diff options
22 files changed, 175 insertions, 42 deletions
diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix index 484f9eb44406..ad4ef1a39459 100644 --- a/nixos/modules/programs/firejail.nix +++ b/nixos/modules/programs/firejail.nix @@ -11,10 +11,20 @@ let } '' mkdir -p $out/bin - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: value: + let + opts = if builtins.isAttrs value + then value + else { executable = value; profile = null; extraArgs = []; }; + args = lib.escapeShellArgs ( + (optional (opts.profile != null) "--profile=${toString opts.profile}") + ++ opts.extraArgs + ); + in + '' cat <<_EOF >$out/bin/${command} #! ${pkgs.runtimeShell} -e - exec /run/wrappers/bin/firejail ${binary} "\$@" + exec /run/wrappers/bin/firejail ${args} -- ${toString opts.executable} "\$@" _EOF chmod 0755 $out/bin/${command} '') cfg.wrappedBinaries)} @@ -25,12 +35,38 @@ in { enable = mkEnableOption "firejail"; wrappedBinaries = mkOption { - type = types.attrsOf types.path; + type = types.attrsOf (types.either types.path (types.submodule { + options = { + executable = mkOption { + type = types.path; + description = "Executable to run sandboxed"; + example = literalExample "''${lib.getBin pkgs.firefox}/bin/firefox"; + }; + profile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Profile to use"; + example = literalExample "''${pkgs.firejail}/etc/firejail/firefox.profile"; + }; + extraArgs = mkOption { + type = types.listOf types.str; + default = []; + description = "Extra arguments to pass to firejail"; + example = [ "--private=~/.firejail_home" ]; + }; + }; + })); default = {}; example = literalExample '' { - firefox = "''${lib.getBin pkgs.firefox}/bin/firefox"; - mpv = "''${lib.getBin pkgs.mpv}/bin/mpv"; + firefox = { + executable = "''${lib.getBin pkgs.firefox}/bin/firefox"; + profile = "''${pkgs.firejail}/etc/firejail/firefox.profile"; + }; + mpv = { + executable = "''${lib.getBin pkgs.mpv}/bin/mpv"; + profile = "''${pkgs.firejail}/etc/firejail/mpv.profile"; + }; } ''; description = '' diff --git a/nixos/tests/firejail.nix b/nixos/tests/firejail.nix index a723cb01664f..5f122c3fa94d 100644 --- a/nixos/tests/firejail.nix +++ b/nixos/tests/firejail.nix @@ -11,6 +11,10 @@ import ./make-test-python.nix ({ pkgs, ...} : { enable = true; wrappedBinaries = { bash-jailed = "${pkgs.bash}/bin/bash"; + bash-jailed2 = { + executable = "${pkgs.bash}/bin/bash"; + extraArgs = [ "--private=~/firejail-home" ]; + }; }; }; @@ -53,6 +57,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { ) machine.fail("sudo -u alice bash-jailed -c 'cat ~/my-secrets/secret' | grep -q s3cret") + # Test extraArgs + machine.succeed("sudo -u alice mkdir /home/alice/firejail-home") + machine.succeed("sudo -u alice bash-jailed2 -c 'echo test > /home/alice/foo'") + machine.fail("sudo -u alice cat /home/alice/foo") + machine.succeed("sudo -u alice cat /home/alice/firejail-home/foo | grep test") # Test path acl with firejail executable machine.succeed("sudo -u alice firejail -- bash -c 'cat ~/public' | grep -q publ1c") diff --git a/pkgs/applications/virtualization/dumb-init/default.nix b/pkgs/applications/virtualization/dumb-init/default.nix index c7be90222c2e..5e1bc9489d3f 100644 --- a/pkgs/applications/virtualization/dumb-init/default.nix +++ b/pkgs/applications/virtualization/dumb-init/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "dumb-init"; - version = "1.2.2"; + version = "1.2.3"; src = fetchFromGitHub { owner = "Yelp"; repo = pname; rev = "v${version}"; - sha256 = "15hgl8rz5dmrl5gx21sq5269l1hq539qn68xghjx0bv9hgbx0g20"; + sha256 = "1ws944y8gch6h7iqvznfwlh9hnmdn36aqh9w6cbc7am8vbyq0ffa"; }; buildInputs = [ glibc.static ]; diff --git a/pkgs/applications/window-managers/i3/status-rust.nix