Loading pkgs/data/misc/cacert/default.nix +9 −17 Original line number Diff line number Diff line { lib , stdenv , writeText , fetchurl , fetchFromGitHub , buildcatrust , blacklist ? [] , extraCertificateFiles ? [] Loading @@ -17,20 +17,10 @@ }: let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" (blacklist ++ [ # Mozilla does not trust new certificates issued by these CAs after 2022/11/30¹ # in their products, but unfortunately we don't have such a fine-grained # solution for most system packages², so we decided to eject these. # # [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ # [2] https://utcc.utoronto.ca/~cks/space/blog/linux/CARootStoreTrustProblem "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ])); blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); srcVersion = "3.92"; srcVersion = "3.95"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; Loading @@ -43,9 +33,11 @@ let pname = "nss-cacert-certdata"; inherit version; src = if nssOverride != null then nssOverride.src else fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz"; hash = "sha256-PbGS1uiCA5rwKufq8yF+0RS7etg0FMZGdyq4Ah4kolQ="; src = if nssOverride != null then nssOverride.src else fetchFromGitHub { owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; }; dontBuild = true; Loading @@ -54,7 +46,7 @@ let runHook preInstall mkdir $out cp nss/lib/ckfw/builtins/certdata.txt $out cp lib/ckfw/builtins/certdata.txt $out runHook postInstall ''; Loading pkgs/development/libraries/gnutls/default.nix +3 −9 Original line number Diff line number Diff line { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip , perl, gmp, autoconf, automake, libidn2, libiconv , fetchpatch, texinfo , texinfo , unbound, dns-root-data, gettext, util-linux , cxxBindings ? !stdenv.hostPlatform.isStatic # tries to link libstdc++.so , tpmSupport ? false, trousers, which, nettools, libunistring Loading Loading @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; version = "3.8.1"; version = "3.8.2"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; hash = "sha256-uoueFa4gq6iPRGYZePW1hjSUMW/n5yLt6dBp/mKUgpw="; hash = "sha256-52XlAW/6m53SQ+NjoEYNV3B0RE7iSRJn2y6WycKt73c="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; Loading @@ -48,12 +48,6 @@ stdenv.mkDerivation rec { outputDoc = "devdoc"; patches = [ (fetchpatch { #TODO: when updating drop this patch and texinfo name = "GNUTLS_NO_EXTENSIONS.patch"; url = "https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2.diff"; hash = "sha256-3M5WdNoVx9gUwTUPgu/sXmsaNg+j5d6liXs0UZz8fGU="; }) ./nix-ssl-cert-file.patch ]; Loading pkgs/development/libraries/gstreamer/bad/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -109,13 +109,13 @@ stdenv.mkDerivation rec { pname = "gst-plugins-bad"; version = "1.22.6"; version = "1.22.7"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-tAKc0pCKCJxV8dkCpWXQB0lclbFELYOEhdxH+xLfcTc="; hash = "sha256-xxb43/qPrD+2RpQa8cbscv/wWgRRMTEb8tBJ/ch7zi4="; }; patches = [ Loading pkgs/development/libraries/gstreamer/base/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -45,7 +45,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gst-plugins-base"; version = "1.22.6"; version = "1.22.7"; outputs = [ "out" "dev" ]; Loading @@ -53,7 +53,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-UPK00XwC7v5DC776jFzRNLG+eKU8D2DpURNtls9J/Us="; hash = "sha256-YlGeDY+Wnr9iqaeZby0j792jMCF6Y19KMsC/HHFXdGg="; }; strictDeps = true; Loading pkgs/development/libraries/gstreamer/core/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gstreamer"; version = "1.22.6"; version = "1.22.7"; outputs = [ "bin" Loading @@ -36,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-9QDmz93/VZCPk3cR/CaghA3iih6exJYhwLbxrb2PgY4="; hash = "sha256-AeQsY1Kga9+kRW5ksGq32YxcSHolVXx2FVRjHL2mQhc="; }; depsBuildBuild = [ Loading Loading
