Merge staging-next into staging · pyrox.dev/nixpkgs@fdcac7b

+6

maintainers/maintainer-list.nix

··· 4969 4969 githubId = 1498782; 4970 4970 name = "Jesse Haber-Kucharsky"; 4971 4971 }; 4972 + hamburger1984 = { 4973 + email = "hamburger1984@gmail.com"; 4974 + github = "hamburger1984"; 4975 + githubId = 438976; 4976 + name = "Andreas Krohn"; 4977 + }; 4972 4978 hamhut1066 = { 4973 4979 email = "github@hamhut1066.com"; 4974 4980 github = "moredhel";

+9 -31

nixos/modules/security/wrappers/default.nix

··· 202 202 ###### implementation 203 203 config = { 204 204 205 - assertions = lib.mapAttrsToList 206 - (name: opts: 205 + assertions = lib.concatLists (lib.mapAttrsToList 206 + (name: opts: [ 207 207 { assertion = opts.setuid || opts.setgid -> opts.capabilities == ""; 208 208 message = '' 209 209 The security.wrappers.${name} wrapper is not valid: 210 210 setuid/setgid and capabilities are mutually exclusive. 211 211 ''; 212 212 } 213 - ) wrappers; 213 + { assertion = lib.pathHasContext (toString opts.source) -> lib.pathExists opts.source; 214 + message = '' 215 + The security.wrappers.${name} wrapper is not valid: 216 + the source store path '${opts.source}' does not exist. 217 + ''; 218 + } 219 + ]) wrappers); 214 220 215 221 security.wrappers = 216 222 let ··· 273 279 ln --symbolic "$wrapperDir" "${wrapperDir}" 274 280 fi 275 281 ''; 276 - 277 - ###### wrappers consistency checks 278 - system.extraDependencies = lib.singleton (pkgs.runCommandLocal 279 - "ensure-all-wrappers-paths-exist" { } 280 - '' 281 - # make sure we produce output 282 - mkdir -p $out 283 - 284 - echo -n "Checking that Nix store paths of all wrapped programs exist... " 285 - 286 - declare -A wrappers 287 - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: 288 - "wrappers['${n}']='${v.source}'") wrappers)} 289 - 290 - for name in "''${!wrappers[@]}"; do 291 - path="''${wrappers[$name]}" 292 - if [[ "$path" =~ /nix/store ]] && [ ! -e "$path" ]; then 293 - test -t 1 && echo -ne '\033[1;31m' 294 - echo "FAIL" 295 - echo "The path $path does not exist!" 296 - echo 'Please, check the value of `security.wrappers."'$name'".source`.' 297 - test -t 1 && echo -ne '\033[0m' 298 - exit 1 299 - fi 300 - done 301 - 302 - echo "OK" 303 - ''); 304 282 }; 305 283 }

+1 -1

nixos/modules/services/networking/wpa_supplicant.nix

··· 114 114 115 115 script = 116 116 '' 117 - ${optionalString configIsGenerated '' 117 + ${optionalString (configIsGenerated && !cfg.allowAuxiliaryImperativeNetworks) '' 118 118 if [ -f /etc/wpa_supplicant.conf ]; then 119 119 echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead." 120 120 fi

+1

nixos/tests/kernel-generic.nix

··· 31 31 linux_5_10_hardened 32 32 linux_5_15_hardened 33 33 linux_5_17_hardened 34 + linux_5_18_hardened 34 35 35 36 linux_testing; 36 37 };

