Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
86 commits
Select commit Hold shift + click to select a range
e866333
expat: 2.8.0 -> 2.8.1
whispersofthedawn May 11, 2026
412b051
Revert "groff: only apply the latest patch on linux for now"
vcunat May 12, 2026
2102ac3
audit: 4.1.2-unstable-2025-09-06 -> 4.1.4
LordGrimmauld May 12, 2026
85e3036
libressl_4_3: init at 4.3.1
ruuda May 1, 2026
fdf4fbe
libressl_4_1: delete unsupported package
ruuda May 1, 2026
d5937f2
libressl: add ruuda as maintainer
ruuda May 1, 2026
7c65181
libressl: enable strictDeps and __structuredAttrs
ruuda May 1, 2026
c0a53e6
libressl_4_3: backport executable stack fix
ruuda May 12, 2026
f479a5d
openexr: 3.4.10 -> 3.4.11
Hythera May 10, 2026
ab6adf5
openapv: 0.2.1.2 -> 0.2.1.3
Hythera Apr 28, 2026
49d2ce0
python3Packages.aiodns: 4.0.0 -> 4.0.3
mweinelt May 19, 2026
ebd0392
python3Packages.xmltodict: 1.0.2 -> 1.0.4
mweinelt May 19, 2026
344a637
qt5: 5.15.18 -> 5.15.19
K900 May 21, 2026
e717fb6
openldap: skip flaky syncreplication tests
ElXreno Apr 25, 2026
988d5e4
nodejs_24: 24.15.0 -> 24.16.0
aduh95 May 21, 2026
8861a6b
unbound: 1.25.0 -> 1.25.1
Scrumplex May 21, 2026
dcbc584
python3Packages.python-multipart: 0.0.22 -> 0.0.29
dotlambda May 20, 2026
44573c7
python3Packages.asgi-csrf: mark broken
dotlambda May 20, 2026
5c3ae22
python3Packages.frictionless: exclude datasette from nativeCheckInputs
dotlambda May 20, 2026
8accd65
gtk4: make patch unconditional
vcunat May 22, 2026
8e3eb65
python3Packages.aiodns: 4.0.3 -> 4.0.4
dotlambda May 22, 2026
c5cd03a
kdePackages.plasma-workspace: backport patch for Qt 6.11.1 regression
K900 May 23, 2026
6e26421
qt6: 6.11.0 -> 6.11.1
K900 May 23, 2026
bbacb13
glibc: 2.42-61 -> 2.42-67
zowoq May 9, 2026
790c683
doctest: 2.5.0 -> 2.5.2
nim65s Apr 29, 2026
8806b11
python3Packages.paramiko: invoke is a required dependency
znaniye Oct 16, 2025
5eaef15
duplicity: remove invoke from dependencies
znaniye Oct 16, 2025
ba90fa7
simdjson: 4.6.0 -> 4.6.4
trofi Apr 11, 2026
8b34d58
libass: remove libiconv dependency on darwin
llakala May 18, 2026
9756eaf
assimp: 6.0.4 -> 6.0.5
Hythera May 1, 2026
bd2d251
libcaca: apply patch for CVE-2026-42046
LeSuisse May 12, 2026
1795572
freetype: 2.14.2 -> 2.14.3
r-ryantm May 3, 2026
752123a
libde265: 1.0.18 -> 1.0.19
r-ryantm May 20, 2026
96f6370
python3Packages.starlette: 0.52.1 -> 1.1.0
mweinelt May 26, 2026
f8562c7
python3Packages.fastapi: 0.135.3 -> 0.136.3
mweinelt May 26, 2026
a7d2d59
systemd: fix tmpfiles errors when mount is noatime
PaulGrandperrin May 26, 2026
d0551bc
openblas: 0.3.32 -> 0.3.33
Liamolucko Apr 26, 2026
a7e09a4
cargo: add patches for CVE-2026-5222 and CVE-2026-5223
whispersofthedawn May 26, 2026
8b70ffa
libaec: 1.1.6 -> 1.1.7
r-ryantm May 22, 2026
f4dff6b
e2fsprogs: 1.47.3 -> 1.47.4
dotlambda May 25, 2026
8802894
libadwaita: 1.9.0 -> 1.9.1
dotlambda May 25, 2026
664ed12
imagemagick: 7.1.2-23 -> 7.1.2-24
dotlambda May 26, 2026
fbaac14
curl: set structuredAttrs
doronbehar May 26, 2026
eac01b3
