Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 7829e5791ba1
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a7c70f2e10bc
Choose a head ref
  • 13 commits
  • 9 files changed
  • 11 contributors

Commits on May 7, 2020

  1. kubernetes: 1.17.3 -> 1.17.5

    Johan Thomsen committed May 7, 2020
    Copy the full SHA
    6b10ceb View commit details

Commits on May 13, 2020

  1. sane-airscan: 0.9.17 -> 0.99.0

    @zaninime
    zaninime committed May 13, 2020
    Copy the full SHA
    9c2fa3c View commit details

  2. firefox: Add patch to fix AES GCM IV bit size 

    Regression introduced by bce5268.

The bit size of the initialisation vector for AES GCM has been
introduced in NSS version 3.52 in the CK_GCM_PARMS struct via the
ulIvBits field.

Unfortunately, Firefox 68.8.0 and 76.0 do not set this field and thus it
gets initialised to zero, which in turn causes IV generation to fail.

I found out about this because WebRTC stopped working after updating to
NSS 3.52 and so I started bisecting.

Since there wasn't an obvious error in Firefox hinting towards NSS but
instead just the video stream ended up as a "null" stream, I didn't
suspect the NSS update to be the culprit at first. So I verified a few
times and then also started bisecting the actual commit in NSS that
caused the issue.

This turned out to be the problematic change:

https://phabricator.services.mozilla.com/D63241

> One notable change was caused by an inconsistancy between the spec and
> the released headers in PKCS#11 v2.40. CK_GCM_PARAMS had an extra
> field in the header that was not in the spec. OASIS considers the
> header file to be normative, so PKCS#11 v3.0 resolved the issue in
> favor of the header file definition.

Since the test I've used[1] was a bit flaky, I still didn't believe the
result of the bisect to be accurate, but after running the test several
times leading same results I dug through the above change line by line
to get more clues.

It fortunately didn't take that long to stumble upon the ulIvBits change
(which is actually documented in the NSS 3.52 release notes[4], but I
managed to blatantly ignore it for some reason) and started checking the
Firefox source tree for changes regarding that field.

Initialisation of that new field has been introduced[2] in preparation
for the 76 release, but subsequently got reverted[3] prior to the
release, because Firefox 76 is expected to be shipped with NSS 3.51,
which didn't have the ulIvBits field.

The patch I'm adding here is just a reintroduction of that change,
because we're using NSS 3.52. Not initialising that field will break
WebRTC and WebCrypto, which I think the former seems to gain in
popularity these days ;-)

Tested the change against the mentioned VM test[1] and also by testing
manually using Jitsi Meet and Nextcloud Talk.

[1]: https://github.com/aszlig/avonc/tree/884315838b6f0ebb32b/tests/talk
[2]: https://hg.mozilla.org/mozilla-central/rev/3ed30e6b6de1
[3]: https://hg.mozilla.org/mozilla-central/rev/665137da70ee
[4]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52_release_notes

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 8fb4997 & moved to packages.nix)
    @aszlig @andir
    aszlig authored and andir committed May 13, 2020
    Copy the full SHA
    89e9308 View commit details

Commits on May 14, 2020

  1. Merge pull request #87746 from zaninime/sane-update-20.03 

    backport: sane-airscan: 0.9.17 -> 0.99.0
    @marsam
    marsam authored May 14, 2020
    Copy the full SHA
    38ac9ed View commit details

  2. linux: 4.19.122 -> 4.19.123 

    (cherry picked from commit e9dbf2e)
    @NeQuissimus
    NeQuissimus committed May 14, 2020
    Copy the full SHA
    1f99408 View commit details

  3. linux: 5.4.40 -> 5.4.41 

    (cherry picked from commit e3ba43b)
    @NeQuissimus
    NeQuissimus committed May 14, 2020
    Copy the full SHA
    cb59d52 View commit details

  4. linux: 5.6.12 -> 5.6.13 

    (cherry picked from commit 7ef8639)
    @NeQuissimus
    NeQuissimus committed May 14, 2020
    Copy the full SHA
    1dff047 View commit details

  5. Merge #87773: firefox: patch AES GCM IV bit size 

    ...into release-20.03
    @vcunat
    vcunat committed May 14, 2020
    Copy the full SHA
    d2b0a72 View commit details