+12 -8

pkgs/applications/video/kodi/addons/urllib3/default.nix

··· 1 - { lib, buildKodiAddon, fetchzip, addonUpdateScript }: 1 + { lib, buildKodiAddon, fetchFromGitHub, addonUpdateScript }: 2 + 2 3 buildKodiAddon rec { 3 4 pname = "urllib3"; 4 5 namespace = "script.module.urllib3"; 5 - version = "1.26.4+matrix.1"; 6 + version = "1.26.8+matrix.1"; 6 7 7 - src = fetchzip { 8 - url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip"; 9 - sha256 = "1d2k6gbsnhdadcl1xc7igz4m71z2fcnpln5ppfjv455cmkk110vf"; 8 + # temporarily fetching from a PR because of CVE-2021-33503 9 + # see https://github.com/xbmc/repo-scripts/pull/2193 for details 10 + src = fetchFromGitHub { 11 + owner = "xbmc"; 12 + repo = "repo-scripts"; 13 + rev = "f0bfacab4732e33c5669bedd1a86319fa9e38338"; 14 + sha256 = "sha256-UEMLrIvuuPARGHMsz6dOZrOuHIYVSpi0gBy2lK1Y2sk="; 10 15 }; 11 16 17 + sourceRoot = "source/script.module.urllib3"; 18 + 12 19 passthru = { 13 20 pythonPath = "lib"; 14 - updateScript = addonUpdateScript { 15 - attrPath = "kodi.packages.urllib3"; 16 - }; 17 21 }; 18 22 19 23 meta = with lib; {

+2 -2

pkgs/development/python-modules/afdko/default.nix

··· 81 81 "test_filename_without_dir" 82 82 "test_overwrite" 83 83 "test_options" 84 - ] ++ lib.optionals (stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isRiscV) [ 85 - # aarch64-only (?) failure, unknown reason so far 84 + ] ++ lib.optionals (stdenv.hostPlatform.isAarch32 || stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isRiscV) [ 85 + # unknown reason so far 86 86 # https://github.com/adobe-type-tools/afdko/issues/1425 87 87 "test_spec" 88 88 ] ++ lib.optionals (stdenv.hostPlatform.isi686) [

+44 -8

pkgs/development/python-modules/asf-search/default.nix

··· 1 - { lib, buildPythonPackage, fetchFromGitHub, pytz, shapely, importlib-metadata, requests, python-dateutil }: 1 + { lib 2 + , buildPythonPackage 3 + , dateparser 4 + , fetchFromGitHub 5 + , importlib-metadata 6 + , numpy 7 + , pytestCheckHook 8 + , python-dateutil 9 + , pythonOlder 10 + , pytz 11 + , requests 12 + , requests-mock 13 + , shapely 14 + , wktutils 15 + }: 2 16 3 17 buildPythonPackage rec { 4 - pname = "asf_search"; 5 - version = "3.0.6"; 18 + pname = "asf-search"; 19 + version = "3.2.2"; 20 + format = "setuptools"; 21 + 22 + disabled = pythonOlder "3.7"; 6 23 7 24 src = fetchFromGitHub { 8 25 owner = "asfadmin"; 9 26 repo = "Discovery-asf_search"; 10 - rev = "v${version}"; 11 - sha256 = "1jzah2l1db1p2mv59w9qf0x3a9hk6s5rzy0jnp2smsddvyxfwcyn"; 27 + rev = "refs/tags/v${version}"; 28 + hash = "sha256-9fJp4P2cD11ppU80Av/aJOcqpaBwuYgdWWBTMo/HCeo="; 12 29 }; 13 30 14 - propagatedBuildInputs = [ pytz shapely importlib-metadata requests python-dateutil ]; 31 + propagatedBuildInputs = [ 32 + dateparser 33 + importlib-metadata 34 + numpy 35 + python-dateutil 36 + pytz 37 + requests 38 + shapely 39 + wktutils 40 + ]; 15 41 16 - doCheck = false; 42 + checkInputs = [ 43 + pytestCheckHook 44 + requests-mock 45 + ]; 17 46 18 - pythonImportsCheck = [ "asf_search" ]; 47 + postPatch = '' 48 + substituteInPlace setup.py \ 49 + --replace "WKTUtils==" "WKTUtils>=" 50 + ''; 51 + 52 + pythonImportsCheck = [ 53 + "asf_search" 54 + ]; 19 55 20 56 meta = with lib; { 21 57 description = "Python wrapper for the ASF SearchAPI";

+2 -2

pkgs/development/python-modules/browser-cookie3/default.nix

··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "browser-cookie3"; 15 - version = "0.14.2"; 15 + version = "0.14.3"; 16 16 format = "setuptools"; 17 17 18 18 disabled = pythonOlder "3.7"; 19 19 20 20 src = fetchPypi { 21 21 inherit pname version; 22 - hash = "sha256-YR5NcDmbLlnhxcDuyM6hjjuL/Ozw79ytbCF4/nmSZmQ="; 22 + hash = "sha256-Ch8ho4T3R9qwQiaP+n5Q21x62Ip3ibtqDJIDnobbh5c="; 23 23 }; 24 24 25 25 propagatedBuildInputs = [