fftw: 3.3.10 -> 3.3.11
dotlambda May 26, 2026
46b00f0
rsync: skip chgrp test
lisanna-dettwyler Mar 6, 2026
88fbe35
python3Packages.mistune: 3.2.0 -> 3.2.1
dotlambda May 3, 2026
1ed273b
rsync: 3.4.1 -> 3.4.3
pyrox0 May 20, 2026
671e8ae
at-spi2-core: 2.60.1 -> 2.60.4
dotlambda May 25, 2026
9ad85fe
ffmpeg_8: 8.1 -> 8.1.1
dotlambda May 26, 2026
dcc6f5d
nodejs: pin icu to newer version
marcin-serwin May 28, 2026
29e701e
valkey: 9.0.4 -> 9.1.0
Hythera May 25, 2026
b7a103e
rust-cbindgen: 0.29.2 -> 0.29.3
mweinelt May 28, 2026
1526af3
publicsuffix-list: 0-unstable-2026-03-26 -> 0-unstable-2026-05-13
r-ryantm May 18, 2026
dc10879
libheif: 1.21.2 -> 1.22.2
kuflierl May 21, 2026
96a47e2
python3Packages.pillow-heif: disable tests that abuse spec and break …
kuflierl May 28, 2026
3fcd08a
curl: backport performance patch
Scrumplex May 21, 2026
83c65a6
gnupatch: disable flaky test
mdaniels5757 May 30, 2026
f75e2f0
perlPackages.HTTPDaemon: 6.16 -> 6.17
marcusramberg May 30, 2026
1b76c29
sdl3: 3.4.8 -> 3.4.10
trofi May 31, 2026
68be3d0
sdl3: increase test timeout for testrwlock
nekowinston Jun 1, 2026
2a0e0ba
rustPlatform.fetchCargoVendor: remove duplicate fetcher
andresilva May 29, 2026
b3bdc19
libheif: 1.22.2 -> 1.23.0
kuflierl Jun 2, 2026
e40d42c
bzip2: patch CVE-2026-42250
dotlambda May 31, 2026
15c74e4
libgcrypt: 1.11.2 -> 1.12.2
whispersofthedawn May 23, 2026
9b9b7a4
go_1_26: 1.26.3 -> 1.26.4
leonklingele Jun 2, 2026
608382c
python3Packages.pyjwt: 2.12.1 -> 2.13.0
dotlambda May 31, 2026
360c80e
python3Packages.django_5: 5.2.14 -> 5.2.15
mweinelt Jun 3, 2026
1cf8084
xvfb: 21.1.22 -> 21.1.23, drop rebuild avoidance
whispersofthedawn Jun 2, 2026
e4f8aa8
ghostscript: 10.07.0 -> 10.07.1
dotlambda May 31, 2026
8336ce2
systemd: 260.1 -> 260.2
r-ryantm May 27, 2026
2b7fc29
systemd: drop upstreamed tmpfiles noatime patch
r-vdp May 31, 2026
1189954
libde265: 1.0.19 -> 1.1.0
dotlambda Jun 2, 2026
213f8e5
krb5: 1.22.1 -> 1.22.2
dotlambda Jun 1, 2026
7b57101
krb5: patch CVE-2026-40355 and CVE-2026-40356
dotlambda Jun 4, 2026
4907a03
libxml2: 2.15.2 -> 2.15.3
LordGrimmauld Jun 3, 2026
c6a6976
perl: backport security fixes
stigtsp Jun 4, 2026
8abfd69
libpng: 1.6.56 -> 1.6.58
vcunat Jun 5, 2026
7b8f0d2
rustPlatform.fetchCargoVendor: de-duplicate git sources by selector
CathalMullan Mar 21, 2026
cd50997
freetype: add patches for four vulnerabilities from project zero
whispersofthedawn Jun 6, 2026
b036a47
libde265: 1.1.0 -> 1.1.1
dotlambda Jun 7, 2026
ba1d85c
rsync: 3.4.3 -> 3.4.4
leona-ya Jun 8, 2026
98d05b7
rsync: fix test failure on darwin
leona-ya Jun 10, 2026
df10d00
libressl: fix Darwin build
mdaniels5757 Jun 8, 2026
07f0989
python3Packages.valkey: fix valkey 9.1 compat
mweinelt Jun 15, 2026
4e59517
python3Packages.cnf-lint: disable failing tests
mweinelt Jun 19, 2026
5ea9077
python3Packages.fasthtml: 0.12.48 -> 0.13.3
vcunat Jun 21, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
416 changes: 0 additions & 416 deletions pkgs/build-support/rust/fetch-cargo-vendor-util-v2.py