pkgs/data/misc/cacert/default.nix +9 −17 Original line number Diff line number Diff line { lib , stdenv , writeText , fetchurl , fetchFromGitHub , buildcatrust , blacklist ? [] , extraCertificateFiles ? [] Loading @@ -17,20 +17,10 @@ }: let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" (blacklist ++ [ # Mozilla does not trust new certificates issued by these CAs after 2022/11/30¹ # in their products, but unfortunately we don't have such a fine-grained # solution for most system packages², so we decided to eject these. # # [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ # [2] https://utcc.utoronto.ca/~cks/space/blog/linux/CARootStoreTrustProblem "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ])); blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); srcVersion = "3.92"; srcVersion = "3.95"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; Loading @@ -43,9 +33,11 @@ let pname = "nss-cacert-certdata"; inherit version; src = if nssOverride != null then nssOverride.src else fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz"; hash = "sha256-PbGS1uiCA5rwKufq8yF+0RS7etg0FMZGdyq4Ah4kolQ="; src = if nssOverride != null then nssOverride.src else fetchFromGitHub { owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; }; dontBuild = true; Loading @@ -54,7 +46,7 @@ let runHook preInstall mkdir $out cp nss/lib/ckfw/builtins/certdata.txt $out cp lib/ckfw/builtins/certdata.txt $out runHook postInstall ''; Loading
pkgs/development/libraries/gnutls/default.nix +3 −9 Original line number Diff line number Diff line { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip , perl, gmp, autoconf, automake, libidn2, libiconv , fetchpatch, texinfo , texinfo , unbound, dns-root-data, gettext, util-linux , cxxBindings ? !stdenv.hostPlatform.isStatic # tries to link libstdc++.so , tpmSupport ? false, trousers, which, nettools, libunistring Loading Loading @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; version = "3.8.1"; version = "3.8.2"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; hash = "sha256-uoueFa4gq6iPRGYZePW1hjSUMW/n5yLt6dBp/mKUgpw="; hash = "sha256-52XlAW/6m53SQ+NjoEYNV3B0RE7iSRJn2y6WycKt73c="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; Loading @@ -48,12 +48,6 @@ stdenv.mkDerivation rec { outputDoc = "devdoc"; patches = [ (fetchpatch { #TODO: when updating drop this patch and texinfo name = "GNUTLS_NO_EXTENSIONS.patch"; url = "https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2.diff"; hash = "sha256-3M5WdNoVx9gUwTUPgu/sXmsaNg+j5d6liXs0UZz8fGU="; }) ./nix-ssl-cert-file.patch ]; Loading
pkgs/development/libraries/gstreamer/bad/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -109,13 +109,13 @@ stdenv.mkDerivation rec { pname = "gst-plugins-bad"; version = "1.22.6"; version = "1.22.7"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-tAKc0pCKCJxV8dkCpWXQB0lclbFELYOEhdxH+xLfcTc="; hash = "sha256-xxb43/qPrD+2RpQa8cbscv/wWgRRMTEb8tBJ/ch7zi4="; }; patches = [ Loading
pkgs/development/libraries/gstreamer/base/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -45,7 +45,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gst-plugins-base"; version = "1.22.6"; version = "1.22.7"; outputs = [ "out" "dev" ]; Loading @@ -53,7 +53,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-UPK00XwC7v5DC776jFzRNLG+eKU8D2DpURNtls9J/Us="; hash = "sha256-YlGeDY+Wnr9iqaeZby0j792jMCF6Y19KMsC/HHFXdGg="; }; strictDeps = true; Loading
pkgs/development/libraries/gstreamer/core/default.nix +2 −2 Original line number Diff line number Diff line Loading @@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "gstreamer"; version = "1.22.6"; version = "1.22.7"; outputs = [ "bin" Loading @@ -36,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { inherit (finalAttrs) pname version; in fetchurl { url = "https://gstreamer.freedesktop.org/src/${pname}/${pname}-${version}.tar.xz"; hash = "sha256-9QDmz93/VZCPk3cR/CaghA3iih6exJYhwLbxrb2PgY4="; hash = "sha256-AeQsY1Kga9+kRW5ksGq32YxcSHolVXx2FVRjHL2mQhc="; }; depsBuildBuild = [ Loading