+21 -5

pkgs/development/python-modules/entrypoint2/default.nix

··· 1 - { lib, buildPythonPackage, fetchPypi, EasyProcess, path, pytestCheckHook }: 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , EasyProcess 5 + , path 6 + , pytestCheckHook 7 + , pythonOlder 8 + }: 2 9 3 10 buildPythonPackage rec { 4 11 pname = "entrypoint2"; 5 - version = "1.0"; 12 + version = "1.1"; 13 + format = "setuptools"; 14 + 15 + disabled = pythonOlder "3.7"; 6 16 7 17 src = fetchPypi { 8 18 inherit pname version; 9 - sha256 = "sha256-Z+kG9q2VjYP0i07ewo192CZw6SYZiPa0prY6vJ+zvlY="; 19 + hash = "sha256-/At/57IazatHpYWrlAfKflxPlstoiFddtrDOuR8OEFo="; 10 20 }; 11 21 12 - pythonImportsCheck = [ "entrypoint2" ]; 22 + checkInputs = [ 23 + EasyProcess 24 + path 25 + pytestCheckHook 26 + ]; 13 27 14 - checkInputs = [ EasyProcess path pytestCheckHook ]; 28 + pythonImportsCheck = [ 29 + "entrypoint2" 30 + ]; 15 31 16 32 meta = with lib; { 17 33 description = "Easy to use command-line interface for python modules";

+46

pkgs/development/python-modules/kml2geojson/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , poetry-core 4 + , fetchFromGitHub 5 + , pytestCheckHook 6 + , pythonOlder 7 + , click 8 + }: 9 + 10 + buildPythonPackage rec { 11 + pname = "kml2geojson"; 12 + version = "5.1.0"; 13 + format = "pyproject"; 14 + 15 + disabled = pythonOlder "3.8"; 16 + 17 + src = fetchFromGitHub { 18 + owner = "mrcagney"; 19 + repo = pname; 20 + rev = version; 21 + hash = "sha256-iJEcXpvy+Y3MkxAF2Q1Tkcx8GxUVjeVzv6gl134zdiI="; 22 + }; 23 + 24 + nativeBuildInputs = [ 25 + poetry-core 26 + ]; 27 + 28 + propagatedBuildInputs = [ 29 + click 30 + ]; 31 + 32 + checkInputs = [ 33 + pytestCheckHook 34 + ]; 35 + 36 + pythonImportsCheck = [ 37 + "kml2geojson" 38 + ]; 39 + 40 + meta = with lib; { 41 + description = "Library to convert KML to GeoJSON"; 42 + homepage = "https://github.com/mrcagney/kml2geojson"; 43 + license = licenses.mit; 44 + maintainers = with maintainers; [ fab ]; 45 + }; 46 + }

+2 -2

pkgs/development/python-modules/plugwise/default.nix

··· 21 21 22 22 buildPythonPackage rec { 23 23 pname = "plugwise"; 24 - version = "0.19.0"; 24 + version = "0.19.1"; 25 25 format = "setuptools"; 26 26 27 27 disabled = pythonOlder "3.7"; ··· 30 30 owner = pname; 31 31 repo = "python-plugwise"; 32 32 rev = "refs/tags/v${version}"; 33 - sha256 = "sha256-ST7eC7IXW47b1AlX25ubUPTi6Hkcjd+7L0tzht3fz9s="; 33 + sha256 = "sha256-eytv61aTGL6rTLHfZD9Tsl9FycdExo+TGsVBCNu1fIo="; 34 34 }; 35 35 36 36 propagatedBuildInputs = [

+1 -1

pkgs/development/python-modules/uvloop/default.nix

··· 46 46 "--assert=plain" 47 47 "--strict" 48 48 "--tb=native" 49 - ] ++ lib.optionals (stdenv.isAarch64) [ 49 + ] ++ lib.optionals (stdenv.isAarch32 || stdenv.isAarch64) [ 50 50 # test gets stuck in epoll_pwait on hydras aarch64 builders 51 51 # https://github.com/MagicStack/uvloop/issues/412 52 52 "--deselect" "tests/test_tcp.py::Test_AIO_TCPSSL::test_remote_shutdown_receives_trailing_data"