This file was deleted.

33 changes: 24 additions & 9 deletions pkgs/build-support/rust/fetch-cargo-vendor-util.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ def create_http_session() -> requests.Session:
status_forcelist=[500, 502, 503, 504]
)
session = requests.Session()
session.headers["User-Agent"] = "nixpkgs-fetchCargoVendor/2 (https://github.com/NixOS/nixpkgs)"
session.mount('http://', HTTPAdapter(max_retries=retries))
session.mount('https://', HTTPAdapter(max_retries=retries))
return session
Expand Down Expand Up @@ -68,7 +69,9 @@ def get_download_url_for_tarball(pkg: dict[str, Any]) -> str:
if pkg["source"] != "registry+https://github.com/rust-lang/crates.io-index":
raise Exception("Only the default crates.io registry is supported.")

return f"https://crates.io/api/v1/crates/{pkg["name"]}/{pkg["version"]}/download"
# Use static.crates.io (CDN) instead of crates.io/api to avoid the 1 req/sec
# rate limit on the API servers.
return f"https://static.crates.io/crates/{pkg["name"]}/{pkg["version"]}/download"


def download_tarball(session: requests.Session, pkg: dict[str, Any], out_dir: Path) -> None:
Expand Down Expand Up @@ -289,6 +292,7 @@ def create_vendor(vendor_staging_dir: Path, out_dir: Path) -> None:
lockfile_version = get_lockfile_version(cargo_lock_toml)

source_to_ind: dict[str, str] = {}
selector_to_ind: dict[tuple, str] = {}
source_config = {}
next_registry_ind = 0
next_git_ind = 0
Expand Down Expand Up @@ -324,24 +328,35 @@ def add_source_replacement(
continue

if source.startswith("git+"):
ind = f"git-{next_git_ind}"
next_git_ind += 1
source_info = parse_git_source(source, lockfile_version)
selector = make_git_source_selector(source_info)
selector_key = (source_info["url"], source_info["type"], source_info["value"])
if selector_key in selector_to_ind:
ind = selector_to_ind[selector_key]
else:
ind = f"git-{next_git_ind}"
next_git_ind += 1
selector_to_ind[selector_key] = ind
add_source_replacement(
orig_key=f"original-source-{ind}",
orig_selector=selector,
vendored_key=f"vendored-source-{ind}",
vendored_dir=f"@vendor@/source-{ind}"
)
elif source.startswith("registry+") or source.startswith("sparse+"):
ind = f"registry-{next_registry_ind}"
next_registry_ind += 1
selector = make_registry_source_selector(source)
add_source_replacement(
orig_key=f"original-source-{ind}",
orig_selector=selector,
vendored_key=f"vendored-source-{ind}",
vendored_dir=f"@vendor@/source-{ind}"
)
else:
raise Exception(f"Can't process source: {source}.")