b/pkgs/applications/window-managers/i3/status-rust.nix index a1900deb2257..66373250f71d 100644 --- a/pkgs/applications/window-managers/i3/status-rust.nix +++ b/pkgs/applications/window-managers/i3/status-rust.nix @@ -11,16 +11,16 @@ rustPlatform.buildRustPackage rec { pname = "i3status-rust"; - version = "0.14.2"; + version = "0.14.3"; src = fetchFromGitHub { owner = "greshake"; repo = pname; rev = "v${version}"; - sha256 = "1f1gvgb1zk8gw596vaz9iihbpybwzs5shd25qq7bn2bhr4hqlbb9"; + sha256 = "1k9dgmd4wz9950kr35da31rhph43gmvg8dif7hg1xw41xch6bi60"; }; - cargoSha256 = "1dcfclk8lbqvq2hywr80jm63p1i1kz3893zq99ipgryia46vd397"; + cargoSha256 = "0qqkcgl9iz4kxl1a2vv2p7vy7wxn970y28jynf3n7hfp16i3liy2"; nativeBuildInputs = [ pkgconfig makeWrapper ]; diff --git a/pkgs/data/themes/greybird/default.nix b/pkgs/data/themes/greybird/default.nix index 794034af7e7c..2f14988e1b25 100644 --- a/pkgs/data/themes/greybird/default.nix +++ b/pkgs/data/themes/greybird/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "greybird"; - version = "3.22.12"; + version = "3.22.13"; src = fetchFromGitHub { owner = "shimmerproject"; repo = pname; rev = "v${version}"; - sha256 = "1j66ddvl3pmwh2v8ajm8r5g5nbsr7r262ff1qn2nf3i0gy8b3lq8"; + sha256 = "154qawiga792iimkpk3a6q8f4gm4r158wmsagkbqqbhj33kxgxhg"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/cpp-utilities/default.nix b/pkgs/development/libraries/cpp-utilities/default.nix index 82c4882a3678..08940b4800df 100644 --- a/pkgs/development/libraries/cpp-utilities/default.nix +++ b/pkgs/development/libraries/cpp-utilities/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "cpp-utilities"; - version = "5.8.0"; + version = "5.9.0"; src = fetchFromGitHub { owner = "Martchus"; repo = pname; rev = "v${version}"; - sha256 = "06mpag2hg2vb03pdc5f9cjkpgw3kdh3bh29xfrbb16ixk4rhv0j7"; + sha256 = "0lcbvmighmc03qxcf03vqmn6188wx4dr3m9d5ldxm2v7mw5xbq82"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/draco/default.nix b/pkgs/development/libraries/draco/default.nix index f8b806482aca..02feba0a43e6 100644 --- a/pkgs/development/libraries/draco/default.nix +++ b/pkgs/development/libraries/draco/default.nix @@ -2,14 +2,14 @@ }: stdenv.mkDerivation rec { - version = "1.3.6"; + version = "1.4.0"; pname = "draco"; src = fetchFromGitHub { owner = "google"; repo = "draco"; rev = version; - sha256 = "06adhz8gsnns6q98yzjm64xs04qp2fhm9bv0wxny68rkw0bh95a0"; + sha256 = "0s65il754fpiygbg0yq2xynpbnmhiiaxghkzprjqxziyz6gi87lm"; }; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libopenaptx/default.nix b/pkgs/development/libraries/libopenaptx/default.nix index d9ccf77ea928..5b02d70f6836 100644 --- a/pkgs/development/libraries/libopenaptx/default.nix +++ b/pkgs/development/libraries/libopenaptx/default.nix @@ -2,16 +2,22 @@ stdenv.mkDerivation rec { pname = "libopenaptx"; - version = "0.1.0"; + version = "0.2.0"; src = fetchFromGitHub { owner = "pali"; repo = "libopenaptx"; rev = version; - sha256 = "0996qmkmbax7ccknxrd3bx8xibs79a1ffms69scsj59f3kgj6854"; + sha256 = "nTpw4vWgJ765FM6Es3SzaaaZr0YDydXglb0RWLbiigI="; }; - makeFlags = [ "PREFIX=$(out)" ]; + makeFlags = [ + "PREFIX=${placeholder "out"}" + # disable static builds + "ANAME=" + "AOBJECTS=" + "STATIC_UTILITIES=" + ]; enableParallelBuilding = true; diff --git a/pkgs/development/python-modules/class-registry/default.nix b/pkgs/development/python-modules/class-registry/default.nix index 9a3650bceb8b..93c41cadea6e 100644 --- a/pkgs/development/python-modules/class-registry/default.nix +++ b/pkgs/development/python-modules/class-registry/default.nix @@ -4,6 +4,8 @@ lib, nose, six, + typing, + isPy27, }: buildPythonPackage rec { @@ -15,7 +17,7 @@ buildPythonPackage rec { sha256 = "0zjf9nczl1ifzj07bgs6mwxsfd5xck9l0lchv2j0fv2n481xp2v7"; }; - propagatedBuildInputs = [ six ]; + propagatedBuildInputs = [ six ] ++ lib.optional isPy27 typing; checkInputs = [ nose ]; # Tests currently failing. diff --git a/pkgs/development/python-modules/cryptography/2.9.nix b/pkgs/development/python-modules/cryptography/2.9.nix index 3bbb67c52405..3cde50542873 100644 --- a/pkgs/development/python-modules/cryptography/2.9.nix +++ b/pkgs/development/python-modules/cryptography/2.9.nix @@ -29,6 +29,8 @@ buildPythonPackage rec { sha256 = "0af25w5mkd6vwns3r6ai1w5ip9xp0ms9s261zzssbpadzdr05hx0"; }; + patches = [ ./CVE-2020-25659.patch ]; + outputs = [ "out" "dev" ]; buildInputs = [ openssl ] @@ -70,6 +72,5 @@ buildPythonPackage rec { + replaceStrings [ "." ] [ "-" ] version; license = with licenses; [ asl20 bsd3 psfl ]; maintainers = with maintainers; [ primeos ]; - knownVulnerabilities = [ "CVE-2020-25659" "https://github.com/advisories/GHSA-hggm-jpg3-v476" ]; }; } diff --git a/pkgs/development/python-modules/cryptography/CVE-2020-25659.patch b/pkgs/development/python-modules/cryptography/CVE-2020-25659.patch new file mode 100644 index 000000000000..a353757be11f --- /dev/null +++ b/pkgs/development/python-modules/cryptography/CVE-2020-25659.patch @@ -0,0 +1,76 @@ +Backported of: + +From 58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Sun, 25 Oct 2020 21:16:42 -0400 +Subject: [PATCH] Attempt to mitigate Bleichenbacher attacks on RSA decryption + (#5507) + +diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt +index 6e4675d..ce66c28 100644 +--- a/docs/spelling_wordlist.txt ++++ b/docs/spelling_wordlist.txt +@@ -6,6 +6,7 @@ backend + Backends + backends + bcrypt ++Bleichenbacher + Blowfish + boolean + Botan +diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py +index 3e4c2fd..6303f95 100644 +--- a/src/cryptography/hazmat/backends/openssl/rsa.py ++++ b/src/cryptography/hazmat/backends/openssl/rsa.py +@@ -117,40 +117,19 @@ def _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding): + + outlen = backend._ffi.new("size_t *", buf_size) + buf = backend._ffi.new("unsigned char[]", buf_size) ++ # Everything from this line onwards is written with the goal of being as ++ # constant-time as is practical given the constraints of Python and our ++ # API. See Bleichenbacher's '98 attack on RSA, and its many many variants. ++ # As such, you should not attempt to change this (particularly to "clean it ++ # up") without understanding why it was written this way (see ++ # Chesterton's Fence), and without measuring to verify you have not ++ # introduced observable time differences. + res = crypt(pkey_ctx, buf, outlen, data, len(data)) ++ resbuf = backend._ffi.buffer(buf)[: outlen[0]] ++ backend._lib.ERR_clear_error() + if res <= 0: +- _handle_rsa_enc_dec_error(backend, key) +- +- return backend._ffi.buffer(buf)[:outlen[0]] +- +- +-def _handle_rsa_enc_dec_error(backend, key): +- errors = backend._consume_errors() +- backend.openssl_assert(errors) +- backend.openssl_assert(errors[0].lib == backend._lib.ERR_LIB_RSA) +- if isinstance(key, _RSAPublicKey): +- backend.openssl_assert( +- errors[0].reason == backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE +- ) +- raise ValueError( +- "Data too long for key size. Encrypt less data or use a " +- "larger key size." +- ) +- else: +- decoding_errors = [ +- backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01, +- backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02, +- backend._lib.RSA_R_OAEP_DECODING_ERROR, +- # Though this error looks similar to the +- # RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, this occurs on decrypts, +- # rather than on encrypts +- backend._lib.RSA_R_DATA_TOO_LARGE_FOR_MODULUS, +- ] +- if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR: +- decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR) +- +- backend.openssl_assert(errors[0].reason in decoding_errors) +- raise ValueError("Decryption failed.") ++ raise ValueError("Encryption/decryption failed.") ++ return resbuf + + + def _rsa_sig_determine_padding(backend, key, padding, algorithm): diff --git a/pkgs/development/python-modules/pytorch/default.nix b/pkgs/development/python-modules/pytorch/default.nix index 5eb8b99ea096..ff7a0e5107f3 100644 --- a/pkgs/development/python-modules/pytorch/default.nix +++ b/pkgs/development/python-modules/pytorch/default.nix @@ -297,6 +297,6 @@ in buildPythonPackage rec { homepage = "https://pytorch.org/"; license = lib.licenses.bsd3; platforms = with lib.platforms; linux ++ lib.optionals (!cudaSupport) darwin; - maintainers = with lib.maintainers; [ teh thoughtpolice tscholak ]; # tscholak esp. for darwin-related builds + maintainers = with lib.maintainers; [ danieldk teh thoughtpolice tscholak ]; # tscholak esp. for darwin-related builds }; } diff --git a/pkgs/development/tools/apktool/default.nix b/pkgs/development/tools/apktool/default.nix index 529f705e1012..2ff9c58fb339 100644 --- a/pkgs/development/tools/apktool/default.nix +++ b/pkgs/development/tools/apktool/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "apktool"; - version = "2.4.1"; + version = "2.5.0"; src = fetchurl { urls = [ "https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_${version}.jar" "https://github.com/iBotPeaches/Apktool/releases/download/v${version}/apktool_${version}.jar" ]; - sha256 = "0ljsh8nx065isnyzzrwddypikkfhyqsww0w02cgwgh8x3lhndsxx"; + sha256 = "1r4z0z2c1drjd4ynpf36dklxs3hq1wdnzh63mk2yk4mmk75xg4mk"; }; phases = [ "installPhase" ]; diff --git a/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix b/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix index 97f75a99c079..223b814708d3 100644 --- a/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix +++ b/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix @@ -2,7 +2,7 @@ makeWrapper, coreutils, git, openssh, bash, gnused, gnugrep }: buildGoModule rec { name = "buildkite-agent-${version}"; - version = "3.25.0"; + version = "3.26.0"; goPackagePath = "github.com/buildkite/agent"; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "buildkite"; repo = "agent"; rev = "v${version}"; - sha256 = "VxAGi2NpXpc3U+GNIvGJSkdHGODrX2s8oY+dQ8QXIHQ="; + sha256 = "1z8hiamg3h1fnsmr8j5l9q6c8cd81lqmd00gcmz4spw73pqfxg3r"; }; - vendorSha256 = "X1K6uKiMFXTDT1PcedGQ8HLGox8ePP7Cz0Ihf4m9ts8="; + vendorSha256 = "1kxnpn4py8a2rz1gwg0y3yiwcwphj38pkp2k9z1p85ccm2wblljz"; postPatch = '' substituteInPlace bootstrap/shell/shell.go --replace /bin/bash ${bash}/bin/bash diff --git a/pkgs/development/tools/misc/stlink/default.nix b/pkgs/development/tools/misc/stlink/default.nix index 7793d9185e75..7595b84721cf 100644 --- a/pkgs/development/tools/misc/stlink/default.nix +++ b/pkgs/development/tools/misc/stlink/default.nix @@ -5,7 +5,7 @@ let libusb1' = if stdenv.isDarwin then libusb1.override { withStatic = true; } else libusb1; # IMPORTANT: You need permissions to access the stlink usb devices. -# Add services.udev.pkgs = [ pkgs.stlink ] to your configuration.nix +# Add services.udev.packages = [ pkgs.stlink ] to your configuration.nix in stdenv.mkDerivation rec { pname = "stlink"; diff --git a/pkgs/development/web/flyctl/default.nix b/pkgs/development/web/flyctl/default.nix index 0aa8c65e3cd6..72525a9808f7 100644 --- a/pkgs/development/web/flyctl/default.nix +++ b/pkgs/development/web/flyctl/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "flyctl"; - version = "0.0.151"; + version = "0.0.153"; src = fetchFromGitHub { owner = "superfly"; repo = "flyctl"; rev = "v${version}"; - sha256 = "0gd0cgzhikwa11mfpmvk0dp198vhlh09kjgk67xjj4gg9g61nkg9"; + sha256 = "1an6j4bv9ib5rn78dbn8h1pdkw3fcd3fdrymhvr6909pvcz7bbgy"; }; preBuild = '' @@ -17,7 +17,7 @@ buildGoModule rec { subPackages = [ "." ]; - vendorSha256 = "018vffgi85aqzb93hbld2f3lrc01jxb9aj5j5ss5c0a689g83gmq"; + vendorSha256 = "0fmbwk0j2aayvi3cx8cfp4b3h89v88qm4kslbmhlj8mny9rd7lys"; doCheck = false; diff --git a/pkgs/tools/graphics/gromit-mpx/default.nix b/pkgs/tools/graphics/gromit-mpx/default.nix index c7f0beba8fb8..b8c344258bb9 100644 --- a/pkgs/tools/graphics/gromit-mpx/default.nix +++ b/pkgs/tools/graphics/gromit-mpx/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "gromit-mpx"; - version = "1.3.1"; + version = "1.4"; src = fetchFromGitHub { owner = "bk138"; repo = "gromit-mpx"; rev = version; - sha256 = "1dvn7vwg4fg1a3lfj5f7nij1vcxm27gyf2wr817f3qb4sx5xmjwy"; + sha256 = "1xn14r7lhay720y78j1fs4amp5lia39kpq7vzv02x4nnwhgbsd9r"; }; nativeBuildInputs = [ pkgconfig wrapGAppsHook ]; diff --git a/pkgs/tools/misc/direnv/default.nix b/pkgs/tools/misc/direnv/default.nix index f84a51486d98..050dcf2955f3 100644 --- a/pkgs/tools/misc/direnv/default.nix +++ b/pkgs/tools/misc/direnv/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "direnv"; - version = "2.24.0"; + version = "2.25.0"; vendorSha256 = null; @@ -10,7 +10,7 @@ buildGoModule rec { owner = "direnv"; repo = "direnv"; rev = "v${version}"; - sha256 = "1hgivmz6f5knpchkyi3njj1h81hixm77ad5g2v0m9bid09b97nh8"; + sha256 = "00bvznswmz08s2jqpz5xxmkqggd06h6g8cwk242aaih6qajxfpsn"; }; # we have no bash at the moment for windows diff --git a/pkgs/tools/misc/fluent-bit/default.nix b/pkgs/tools/misc/fluent-bit/default.nix index 2f736a63d977..ec1a0072a559 100644 --- a/pkgs/tools/misc/fluent-bit/default.nix +++ b/pkgs/tools/misc/fluent-bit/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "fluent-bit"; - version = "1.6.6"; + version = "1.6.7"; src = fetchFromGitHub { owner = "fluent"; repo = "fluent-bit"; rev = "v${version}"; - sha256 = "0hkl0wb1xsq7z7gbmblq4fj42llw58lxgvm41z7bliq8a2qg3hv9"; + sha256 = "1rybz69yhjm1g8m6wmn6v143a65y69w2fvs62yr8n1r92cadzbia"; }; nativeBuildInputs = [ cmake flex bison ]; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 9ba03fc74a2f..9e9348105010 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, pkgs, fetchurl, buildEnv -, coreutils, gnused, getopt, git, tree, gnupg, openssl, which, procps -, qrencode , makeWrapper, pass, symlinkJoin +, coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl +, which, procps , qrencode , makeWrapper, pass, symlinkJoin , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin , dmenuSupport ? x11Support @@ -80,8 +80,10 @@ stdenv.mkDerivation rec { wrapperPath = with stdenv.lib; makeBinPath ([ coreutils + findutils getopt git + gnugrep gnupg gnused tree diff --git a/pkgs/tools/security/pass/extensions/audit/default.nix b/pkgs/tools/security/pass/extensions/audit/default.nix index 144d13238f26..ec0f23ddc383 100644 --- a/pkgs/tools/security/pass/extensions/audit/default.nix +++ b/pkgs/tools/security/pass/extensions/audit/default.nix @@ -30,7 +30,8 @@ in stdenv.mkDerivation rec { buildInputs = [ pythonEnv ]; nativeBuildInputs = [ makeWrapper ]; - doCheck = true; + # Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError + doCheck = !stdenv.isDarwin; checkInputs = [ pythonPackages.green pass gnupg ]; checkPhase = '' ${pythonEnv}/bin/python3 setup.py green -q diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 8ba10f66396d..ae29eeafd006 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "sudo"; - version = "1.9.3p1"; + version = "1.9.4"; src = fetchurl { url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - sha256 = "17mldsg5d08s23cskmjxfa81ibnqw3slgf3l4023j72ywi9xxffw"; + sha256 = "1w03257akspgkkl757vmpq3p30sb2n6y61hll038mw9sqwnbv4cb"; }; prePatch = '' |