+66

pkgs/development/python-modules/wktutils/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , dateparser 4 + , defusedxml 5 + , fetchFromGitHub 6 + , fiona 7 + , geomet 8 + , geopandas 9 + , kml2geojson 10 + , pyshp 11 + , pythonOlder 12 + , pyyaml 13 + , regex 14 + , requests 15 + , shapely 16 + , scikit-learn 17 + }: 18 + 19 + buildPythonPackage rec { 20 + pname = "wktutils"; 21 + version = "1.1.4"; 22 + format = "setuptools"; 23 + 24 + disabled = pythonOlder "3.7"; 25 + 26 + src = fetchFromGitHub { 27 + owner = "asfadmin"; 28 + repo = "Discovery-WKTUtils"; 29 + rev = "refs/tags/v${version}"; 30 + hash = "sha256-/gcMnZ+wWflbvLlyfIaEoSYaLrsosMyD60ei/5Iis6E="; 31 + }; 32 + 33 + propagatedBuildInputs = [ 34 + dateparser 35 + defusedxml 36 + fiona 37 + geomet 38 + geopandas 39 + kml2geojson 40 + pyshp 41 + pyyaml 42 + regex 43 + requests 44 + shapely 45 + scikit-learn 46 + ]; 47 + 48 + postPatch = '' 49 + substituteInPlace setup.py \ 50 + --replace "sklearn" "scikit-learn" 51 + ''; 52 + 53 + # Module doesn't have tests 54 + doCheck = false; 55 + 56 + pythonImportsCheck = [ 57 + "WKTUtils" 58 + ]; 59 + 60 + meta = with lib; { 61 + description = "Collection of tools for handling WKTs"; 62 + homepage = "https://github.com/asfadmin/Discovery-WKTUtils"; 63 + license = licenses.bsd3; 64 + maintainers = with maintainers; [ fab ]; 65 + }; 66 + }

