Loading pkgs/data/misc/cacert/default.nix +9 −17 Original line number Diff line number Diff line { lib , stdenv , writeText , fetchurl , fetchFromGitHub , buildcatrust , blacklist ? [] , extraCertificateFiles ? [] Loading @@ -17,20 +17,10 @@ }: let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" (blacklist ++ [ # Mozilla does not trust new certificates issued by these CAs after 2022/11/30¹ # in their products, but unfortunately we don't have such a fine-grained # solution for most system packages², so we decided to eject these. # # [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ # [2] https://utcc.utoronto.ca/~cks/space/blog/linux/CARootStoreTrustProblem "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ])); blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); srcVersion = "3.92"; srcVersion = "3.95"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; Loading @@ -43,9 +33,11 @@ let pname = "nss-cacert-certdata"; inherit version; src = if nssOverride != null then nssOverride.src else fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz"; hash = "sha256-PbGS1uiCA5rwKufq8yF+0RS7etg0FMZGdyq4Ah4kolQ="; src = if nssOverride != null then nssOverride.src else fetchFromGitHub { owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; }; dontBuild = true; Loading @@ -54,7 +46,7 @@ let runHook preInstall mkdir $out cp nss/lib/ckfw/builtins/certdata.txt $out cp lib/ckfw/builtins/certdata.txt $out runHook postInstall ''; Loading pkgs/development/libraries/gnutls/default.nix +3 −9 Original line number Diff line number Diff line { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip , perl, gmp, autoconf, automake, libidn2, libiconv , fetchpatch, texinfo , texinfo , unbound, dns-root-data, gettext, util-linux , cxxBindings ? !stdenv.hostPlatform.isStatic # tries to link libstdc++.so , tpmSupport ? false, trousers, which, nettools, libunistring Loading Loading @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; version = "3.8.1"; version = "3.8.2"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; hash = "sha256-uoueFa4gq6iPRGYZePW1hjSUMW/n5yLt6dBp/mKUgpw="; hash = "sha256-52XlAW/6m53SQ+NjoEYNV3B0RE7iSRJn2y6WycKt73c="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; Loading @@ -48,12 +48,6 @@ stdenv.mkDerivation rec { outputDoc = "devdoc"; patches = [ (fetchpatch { #TODO: when updating drop this patch and texinfo name = "GNUTLS_NO_EXTENSIONS.patch"; url = "https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2.diff"; hash = "sha256-3M5WdNoVx9gUwTUPgu/sXmsaNg+j5d6liXs0UZz8fGU="; }) ./nix-ssl-cert-file.patch ]; Loading pkgs/development/libraries/gstreamer/good/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ , libgudev , wavpack , glib , openssl # Checks meson.is_cross_build(), so even canExecute isn't enough. , enableDocumentation ? stdenv.hostPlatform == stdenv.buildPlatform, hotdoc }: Loading Loading @@ -109,6 +110,7 @@ stdenv.mkDerivation rec { libintl ncurses wavpack openssl ] ++ lib.optionals raspiCameraSupport [ libraspberrypi ] ++ lib.optionals enableX11 [ Loading pkgs/development/libraries/libglvnd/default.nix +11 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitLab , fetchpatch , autoreconfHook, pkg-config, python3, addOpenGLRunpath , libX11, libXext, xorgproto }: Loading @@ -15,6 +16,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-2U9JtpGyP4lbxtVJeP5GUgh5XthloPvFIw28+nldYx8="; }; patches = [ # Enable 64-bit file APIs on 32-bit systems: # https://gitlab.freedesktop.org/glvnd/libglvnd/-/merge_requests/288 (fetchpatch { name = "large-file.patch"; url = "https://gitlab.freedesktop.org/glvnd/libglvnd/-/commit/956d2d3f531841cabfeddd940be4c48b00c226b4.patch"; hash = "sha256-Y6YCzd/jZ1VZP9bFlHkHjzSwShXeA7iJWdyfxpgT2l0="; }) ]; nativeBuildInputs = [ autoreconfHook pkg-config python3 addOpenGLRunpath ]; buildInputs = [ libX11 libXext xorgproto ]; Loading pkgs/development/libraries/nss/esr.nix +1 −1 Original line number Diff line number Diff line import ./generic.nix { version = "3.90"; hash = "sha256-ms1lNMQdjq0Z/Kb8s//+0vnwnEN8PXn+5qTuZoqqk7Y="; hash = "sha256-ZEG6ZcEymQ8Yw02ziT2LFWuvwZ1rRuT93rRHGYM22yQ="; } Loading
