curl-impersonate 0 -> 1 attrpath: curl-impersonate Checking auto update branch... [version] [version] generic version rewriter does not support multiple hashes [rustCrateVersion] [rustCrateVersion] No cargoSha256 or cargoHash found [golangModuleVersion] [golangModuleVersion] skipping because derivation has updateScript [npmDepsVersion] [npmDepsVersion] No npmDepsHash [updateScript] [updateScript] Success [updateScript] this derivation will be built: /nix/store/yyw8m1ikq5h86lfqxal9b1qygbpbgmgm-packages.json.drv building '/nix/store/yyw8m1ikq5h86lfqxal9b1qygbpbgmgm-packages.json.drv'... Going to be running update for following packages: - curl-impersonate-0.5.4 Press Enter key to continue... Running update for: - curl-impersonate-0.5.4: UPDATING ... - curl-impersonate-0.5.4: DONE. Packages updated! Diff after rewrites: diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index 070aab8d53f2..49fce7c1697e 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -25,13 +25,13 @@ let makeCurlImpersonate = { name, target }: stdenv.mkDerivation rec { pname = "curl-impersonate-${name}"; - version = "0.5.4"; + version = "0.6.1"; src = fetchFromGitHub { owner = "lwthiker"; repo = "curl-impersonate"; rev = "v${version}"; - hash = "sha256-LBGWFal2szqgURIBCLB84kHWpdpt5quvBBZu6buGj2A="; + hash = "sha256-ExmEhjJC8FPzx08RuKOhRxKgJ4Dh+ElEl+OUHzRCzZc="; }; patches = [ @@ -138,7 +138,7 @@ let inherit (passthru.deps."boringssl.zip") name; src = passthru.deps."boringssl.zip"; - vendorHash = "sha256-ISmRdumckvSu7hBXrjvs5ZApShDiGLdD3T5B0fJ1x2Q="; + vendorHash = "sha256-WNXd8hBbtuo1VYc5ueTzWlZsE2UNd/HgKD645E2242w="; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/tools/networking/curl-impersonate/deps.nix b/pkgs/tools/networking/curl-impersonate/deps.nix index 498616247dce..1b04659f0741 100644 --- a/pkgs/tools/networking/curl-impersonate/deps.nix +++ b/pkgs/tools/networking/curl-impersonate/deps.nix @@ -2,9 +2,9 @@ { fetchurl }: { - "curl-7.84.0.tar.xz" = fetchurl { - url = "https://curl.se/download/curl-7.84.0.tar.xz"; - hash = "sha256-LRGLQ/VHv+W66AbY1HtOWW6lslpsHwgK70n7zYF8Xbg="; + "curl-8.1.1.tar.xz" = fetchurl { + url = "https://curl.se/download/curl-8.1.1.tar.xz"; + hash = "sha256-CKlI4GGSlkVZfB73GU4HswiyIIT/A/p0ALRl5sBRSeU="; }; "brotli-1.0.9.tar.gz" = fetchurl { @@ -12,18 +12,18 @@ hash = "sha256-+ejYHQQFumbRgVKa9CozVPg4yTkJX/mZMNpqqc32/kY="; }; - "nss-3.87.tar.gz" = fetchurl { - url = "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_87_RTM/src/nss-3.87-with-nspr-4.35.tar.gz"; - hash = "sha256-63DqC1jc5pqkkOnp/s0TKn1kTh2j1jHhYzdqDcwRoCI="; + "nss-3.92.tar.gz" = fetchurl { + url = "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_92_RTM/src/nss-3.92-with-nspr-4.35.tar.gz"; + hash = "sha256-IcF2v/+27IQLX5hcf48BRoL0ovtVsGkkc0Fy1cBIbcU="; }; "boringssl.zip" = fetchurl { - url = "https://github.com/google/boringssl/archive/3a667d10e94186fd503966f5638e134fe9fb4080.zip"; - hash = "sha256-HsDIkd1x5IH49fUF07dJaabMIMsQygW+NI7GneULpA8="; + url = "https://github.com/google/boringssl/archive/1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc.zip"; + hash = "sha256-daVVQvpxkuEL/8/+QtLOJkdO+ECYZE3P4qJmDjV1GM0="; }; - "nghttp2-1.46.0.tar.bz2" = fetchurl { - url = "https://github.com/nghttp2/nghttp2/releases/download/v1.46.0/nghttp2-1.46.0.tar.bz2"; - hash = "sha256-moKXjIcAcbdp8n0riBkct3/clFpRwdaFx/YafhP8Ryk="; + "nghttp2-1.56.0.tar.bz2" = fetchurl { + url = "https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.bz2"; + hash = "sha256-L13Nv1d6LfUTokZGRUhMw10uTQczZT1jGTrlHbQd70E="; }; } No auto update branch exists Received ExitFailure 1 when running Raw command: /nix/store/6r0bm8shswm9v08kzvq24ib48mx3kxmn-nix-2.18.1/bin/nix-build --option sandbox true --arg config "{ allowBroken = true; allowUnfree = true; allowAliases = false; }" --arg overlays "[ ]" -A curl-impersonate Received ExitFailure 1 when running Raw command: /nix/store/6r0bm8shswm9v08kzvq24ib48mx3kxmn-nix-2.18.1/bin/nix --extra-experimental-features nix-command log -f . curl-impersonate Standard output: error: … while evaluating a branch condition at /var/cache/nixpkgs-update/worker/worktree/curl-impersonate/pkgs/top-level/all-packages.nix:15705:5: 15704| pin-to-gcc12-if-gcc13 = pkg: 15705| if !(lib.isDerivation pkg) || !(pkg?override) then pkg else | ^ 15706| pkg.override (previousArgs: … in the left operand of the OR (||) operator at /var/cache/nixpkgs-update/worker/worktree/curl-impersonate/pkgs/top-level/all-packages.nix:15705:32: 15704| pin-to-gcc12-if-gcc13 = pkg: 15705| if !(lib.isDerivation pkg) || !(pkg?override) then pkg else | ^ 15706| pkg.override (previousArgs: (stack trace truncated; use '--show-trace' to show the full trace) error: Package ‘curl-impersonate-0.6.1’ in /var/cache/nixpkgs-update/worker/worktree/curl-impersonate/pkgs/tools/networking/curl-impersonate/default.nix:150 is marked as insecure, refusing to evaluate. Known issues: - CVE-2023-38545 - CVE-2023-32001 - CVE-2022-43551 - CVE-2022-42916 You can install it anyway by allowing this package, using the following methods: a) To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools: $ export NIXPKGS_ALLOW_INSECURE=1 Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake, then pass `--impure` in order to allow use of environment variables. b) for `nixos-rebuild` you can add ‘curl-impersonate-0.6.1’ to `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, like so: { nixpkgs.config.permittedInsecurePackages = [ "curl-impersonate-0.6.1" ]; } c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add ‘curl-impersonate-0.6.1’ to `permittedInsecurePackages` in ~/.config/nixpkgs/config.nix, like so: { permittedInsecurePackages = [ "curl-impersonate-0.6.1" ]; }