+40 -30

pkgs/os-specific/linux/kernel/hardened/patches.json

··· 2 2 "4.14": { 3 3 "patch": { 4 4 "extra": "-hardened1", 5 - "name": "linux-hardened-4.14.281-hardened1.patch", 6 - "sha256": "1i70qrv9dfpp0szl2m6icrnzpgw1r21nr4b6bbpdf1gmq22y9gf1", 7 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.281-hardened1/linux-hardened-4.14.281-hardened1.patch" 5 + "name": "linux-hardened-4.14.282-hardened1.patch", 6 + "sha256": "0f7av5llr1ccx0k6z2p2spaqk4jfaw9555gf59303zgxsvakavmi", 7 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.282-hardened1/linux-hardened-4.14.282-hardened1.patch" 8 8 }, 9 - "sha256": "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis", 10 - "version": "4.14.281" 9 + "sha256": "18sp2qvk8dkjrlxwf4d470282m9wyvhajvyys9vs94rh1i3whdv6", 10 + "version": "4.14.282" 11 11 }, 12 12 "4.19": { 13 13 "patch": { 14 14 "extra": "-hardened1", 15 - "name": "linux-hardened-4.19.245-hardened1.patch", 16 - "sha256": "181bsz4zzw1hmk3l0cxrgfxlf1z5gy86bxrnwxh08n3j35biywf2", 17 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.245-hardened1/linux-hardened-4.19.245-hardened1.patch" 15 + "name": "linux-hardened-4.19.246-hardened1.patch", 16 + "sha256": "00827r0hiiia95z4nwvbqi1jxj5bzh8hna3d4p08gj2pvq5rwvxk", 17 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.246-hardened1/linux-hardened-4.19.246-hardened1.patch" 18 18 }, 19 - "sha256": "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr", 20 - "version": "4.19.245" 19 + "sha256": "0fmsglkvdgdmrkm53vyi9d4hvdl4py9qn1z0mni224n96rd2zb80", 20 + "version": "4.19.246" 21 21 }, 22 22 "5.10": { 23 23 "patch": { 24 24 "extra": "-hardened1", 25 - "name": "linux-hardened-5.10.118-hardened1.patch", 26 - "sha256": "0kn33lzb92p80rvy3jzkhnv5izr8h082x400s6ihxp1sqdal0fb7", 27 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.118-hardened1/linux-hardened-5.10.118-hardened1.patch" 25 + "name": "linux-hardened-5.10.121-hardened1.patch", 26 + "sha256": "1a7mvfnm15ci81129mpvh3gn6w75bq0i1ydv02zyngk9cz5mgjc1", 27 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.121-hardened1/linux-hardened-5.10.121-hardened1.patch" 28 28 }, 29 - "sha256": "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65", 30 - "version": "5.10.118" 29 + "sha256": "1iljaaiwqg30rqb9zxrxc4l1p56q75jf0zvsrmn67z2a12sffi4h", 30 + "version": "5.10.121" 31 31 }, 32 32 "5.15": { 33 33 "patch": { 34 34 "extra": "-hardened1", 35 - "name": "linux-hardened-5.15.43-hardened1.patch", 36 - "sha256": "03ilpzhr01567aaadwwk3qdnh9hlm427ihyrr59dwlwsfcqy2fd9", 37 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.43-hardened1/linux-hardened-5.15.43-hardened1.patch" 35 + "name": "linux-hardened-5.15.46-hardened1.patch", 36 + "sha256": "1ndvrr98mn40705dsfkyda9ny5r273bl9f6n1xb5ndx34j396wrh", 37 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.46-hardened1/linux-hardened-5.15.46-hardened1.patch" 38 38 }, 39 - "sha256": "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6", 40 - "version": "5.15.43" 39 + "sha256": "0srp0wypl24gf5yz91mpk1c2kllabq6wvby1wqrrbdwvfx35figb", 40 + "version": "5.15.46" 41 41 }, 42 42 "5.17": { 43 43 "patch": { 44 44 "extra": "-hardened1", 45 - "name": "linux-hardened-5.17.11-hardened1.patch", 46 - "sha256": "01l4k1j23ckkifjxwaq9lcfp7ynpasyn5f7nqsff6xx2wcg0qyxf", 47 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.11-hardened1/linux-hardened-5.17.11-hardened1.patch" 45 + "name": "linux-hardened-5.17.14-hardened1.patch", 46 + "sha256": "017dq8ngg3mxnfffjkf1knkzii8hsf1gsi65zla34n7kjyajlchq", 47 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.14-hardened1/linux-hardened-5.17.14-hardened1.patch" 48 + }, 49 + "sha256": "0r2skbgxzw42cn29mr7i9w7fczzxhc1lx3xvri44ljjyfdqn7r0b", 50 + "version": "5.17.14" 51 + }, 52 + "5.18": { 53 + "patch": { 54 + "extra": "-hardened1", 55 + "name": "linux-hardened-5.18.3-hardened1.patch", 56 + "sha256": "1kfnknpw2g39j7gqy6mqjmkaxkmdigx617rz2vpqvjxddfv59764", 57 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.18.3-hardened1/linux-hardened-5.18.3-hardened1.patch" 48 58 }, 49 - "sha256": "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p", 50 - "version": "5.17.11" 59 + "sha256": "1sngy576db1zl2284kd0j8ds4biln0q98wnywirzsg3c0w2v8367", 60 + "version": "5.18.3" 51 61 }, 52 62 "5.4": { 53 63 "patch": { 54 64 "extra": "-hardened1", 55 - "name": "linux-hardened-5.4.196-hardened1.patch", 56 - "sha256": "11q9sadncbz84yhsai7xdbrgmcbghj0hc1lqc45767v1f3snmpyi", 57 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.196-hardened1/linux-hardened-5.4.196-hardened1.patch" 65 + "name": "linux-hardened-5.4.197-hardened1.patch", 66 + "sha256": "0kqfviyx5aigadm051y9xkbyscnn9f92zwqxkjkxhpn0y684i7n5", 67 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.197-hardened1/linux-hardened-5.4.197-hardened1.patch" 58 68 }, 59 - "sha256": "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig", 60 - "version": "5.4.196" 69 + "sha256": "1a1nzrx873vwlpm018l6rk19yh59badvwsknw3chbkbhzjrigbf2", 70 + "version": "5.4.197" 61 71 } 62 72 }