  6. zimg: 2.9.2 -> 2.9.3 

    (cherry picked from commit 2c9cc36)
    @r-ryantm @rnhmjoj
    r-ryantm authored and rnhmjoj committed May 14, 2020
    Copy the full SHA
    8830bd8 View commit details

  7. vapoursynth: R48 -> R49 

    (cherry picked from commit c339130)
This update should fix several bugs introduced in R48.
    @rnhmjoj
    rnhmjoj committed May 14, 2020
    Copy the full SHA
    e3e62d6 View commit details

  8. mkl: fix expectation of MKLROOT being set in pkg-config files 

    The Intel MKL pkg-config files did not work, because they expect that
the MKLROOT environment variable is set. This change replaces
occurences by the actual path of MKL in the Nix store.

Since the pkg-config files seem to break quite frequently after
upgrades, add a post-install check to validate the pkg-config files.

(cherry picked from commit e88673a)
    @danieldk
    danieldk committed May 14, 2020
    Copy the full SHA
    2dd4f2a View commit details

  9. Merge pull request #87749 from johanot/kubernetes-1.17.5 

    kubernetes: 1.17.3 -> 1.17.5
    @srhb
    srhb authored May 14, 2020
    Copy the full SHA
    5256f59 View commit details

  10. Merge pull request #87836 from danieldk/mkl-pkgconfig-20.03 

    [20.03] mkl: fix expectation of MKLROOT being set in pkg-config files
    @bhipple
    bhipple authored May 14, 2020
    Copy the full SHA
    a7c70f2 View commit details
8 changes: 4 additions & 4 deletions pkgs/applications/graphics/sane/backends/airscan/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, avahi, libsoup, libjpeg
{ lib, stdenv, fetchFromGitHub, pkg-config, avahi, libsoup, libjpeg, libpng
, sane-backends, meson, ninja }:
stdenv.mkDerivation rec {
pname = "sane-airscan";
version = "0.9.17";
version = "0.99.0";

nativeBuildInputs = [ meson ninja pkg-config ];
buildInputs = [ avahi libsoup libjpeg sane-backends ];
buildInputs = [ avahi libsoup libjpeg libpng sane-backends ];

src = fetchFromGitHub {
owner = "alexpevzner";
repo = pname;
rev = version;
sha256 = "03y0c1z5s3wbvxa9nvji62w42cmvcgm2sw72j7wm831995q3abmx";
sha256 = "0bbw3s95v5fmkpmmd26v9cf1c40dm85bgxlhs06ski5my803ck0a";
};

meta = with lib; {
7 changes: 6 additions & 1 deletion pkgs/applications/networking/browsers/firefox/packages.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ config, stdenv, lib, callPackage, fetchurl }:
{ config, stdenv, lib, callPackage, fetchurl, fetchpatch }:

let
common = opts: callPackage (import ./common.nix opts) {};
@@ -15,6 +15,11 @@ rec {

patches = [
./no-buildconfig-ffx76.patch
# Fix for NSS 3.52 (add missing CK_GCM_PARMS field)
(fetchpatch {
url = "https://hg.mozilla.org/mozilla-central/raw-rev/463069687b3d";
sha256 = "00yhz67flnkww3rbry0kqn6z6bm7vxfb2sgf7qikgbjcm3ysvpsm";
})
];

meta = {
4 changes: 2 additions & 2 deletions pkgs/applications/networking/cluster/kubernetes/default.nix
View file
Original file line number Diff line number Diff line change
@@ -15,13 +15,13 @@ with lib;

stdenv.mkDerivation rec {
pname = "kubernetes";
version = "1.17.3";
version = "1.17.5";

src = fetchFromGitHub {
owner = "kubernetes";
repo = "kubernetes";
rev = "v${version}";
sha256 = "0caqczz8hrwqb8j94158hz6919i7c9v1v0zknh9m2zbbng4b1awi";
sha256 = "0jnfk0p5w5xcj6i0q8xs1yzz8vvrcffymw63w033bjcdmr4sa269";
};

buildInputs = [ removeReferencesTo makeWrapper which go rsync go-bindata ];
20 changes: 19 additions & 1 deletion pkgs/development/libraries/science/math/mkl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
{ stdenvNoCC, fetchurl, rpmextract, undmg, darwin, enableStatic ? false }:
{ stdenvNoCC
, fetchurl
, pkgconfig
, rpmextract
, undmg
, darwin
, enableStatic ? false
}:

