From e628862e97acc5cd9aa2c9da86f26edd6d14605c Mon Sep 17 00:00:00 2001 From: sterni Date: Fri, 19 Feb 2021 12:42:24 +0100 Subject: chore(3p): Bump NixOS channels to 2021-02-18 Main motivation for this is to get the openldap update that fixes 10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490 Someone should also redeploy whitby as soon as this lands in canon and all build failures have been fixed. Things done to resolve upstream breakages: * grpc no longer takes abseil-cpp as an input, it has also been removed in the override. * Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9 attribute has been removed by upstream and the patch used by them is available for 5.11 as well. * The fixed output hash for third_patry.apereo-cas changed for some reason. * Remove the pin of haskellPackages.vector from the haskell overlay. It broke as the most recent version of vector in nixos-unstable no longer depends on semigroups. This effectively updates vector from 0.12.1.2 to 0.12.2.0. * Align two comments in tvix/libstore/worker-protocol.hh because the updated clang-format now demands that. Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538 Tested-by: BuildkiteCI Reviewed-by: tazjin Reviewed-by: glittershark Reviewed-by: sterni --- users/glittershark/system/system/modules/kernel.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'users') diff --git a/users/glittershark/system/system/modules/kernel.nix b/users/glittershark/system/system/modules/kernel.nix index 7051231f3fcf..5c5ff8551594 100644 --- a/users/glittershark/system/system/modules/kernel.nix +++ b/users/glittershark/system/system/modules/kernel.nix @@ -11,7 +11,7 @@ let name = "linux-ck-patch-${mm}-ck1.xz"; # example: http://ck.kolivas.org/patches/5.0/5.4/5.4-ck1/patch-5.4-ck1.xz url = "http://ck.kolivas.org/patches/${mj}.0/${mm}/${mm}-ck1/patch-${mm}-ck1.xz"; - sha256 = "0cv1ayj9akl83q2whabj8v3qygkkfwvzcjqx539sw6j3r9qhrs64"; + sha256 = "14lfpq9hvq1amxrl0ayfid1d04kd35vwsvk1ppnqa87nqfkjq47c"; }; unpackPhase = '' @@ -24,7 +24,7 @@ let }; in { - boot.kernelPackages = pkgs.linuxPackages_5_9.extend (self: super: { + boot.kernelPackages = pkgs.linuxPackages_5_11.extend (self: super: { kernel = super.kernel.override { ignoreConfigErrors = true; kernelPatches = super.kernel.kernelPatches ++ [{ -- cgit 1.4.1