+2 -2

pkgs/os-specific/linux/kernel/linux-4.14.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "4.14.281"; 6 + version = "4.14.282"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 16 - sha256 = "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis"; 16 + sha256 = "18sp2qvk8dkjrlxwf4d470282m9wyvhajvyys9vs94rh1i3whdv6"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-4.19.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "4.19.245"; 6 + version = "4.19.246"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 16 - sha256 = "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr"; 16 + sha256 = "0fmsglkvdgdmrkm53vyi9d4hvdl4py9qn1z0mni224n96rd2zb80"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-4.9.nix

··· 1 1 { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: 2 2 3 3 buildLinux (args // rec { 4 - version = "4.9.316"; 4 + version = "4.9.317"; 5 5 extraMeta.branch = "4.9"; 6 6 extraMeta.broken = stdenv.isAarch64; 7 7 8 8 src = fetchurl { 9 9 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 10 - sha256 = "05yd7djm6dcxv3vaylhmj3p0yml421azv8qabmhv4ric1f99idjp"; 10 + sha256 = "06qdqcplslnp1ncaqvp5yjr294rz3x4qrxnv522v76awj6dkd8vy"; 11 11 }; 12 12 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.10.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "5.10.118"; 6 + version = "5.10.121"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 - sha256 = "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65"; 16 + sha256 = "1iljaaiwqg30rqb9zxrxc4l1p56q75jf0zvsrmn67z2a12sffi4h"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.15.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "5.15.43"; 6 + version = "5.15.46"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 15 15 16 16 src = fetchurl { 17 17 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 18 - sha256 = "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6"; 18 + sha256 = "0srp0wypl24gf5yz91mpk1c2kllabq6wvby1wqrrbdwvfx35figb"; 19 19 }; 20 20 } // (args.argsOverride or { }))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.17.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "5.17.11"; 6 + version = "5.17.14"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 - sha256 = "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p"; 16 + sha256 = "0r2skbgxzw42cn29mr7i9w7fczzxhc1lx3xvri44ljjyfdqn7r0b"; 17 17 }; 18 18 } // (args.argsOverride or { }))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.18.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "5.18"; 6 + version = "5.18.3"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 - sha256 = "1vjwhl4s8qxfg1aabn8xnpjza3qzrjcp5450h9qpjvl999lg3wsi"; 16 + sha256 = "1sngy576db1zl2284kd0j8ds4biln0q98wnywirzsg3c0w2v8367"; 17 17 }; 18 18 } // (args.argsOverride or { }))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.4.nix

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 - version = "5.4.196"; 6 + version = "5.4.197"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 - sha256 = "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig"; 16 + sha256 = "1a1nzrx873vwlpm018l6rk19yh59badvwsknw3chbkbhzjrigbf2"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-libre.nix

··· 1 1 { stdenv, lib, fetchsvn, linux 2 2 , scripts ? fetchsvn { 3 3 url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; 4 - rev = "18738"; 5 - sha256 = "024iw4352h8b1kbbimqgid95h868swiw45wn91sjkpmwr612v6kd"; 4 + rev = "18777"; 5 + sha256 = "0ycg799pdi3rarkdgrrxcfjl15n8i24d9zc54xhg79wpgxcv39n3"; 6 6 } 7 7 , ... 8 8 }:

+3 -3

pkgs/os-specific/linux/kernel/linux-rt-5.10.nix

··· 6 6 , ... } @ args: 7 7 8 8 let 9 - version = "5.10.115-rt67"; # updated by ./update-rt.sh 9 + version = "5.10.120-rt70"; # updated by ./update-rt.sh 10 10 branch = lib.versions.majorMinor version; 11 11 kversion = builtins.elemAt (lib.splitString "-" version) 0; 12 12 in buildLinux (args // { ··· 18 18 19 19 src = fetchurl { 20 20 url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; 21 - sha256 = "0w9gwizyqjgsj93dqqvlh6bqkmpzjajhj09319nqncc95yrigr7m"; 21 + sha256 = "12qfgmzif2dy3kj4rqrnlx1if87c4fjmnya1bqpwx3hm0ih7ayjv"; 22 22 }; 23 23 24 24 kernelPatches = let rt-patch = { 25 25 name = "rt"; 26 26 patch = fetchurl { 27 27 url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; 28 - sha256 = "16igpdqq8nqzf98pkrs9v692d1r1fpnwrh3qxrkja0fgzswdwc0j"; 28 + sha256 = "0l0fp7bqfj11qcq3dqd5lv468z1hha0y774dfiliv97lx7gq34m9"; 29 29 }; 30 30 }; in [ rt-patch ] ++ kernelPatches; 31 31

+3 -3

pkgs/os-specific/linux/rtl8821cu/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "rtl8821cu"; 5 - version = "${kernel.version}-unstable-2022-03-08"; 5 + version = "${kernel.version}-unstable-2022-05-07"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "morrownr"; 9 9 repo = "8821cu-20210118"; 10 - rev = "4bdd7c8668562e43564cd5d786055633e591ad4d"; 11 - sha256 = "sha256-dfvDpjsra/nHwIGywOkZICTEP/Ex7ooH4zzkXqAaDkI="; 10 + rev = "e3cf788e1dddaba3273190755ce424f93fe593e4"; 11 + hash = "sha256-VUZU/oFSaxewy/BF/2k4OssAi4AWSWweqXYZPHmsQvY="; 12 12 }; 13 13 14 14 hardeningDisable = [ "pic" ];

+2 -2

pkgs/tools/bluetooth/bluewalker/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "bluewalker"; 5 - version = "0.3.0"; 5 + version = "0.3.1"; 6 6 7 7 src = fetchFromGitLab { 8 8 owner = "jtaimisto"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-spuJRiNiaBV4EsetUq8vUfR6ejUNZxLhVzS3AZZyrrQ="; 11 + sha256 = "sha256-wAzBlCczsLfHboGYIsyN7dGwz52CMw+L3XQ0njfLVR0="; 12 12 }; 13 13 14 14 vendorSha256 = "189qs6vmx63vwsjmc4qgf1y8xjsi7x6l1f5c3kd8j8jnagl26z4h";

+2 -2

pkgs/tools/filesystems/sshfs-fuse/default.nix

··· 22 22 } 23 23 else 24 24 mkSSHFS { 25 - version = "3.7.2"; 26 - sha256 = "0i0ycgwdxja8313hlkrlwrl85a4ykkyqddgg484jkr4rnr7ylk8w"; 25 + version = "3.7.3"; 26 + sha256 = "0s2hilqixjmv4y8n67zaq374sgnbscp95lgz5ignp69g3p1vmhwz"; 27 27 platforms = lib.platforms.linux; 28 28 }

+33

pkgs/tools/misc/hwatch/default.nix

··· 1 + { lib, stdenv, fetchFromGitHub, fetchpatch, rustPlatform }: 2 + 3 + rustPlatform.buildRustPackage rec { 4 + pname = "hwatch"; 5 + version = "0.3.6"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "blacknon"; 9 + repo = pname; 10 + # prefix, because just "0.3.6' causes the download to silently fail: 11 + # $ curl -v https://github.com/blacknon/hwatch/archive/0.3.6.tar.gz 12 + # ... 13 + # < HTTP/2 300 14 + # ... 15 + # the given path has multiple possibilities: #<Git::Ref:0x00007fbb2e52bed0>, #<Git::Ref:0x00007fbb2e52ae40> 16 + rev = "refs/tags/${version}"; 17 + sha256 = "sha256-uaAgA6DWwYVT9mQh55onW+qxIC2i9GVuimctTJpUgfA="; 18 + }; 19 + 20 + cargoSha256 = "sha256-Xt3Z6ax3Y45KZhTYMBr/Rfx1o+ZAoPYj51SN5hnrXQM="; 21 + 22 + meta = with lib; { 23 + homepage = "https://github.com/blackmon/hwatch"; 24 + description= "Modern alternative to the watch command"; 25 + longDescription = '' 26 + A modern alternative to the watch command, records the differences in 27 + execution results and can check this differences at after. 28 + ''; 29 + license = licenses.mit; 30 + maintainers = with maintainers; [ hamburger1984 ]; 31 + platforms = platforms.linux; 32 + }; 33 + }