/*
For details on using mkl as a blas provider for python packages such as numpy,
numexpr, scipy, etc., see the Python section of the NixPkgs manual.
@@ -42,6 +50,10 @@ in stdenvNoCC.mkDerivation {
else
[ rpmextract ];

installCheckInputs = [ pkgconfig ];

doInstallCheck = true;

buildPhase = if stdenvNoCC.isDarwin then ''
for f in Contents/Resources/pkg/*.tgz; do
tar xzvf $f
@@ -75,6 +87,7 @@ in stdenvNoCC.mkDerivation {
bn=$(basename $f)
substituteInPlace $f \
--replace "prefix=<INSTALLDIR>/mkl" "prefix=$out" \
--replace $\{MKLROOT} "$out" \
--replace "lib/intel64_lin" "lib"
done
@@ -125,6 +138,11 @@ in stdenvNoCC.mkDerivation {
install_name_tool -change @rpath/libtbbmalloc.dylib $out/lib/libtbbmalloc.dylib $out/lib/libtbbmalloc_proxy.dylib
'';

# Validate pkgconfig files, since they break often on updates.
installCheckPhase = ''
pkg-config --validate $out/lib/pkgconfig/*.pc
'';

# Per license agreement, do not modify the binary
dontStrip = true;
dontPatchELF = true;
8 changes: 4 additions & 4 deletions pkgs/development/libraries/vapoursynth/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, makeWrapper
, zimg, libass, python3, libiconv
, ApplicationServices, nasm
, ApplicationServices
, ocrSupport ? false, tesseract ? null
, imwriSupport? true, imagemagick7 ? null
}:
@@ -12,16 +12,16 @@ with stdenv.lib;

stdenv.mkDerivation rec {
pname = "vapoursynth";
version = "R48";
version = "R49";

src = fetchFromGitHub {
owner = "vapoursynth";
repo = "vapoursynth";
rev = version;
sha256 = "1i6163bidlp0p9zcnxpsphr44ayfzd51fig4ri7vbrbl9lw9jaih";
sha256 = "1d298mlb24nlc2x7pixfbkd0qbpv4c706c32idsgpi96z1spkhvl";
};

nativeBuildInputs = [ pkgconfig autoreconfHook nasm makeWrapper ];
nativeBuildInputs = [ pkgconfig autoreconfHook makeWrapper ];
buildInputs = [
zimg libass
(python3.withPackages (ps: with ps; [ sphinx cython ]))
6 changes: 3 additions & 3 deletions pkgs/development/libraries/zimg/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,13 +2,13 @@

stdenv.mkDerivation rec {
pname = "zimg";
version = "2.9.2";
version = "2.9.3";

src = fetchFromGitHub {
owner = "sekrit-twc";
repo = "zimg";
rev = "release-${version}";
sha256 = "0jlgrlfs9maixd8mx7gk2kfawz8ixnihkxi7vhyzfy1gq49vmxm2";
sha256 = "1dqyrq3p8bkgvj4ci50ac342hjnhyz6xxvhiwp7wpi3v3nbj7s02";
};

nativeBuildInputs = [ autoreconfHook ];
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {

meta = with stdenv.lib; {
description = "Scaling, colorspace conversion and dithering library";
homepage = https://github.com/sekrit-twc/zimg;
homepage = "https://github.com/sekrit-twc/zimg";
license = licenses.wtfpl;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ rnhmjoj ];
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.19.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "4.19.122";
version = "4.19.123";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1980vza1vf6cl772dynn4m0rgdjazbn125kd6sb3s06gqn72cl2h";
sha256 = "0gwrkbbfy85ajxpg7q6j9mn8mzhmsr1v3wmh5c76p34d3b9i96d7";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-5.4.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "5.4.40";
version = "5.4.41";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1ar001rljlr15rcl77la5y1cj3plaqhdblnh87xsmv47fq13yml3";
sha256 = "0mxhz3f0ayz0nggndbikp44kx307yxf16qzsv46hni6p8z1ffr0y";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-5.6.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "5.6.12";
version = "5.6.13";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0892ar2irfhd612sb8jpx85w0wwh4n76jgsv8wb92fp6mim37sns";
sha256 = "11zriz0jwqizv0pq0laql0svsnspdfnxqykq70v22x39iyfdf9gi";
};
} // (args.argsOverride or {}))