source_to_ind[source] = ind
add_source_replacement(
orig_key=f"original-source-{ind}",
orig_selector=selector,
vendored_key=f"vendored-source-{ind}",
vendored_dir=f"@vendor@/source-{ind}"
)

config_path = out_dir / ".cargo" / "config.toml"
config_path.parent.mkdir()
Expand Down
39 changes: 14 additions & 25 deletions pkgs/build-support/rust/fetch-cargo-vendor.nix
Original file line number Diff line number Diff line change
Expand Up @@ -37,29 +37,18 @@ let
"hash"
];

mkFetchCargoVendorUtil =
name: src:
writers.writePython3Bin name {
libraries =
with python3Packages;
[
requests
tomli-w
]
++ requests.optional-dependencies.socks; # to support socks proxy envs like ALL_PROXY in requests
flakeIgnore = [
"E501"
];
} (builtins.readFile src);

# Separate util used only by the FOD `vendorStaging` stage below. Kept
# distinct from fetchCargoVendorUtil so that changes to the network-facing
# bits (User-Agent, download URL) don't invalidate the input-addressed
# `-vendor` stage and force a mass rebuild of every Rust package in nixpkgs.
# vendorStaging is an FOD, so swapping its util is free for consumers.
# TODO: unify with fetchCargoVendorUtil on the next `staging` cycle.
fetchCargoVendorUtilV2 = mkFetchCargoVendorUtil "fetch-cargo-vendor-util-v2" ./fetch-cargo-vendor-util-v2.py;
fetchCargoVendorUtil = mkFetchCargoVendorUtil "fetch-cargo-vendor-util" ./fetch-cargo-vendor-util.py;
fetchCargoVendorUtil = writers.writePython3Bin "fetch-cargo-vendor-util" {
libraries =
with python3Packages;
[
requests
tomli-w
]
++ requests.optional-dependencies.socks; # to support socks proxy envs like ALL_PROXY in requests
flakeIgnore = [
"E501"
];
} (builtins.readFile ./fetch-cargo-vendor-util.py);
in

{
Expand All @@ -79,7 +68,7 @@ let
impureEnvVars = lib.fetchers.proxyImpureEnvVars;

nativeBuildInputs = [
fetchCargoVendorUtilV2
fetchCargoVendorUtil
cacert
nix-prefetch-git'
]
Expand All @@ -92,7 +81,7 @@ let
cd "$cargoRoot"
fi

fetch-cargo-vendor-util-v2 create-vendor-staging ./Cargo.lock "$out"
fetch-cargo-vendor-util create-vendor-staging ./Cargo.lock "$out"

runHook postBuild
'';
Expand Down
4 changes: 2 additions & 2 deletions pkgs/by-name/as/assimp/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

stdenv.mkDerivation (finalAttrs: {
pname = "assimp";
version = "6.0.4";
version = "6.0.5";
outputs = [
"out"
"lib"
Expand All @@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "assimp";
repo = "assimp";
tag = "v${finalAttrs.version}";
hash = "sha256-ryTgsN0z9BZBz7i9aUMKuneN5oqfxpduwJlb+Q0q3Mk=";
hash = "sha256-QWBi1pl5C76UtPhB6SmFipm9oEdnfhELMT3MqfV6oxg=";
};

postPatch = ''
Expand Down
4 changes: 2 additions & 2 deletions pkgs/by-name/at/at-spi2-core/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

stdenv.mkDerivation (finalAttrs: {
pname = "at-spi2-core";
version = "2.60.1";
version = "2.60.4";

outputs = [
"out"
Expand All @@ -39,7 +39,7 @@ stdenv.mkDerivation (finalAttrs: {

