613.84", "pname": "chromedriver", - "version": "127.0.6533.99" + "version": "128.0.6613.84" }, "chromium": { - "name": "chromium-127.0.6533.99", + "name": "chromium-128.0.6613.84", "pname": "chromium", - "version": "127.0.6533.99" + "version": "128.0.6613.84" }, "cifs-utils": { "name": "cifs-utils-7.0", @@ -150,14 +150,14 @@ "version": "2.27.0" }, "dovecot": { - "name": "dovecot-2.3.21", + "name": "dovecot-2.3.21.1", "pname": "dovecot", - "version": "2.3.21" + "version": "2.3.21.1" }, "element-web": { - "name": "element-web-1.11.73", + "name": "element-web-1.11.75", "pname": "element-web", - "version": "1.11.73" + "version": "1.11.75" }, "erlang": { "name": "erlang-25.3.2.12", @@ -190,9 +190,9 @@ "version": "7.17.16" }, "firefox": { - "name": "firefox-129.0", + "name": "firefox-129.0.2", "pname": "firefox", - "version": "129.0" + "version": "129.0.2" }, "gcc": { "name": "gcc-wrapper-13.2.0", @@ -220,34 +220,34 @@ "version": "2.44.1" }, "gitaly": { - "name": "gitaly-17.1.3", + "name": "gitaly-17.2.4", "pname": "gitaly", - "version": "17.1.3" + "version": "17.2.4" }, "github-runner": { - "name": "github-runner-2.319.0", + "name": "github-runner-2.319.1", "pname": "github-runner", - "version": "2.319.0" + "version": "2.319.1" }, "gitlab": { - "name": "gitlab-17.1.3", + "name": "gitlab-17.2.4", "pname": "gitlab", - "version": "17.1.3" + "version": "17.2.4" }, "gitlab-container-registry": { - "name": "gitlab-container-registry-4.6.0", + "name": "gitlab-container-registry-4.7.0", "pname": "gitlab-container-registry", - "version": "4.6.0" + "version": "4.7.0" }, "gitlab-ee": { - "name": "gitlab-ee-17.1.3", + "name": "gitlab-ee-17.2.4", "pname": "gitlab-ee", - "version": "17.1.3" + "version": "17.2.4" }, "gitlab-pages": { - "name": "gitlab-pages-17.1.3", + "name": "gitlab-pages-17.2.4", "pname": "gitlab-pages", - "version": "17.1.3" + "version": "17.2.4" }, "gitlab-runner": { "name": "gitlab-runner-17.1.0", @@ -255,9 +255,9 @@ "version": "17.1.0" }, "gitlab-workhorse": { - "name": "gitlab-workhorse-17.1.3", + "name": "gitlab-workhorse-17.2.4", "pname": "gitlab-workhorse", - "version": "17.1.3" + "version": "17.2.4" }, "glibc": { "name": "glibc-2.39-52", @@ -275,16 +275,16 @@ "version": "2.4.5" }, "go": { - "name": "go-1.22.5", + "name": "go-1.22.6", "pname": "go", - "version": "1.22.5" + "version": "1.22.6" }, "go_1_19": {}, "go_1_20": {}, "grafana": { - "name": "grafana-10.4.6", + "name": "grafana-10.4.7", "pname": "grafana", - "version": "10.4.6" + "version": "10.4.7" }, "grub2": { "name": "grub-2.12", @@ -357,9 +357,9 @@ "version": "21.0.3+9" }, "k3s": { - "name": "k3s-1.30.2+k3s2", + "name": "k3s-1.30.3+k3s1", "pname": "k3s", - "version": "1.30.2+k3s2" + "version": "1.30.3+k3s1" }, "k3s_1_27": { "name": "k3s-1.27.14+k3s1", @@ -367,9 +367,9 @@ "version": "1.27.14+k3s1" }, "k3s_1_30": { - "name": "k3s-1.30.2+k3s2", + "name": "k3s-1.30.3+k3s1", "pname": "k3s", - "version": "1.30.2+k3s2" + "version": "1.30.3+k3s1" }, "keycloak": { "name": "keycloak-24.0.5", @@ -437,9 +437,9 @@ "version": "0.2.5" }, "linux_5_15": { - "name": "linux-5.15.164", + "name": "linux-5.15.165", "pname": "linux", - "version": "5.15.164" + "version": "5.15.165" }, "logrotate": { "name": "logrotate-3.21.0", @@ -467,9 +467,9 @@ "version": "3.3.5" }, "mastodon": { - "name": "mastodon-4.2.10", + "name": "mastodon-4.2.12", "pname": "mastodon", - "version": "4.2.10" + "version": "4.2.12" }, "matomo": { "name": "matomo-4.16.1", @@ -482,9 +482,9 @@ "version": "5.0.2" }, "matrix-synapse": { - "name": "matrix-synapse-wrapped-1.112.0", + "name": "matrix-synapse-wrapped-1.113.0", "pname": "matrix-synapse-wrapped", - "version": "1.112.0" + "version": "1.113.0" }, "mcpp": { "name": "mcpp-2.7.2.1", @@ -522,9 +522,9 @@ "version": "10.11.8" }, "mysql80": { - "name": "mysql-8.0.37", + "name": "mysql-8.0.39", "pname": "mysql", - "version": "8.0.37" + "version": "8.0.39" }, "nfs-utils": { "name": "nfs-utils-2.6.2", @@ -532,19 +532,19 @@ "version": "2.6.2" }, "nginx": { - "name": "nginx-1.26.1", + "name": "nginx-1.26.2", "pname": "nginx", - "version": "1.26.1" + "version": "1.26.2" }, "nginxMainline": { - "name": "nginx-1.27.0", + "name": "nginx-1.27.1", "pname": "nginx", - "version": "1.27.0" + "version": "1.27.1" }, "nginxStable": { - "name": "nginx-1.26.1", + "name": "nginx-1.26.2", "pname": "nginx", - "version": "1.26.1" + "version": "1.26.2" }, "nix": { "name": "nix-2.18.5", @@ -592,9 +592,9 @@ "version": "2.5.2" }, "openldap": { - "name": "openldap-2.6.7", + "name": "openldap-2.6.8", "pname": "openldap", - "version": "2.6.7" + "version": "2.6.8" }, "openldap_2_4": { "name": "openldap-2.4.58", @@ -632,9 +632,9 @@ "version": "3.0.14" }, "openvpn": { - "name": "openvpn-2.6.10", + "name": "openvpn-2.6.12", "pname": "openvpn", - "version": "2.6.10" + "version": "2.6.12" }, "pcre": { "name": "pcre-8.45", @@ -767,34 +767,34 @@ "version": "3.9.0" }, "postgresql": { - "name": "postgresql-15.7", + "name": "postgresql-15.8", "pname": "postgresql", - "version": "15.7" + "version": "15.8" }, "postgresql_12": { - "name": "postgresql-12.19", + "name": "postgresql-12.20", "pname": "postgresql", - "version": "12.19" + "version": "12.20" }, "postgresql_13": { - "name": "postgresql-13.15", + "name": "postgresql-13.16", "pname": "postgresql", - "version": "13.15" + "version": "13.16" }, "postgresql_14": { - "name": "postgresql-14.12", + "name": "postgresql-14.13", "pname": "postgresql", - "version": "14.12" + "version": "14.13" }, "postgresql_15": { - "name": "postgresql-15.7", + "name": "postgresql-15.8", "pname": "postgresql", - "version": "15.7" + "version": "15.8" }, "postgresql_16": { - "name": "postgresql-16.3", + "name": "postgresql-16.4", "pname": "postgresql", - "version": "16.3" + "version": "16.4" }, "powerdns": { "name": "pdns-4.9.1", @@ -1059,9 +1059,9 @@ "version": "9.1.0377" }, "webkitgtk": { - "name": "webkitgtk-2.44.2+abi=4.0", + "name": "webkitgtk-2.44.3+abi=4.0", "pname": "webkitgtk", - "version": "2.44.2" + "version": "2.44.3" }, "wget": { "name": "wget-1.21.4", diff --git a/release/versions.json b/release/versions.json index d8777fe10..2e7859f97 100644 --- a/release/versions.json +++ b/release/versions.json @@ -8,9 +8,9 @@ "url": "https://gitlab.flyingcircus.io/flyingcircus/nixos-mailserver.git/" }, "nixpkgs": { - "hash": "sha256-tE+xUiePq4vT/XUVYyIHD/GLabdj6uSTZ8jwkgbCGUM=", + "hash": "sha256-F/S6sVz00ljxgPAu9C6r7BbkmfkLy0KihEdvRCobFTY=", "owner": "flyingcircusio", "repo": "nixpkgs", - "rev": "67385d65beeb877876792d396dc979f132fb2fe1" + "rev": "ac9a8c52e1e69847cef1d41c9661034dc3909149" } } From 6b886b69b4833440bc25f45c6f8e9484ce6932a9 Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Thu, 29 Aug 2024 10:21:16 +0200 Subject: [PATCH 2/2] Fix rich-cli build failure, add to important packages Building it with updated dependencies (they are pinned to older versions in the upstream package) works. PL-132940 --- pkgs/overlay.nix | 10 ++++++++++ release/important_packages.json | 2 ++ 2 files changed, 12 insertions(+) diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 103869b5e..6f84a1429 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -390,6 +390,16 @@ builtins.mapAttrs (_: patchPhps phpLogPermissionPatch) { rabbitmq-server_3_8 = super.rabbitmq-server; + rich-cli = super.rich-cli.overridePythonAttrs (prev: { + propagatedBuildInputs = with self.python3Packages; [ + rich + click + requests + textual + rich-rst + ]; + }); + # Ruby 2.7 is EOL but we still need it for Sensu until Aramaki takes over ;) #ruby_2_7 = getClosureFromStore /nix/store/qqc6v89xn0g2w123wx85blkpc4pz2ags-ruby-2.7.8; diff --git a/release/important_packages.json b/release/important_packages.json index efa73b65e..a1e1ff8d8 100644 --- a/release/important_packages.json +++ b/release/important_packages.json @@ -181,6 +181,7 @@ "python3Packages.pyyaml", "python3Packages.requests", "python3Packages.rich", + "python3Packages.rich-rst", "python3Packages.structlog", "python3Packages.supervisor", "python3Packages.urllib3", @@ -189,6 +190,7 @@ "rabbitmq-server_3_8", "re2c", "redis", + "rich-cli", "roundcube", "rsync", "ruby",