pkgs/data/misc/cacert/default.nix +9 −17 Original line number Diff line number Diff line { lib , stdenv , writeText , fetchurl , fetchFromGitHub , buildcatrust , blacklist ? [] , extraCertificateFiles ? [] Loading @@ -17,20 +17,10 @@ }: let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" (blacklist ++ [ # Mozilla does not trust new certificates issued by these CAs after 2022/11/30¹ # in their products, but unfortunately we don't have such a fine-grained # solution for most system packages², so we decided to eject these. # # [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ # [2] https://utcc.utoronto.ca/~cks/space/blog/linux/CARootStoreTrustProblem "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ])); blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); srcVersion = "3.92"; srcVersion = "3.95"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; Loading @@ -43,9 +33,11 @@ let pname = "nss-cacert-certdata"; inherit version; src = if nssOverride != null then nssOverride.src else fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz"; hash = "sha256-PbGS1uiCA5rwKufq8yF+0RS7etg0FMZGdyq4Ah4kolQ="; src = if nssOverride != null then nssOverride.src else fetchFromGitHub { owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; }; dontBuild = true; Loading @@ -54,7 +46,7 @@ let runHook preInstall mkdir $out cp nss/lib/ckfw/builtins/certdata.txt $out cp lib/ckfw/builtins/certdata.txt $out runHook postInstall ''; Loading
pkgs/development/libraries/gnutls/default.nix +3 −9 Original line number Diff line number Diff line { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip , perl, gmp, autoconf, automake, libidn2, libiconv , fetchpatch, texinfo , texinfo , unbound, dns-root-data, gettext, util-linux , cxxBindings ? !stdenv.hostPlatform.isStatic # tries to link libstdc++.so , tpmSupport ? false, trousers, which, nettools, libunistring Loading Loading @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; version = "3.8.1"; version = "3.8.2"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; hash = "sha256-uoueFa4gq6iPRGYZePW1hjSUMW/n5yLt6dBp/mKUgpw="; hash = "sha256-52XlAW/6m53SQ+NjoEYNV3B0RE7iSRJn2y6WycKt73c="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; Loading @@ -48,12 +48,6 @@ stdenv.mkDerivation rec { outputDoc = "devdoc"; patches = [ (fetchpatch { #TODO: when updating drop this patch and texinfo name = "GNUTLS_NO_EXTENSIONS.patch"; url = "https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2.diff"; hash = "sha256-3M5WdNoVx9gUwTUPgu/sXmsaNg+j5d6liXs0UZz8fGU="; }) ./nix-ssl-cert-file.patch ]; Loading
pkgs/development/libraries/gstreamer/good/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ , libgudev , wavpack , glib , openssl # Checks meson.is_cross_build(), so even canExecute isn't enough. , enableDocumentation ? stdenv.hostPlatform == stdenv.buildPlatform, hotdoc }: Loading Loading @@ -109,6 +110,7 @@ stdenv.mkDerivation rec { libintl ncurses wavpack openssl ] ++ lib.optionals raspiCameraSupport [ libraspberrypi ] ++ lib.optionals enableX11 [ Loading
pkgs/development/libraries/libglvnd/default.nix +11 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitLab , fetchpatch , autoreconfHook, pkg-config, python3, addOpenGLRunpath , libX11, libXext, xorgproto }: Loading @@ -15,6 +16,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-2U9JtpGyP4lbxtVJeP5GUgh5XthloPvFIw28+nldYx8="; }; patches = [ # Enable 64-bit file APIs on 32-bit systems: # https://gitlab.freedesktop.org/glvnd/libglvnd/-/merge_requests/288 (fetchpatch { name = "large-file.patch"; url = "https://gitlab.freedesktop.org/glvnd/libglvnd/-/commit/956d2d3f531841cabfeddd940be4c48b00c226b4.patch"; hash = "sha256-Y6YCzd/jZ1VZP9bFlHkHjzSwShXeA7iJWdyfxpgT2l0="; }) ]; nativeBuildInputs = [ autoreconfHook pkg-config python3 addOpenGLRunpath ]; buildInputs = [ libX11 libXext xorgproto ]; Loading
pkgs/development/libraries/nss/esr.nix +1 −1 Original line number Diff line number Diff line import ./generic.nix { version = "3.90"; hash = "sha256-ms1lNMQdjq0Z/Kb8s//+0vnwnEN8PXn+5qTuZoqqk7Y="; hash = "sha256-ZEG6ZcEymQ8Yw02ziT2LFWuvwZ1rRuT93rRHGYM22yQ="; }