src = fetchurl {
url = "mirror://gnome/sources/at-spi2-core/${lib.versions.majorMinor finalAttrs.version}/at-spi2-core-${finalAttrs.version}.tar.xz";
hash = "sha256-+ZuH48FnT1+8QXzJwdniYcDymqsFUK1jaYBQMdEvaFI=";
hash = "sha256-Gh9bqYBZF/QfxqpoI9z4h6KR1gekJ+LVr7a136ZQcMc=";
};

nativeBuildInputs = [
Expand Down
10 changes: 3 additions & 7 deletions pkgs/by-name/au/audit/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "audit";
version = "4.1.2-unstable-2025-09-06"; # fixes to non-static builds right after 4.1.2 release
version = "4.1.4";

src = fetchFromGitHub {
owner = "linux-audit";
repo = "audit-userspace";
rev = "cb13fe75ee2c36d5c525ed9de22aae10dbc8caf4";
hash = "sha256-NX0TWA+LtcZgbM9aQfokWv2rGNAAb3ksGqAH8URAkYM=";
tag = "v${finalAttrs.version}";
hash = "sha256-GdJ9nzlDAdOazOHH/YWuEoELrJh+G5ZJUKwIqAKAzpo=";
};

postPatch = ''
Expand Down Expand Up @@ -132,10 +132,6 @@ stdenv.mkDerivation (finalAttrs: {
# Instead, we load audit rules in a dedicated module.
postFixup = ''
moveToOutput bin/augenrules $scripts
substituteInPlace $scripts/bin/augenrules \
--replace-fail "/sbin/auditctl -R" "$bin/bin/auditctl -R" \
--replace-fail "auditctl -s" "$bin/bin/auditctl -s" \
--replace-fail "/bin/ls" "ls"
wrapProgram $scripts/bin/augenrules \
--prefix PATH : ${
lib.makeBinPath [
Expand Down
32 changes: 32 additions & 0 deletions pkgs/by-name/cu/curlMinimal/fix-wakeup-consumption.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
From 2a2104f3cff44bb28bb570a093be52bbeeed8f23 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Mon, 11 May 2026 14:56:04 +0200
Subject: [PATCH] event: fix wakeup consumption

The events on a multi wakeup socketpair were only consumed via
curl_multi_poll()/curl_multi_wait() but not in event based processing on
a curl_multi_socket() call. That led to busy loops as reported in

Fixes #21547
Reported-by: Earnestly on github
Closes #21549
---
lib/multi.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/lib/multi.c b/lib/multi.c
index be32740a7097..5e84133f13fd 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2703,6 +2703,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
Curl_uint32_bset_remove(&multi->dirty, data->mid);

if(data == multi->admin) {
+#ifdef ENABLE_WAKEUP
+ /* Consume any pending wakeup signals before processing.
+ * This is necessary for event based processing. See #21547 */
+ (void)Curl_wakeup_consume(multi->wakeup_pair, TRUE);
+#endif
#ifdef USE_RESOLV_THREADED
Curl_async_thrdd_multi_process(multi);
#endif
8 changes: 8 additions & 0 deletions pkgs/by-name/cu/curlMinimal/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,13 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-Y/4twUi6DOromSLvg49+XJRicsLni3xZ+rS3nTziuJY=";
};

patches = [
# https://github.com/curl/curl/commit/2a2104f3cff44bb28bb570a093be52bbeeed8f23
# According to <https://curl.se/mail/distros-2026-05/0000.html>, this fixes
# a performance regression, causing high CPU usage
./fix-wakeup-consumption.patch
];

# this could be accomplished by updateAutotoolsGnuConfigScriptsHook, but that causes infinite recursion
# necessary for FreeBSD code path in configure
postPatch = ''
Expand All @@ -115,6 +122,7 @@ stdenv.mkDerivation (finalAttrs: {
enableParallelBuilding = true;

strictDeps = true;
__structuredAttrs = true;

env = {
CXX = "${stdenv.cc.targetPrefix}c++";
Expand Down
5 changes: 3 additions & 2 deletions pkgs/by-name/do/doctest/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@

stdenv.mkDerivation (finalAttrs: {
pname = "doctest";
version = "2.5.0";
version = "2.5.2";

src = fetchFromGitHub {
owner = "doctest";
repo = "doctest";
tag = "v${finalAttrs.version}";
hash = "sha256-7t/eknv7VtHoBgcuJmI07x//HIyqzE9HUuH5u2y7X8A=";
hash = "sha256-4jW6xPFCFxk1l47EkSUVojhycrtluPhOc5Adf/25R7M=";
};

nativeBuildInputs = [ cmake ];
Expand All @@ -27,6 +27,7 @@ stdenv.mkDerivation (finalAttrs: {
doCheck = true;

meta = {
changelog = "https://github.com/doctest/doctest/releases/tag/${finalAttrs.src.tag}";
homepage = "https://github.com/doctest/doctest";
description = "Fastest feature-rich C++11/14/17/20 single-header testing framework";
platforms = lib.platforms.all;
Expand Down
25 changes: 11 additions & 14 deletions pkgs/by-name/du/duplicity/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -75,20 +75,17 @@ let
glib
];

pythonPath =
with python3.pkgs;
[
b2sdk
boto3
idna
pygobject3
fasteners
paramiko
pexpect
# Currently marked as broken.
# pydrive2
]
++ paramiko.optional-dependencies.invoke;
pythonPath = with python3.pkgs; [
b2sdk
boto3
idna
pygobject3
fasteners
paramiko
pexpect
# Currently marked as broken.
# pydrive2
];

nativeCheckInputs = [
gnupg # Add 'gpg' to PATH.
Expand Down
15 changes: 2 additions & 13 deletions pkgs/by-name/e2/e2fsprogs/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
stdenv,
buildPackages,
fetchurl,
fetchpatch,
pkg-config,
libuuid,
gettext,
Expand All @@ -20,25 +19,15 @@

stdenv.mkDerivation rec {
pname = "e2fsprogs";
version = "1.47.3";
version = "1.47.4";

__structuredAttrs = true;

src = fetchurl {
url = "mirror://kernel/linux/kernel/people/tytso/e2fsprogs/v${version}/e2fsprogs-${version}.tar.xz";
hash = "sha256-hX5u+AD+qiu0V4+8gQIUvl08iLBy6lPFOEczqWVzcyk=";
hash = "sha256-/VvziMvb4Aaj07MY2YOylIOCRArMhah/Hn0QhlPo2ws=";
};

patches = [
# Upstream patch that fixes musl build (and probably others).
# Should be included in next release after 1.47.3.
(fetchpatch {
name = "stdio-portability.patch";
url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=f79abd8554e600eacc2a7c864a8332b670c9e262";
hash = "sha256-zZ7zmSMTwGyS3X3b/D/mVG0bV2ul5xtY5DJx9YUvQO8=";
})
];

# fuse2fs adds 14mb of dependencies
outputs = [
"bin"
Expand Down
4 changes: 2 additions & 2 deletions pkgs/by-name/ex/expat/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# files.

let
version = "2.8.0";
version = "2.8.1";
tag = "R_${lib.replaceStrings [ "." ] [ "_" ] version}";
in
stdenv.mkDerivation (finalAttrs: {
Expand All @@ -29,7 +29,7 @@ stdenv.mkDerivation (finalAttrs: {
url =
with finalAttrs;
"https://github.com/libexpat/libexpat/releases/download/${tag}/${pname}-${version}.tar.xz";
hash = "sha256-o3v64KqXdb2FIevYXcRW1Ibw/zETj2yR/ZAupzJiRUI=";
hash = "sha256-ELGV7ngWCpCDiBgKj+NgPU6aEvR1X79fOBayOp11DaA=";
};

strictDeps = true;
Expand Down
Loading
Loading