+3 -2

pkgs/tools/networking/libreswan/default.nix

··· 43 43 44 44 stdenv.mkDerivation rec { 45 45 pname = "libreswan"; 46 - version = "4.6"; 46 + version = "4.7"; 47 47 48 48 src = fetchurl { 49 49 url = "https://download.libreswan.org/${pname}-${version}.tar.gz"; 50 - sha256 = "1zsnsfx18pf5dy1p4jva2sfl0bdfx5y9ls54f9bp70m64r46yf96"; 50 + sha256 = "0i7wyfgkaq6kcfhh1yshb1v7q42n3zvdkhq10f3ks1h075xk7mnx"; 51 51 }; 52 52 53 53 strictDeps = true; ··· 112 112 "INITSYSTEM=systemd" 113 113 "UNITDIR=$(out)/etc/systemd/system/" 114 114 "TMPFILESDIR=$(out)/lib/tmpfiles.d/" 115 + "LINUX_VARIANT=nixos" 115 116 ]; 116 117 117 118 # Hack to make install work

+8

pkgs/tools/package-management/nix/default.nix

··· 89 89 nix_2_9 = common { 90 90 version = "2.9.1"; 91 91 sha256 = "sha256-qNL3lQPBsnStkru3j1ajN/H+knXI+X3dku8/dBfSw3g="; 92 + patches = [ 93 + # add missing --git-dir flags 94 + # remove once 2.9.2 is out 95 + (fetchpatch { 96 + url = "https://github.com/NixOS/nix/commit/1a994cc35b33dcfd484e7a96be0e76e23bfb9029.patch"; 97 + sha256 = "sha256-7rDlqWRSVPijbvrTm4P+YykbMWyJryorXqGLEgg8/Wo="; 98 + }) 99 + ]; 92 100 }; 93 101 94 102 stable = self.nix_2_9;

+4

pkgs/top-level/all-packages.nix

··· 404 404 405 405 gpick = callPackage ../tools/misc/gpick { }; 406 406 407 + hwatch = callPackage ../tools/misc/hwatch { }; 408 + 407 409 hobbes = callPackage ../development/tools/hobbes { stdenv = gcc10StdenvCompat; }; 408 410 409 411 html5validator = python3Packages.callPackage ../applications/misc/html5validator { }; ··· 23381 23383 linux_5_15_hardened = linuxKernel.kernels.linux_5_15_hardened; 23382 23384 linuxPackages_5_17_hardened = linuxKernel.packages.linux_5_17_hardened; 23383 23385 linux_5_17_hardened = linuxKernel.kernels.linux_5_17_hardened; 23386 + linuxPackages_5_18_hardened = linuxKernel.packages.linux_5_18_hardened; 23387 + linux_5_18_hardened = linuxKernel.kernels.linux_5_18_hardened; 23384 23388 23385 23389 # Hardkernel (Odroid) kernels. 23386 23390 linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;

+3 -1

pkgs/top-level/linux-kernels.nix

··· 244 244 linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { }; 245 245 linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; 246 246 linux_5_17_hardened = hardenedKernelFor kernels.linux_5_17 { }; 247 + linux_5_18_hardened = hardenedKernelFor kernels.linux_5_18 { }; 247 248 248 249 })); 249 250 /* Linux kernel modules are inherently tied to a specific kernel. So ··· 551 552 linux_5_10_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_10 { }); 552 553 linux_5_15_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_15 { }); 553 554 linux_5_17_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_17 { }); 555 + linux_5_18_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_18 { }); 554 556 555 557 linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); 556 558 linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx); ··· 565 567 }); 566 568 567 569 packageAliases = { 568 - linux_default = if stdenv.hostPlatform.isi686 then packages.linux_5_10 else packages.linux_5_15; 570 + linux_default = if stdenv.hostPlatform.is32bit then packages.linux_5_10 else packages.linux_5_15; 569 571 # Update this when adding the newest kernel major version! 570 572 linux_latest = packages.linux_5_18; 571 573 linux_mptcp = packages.linux_mptcp_95;

+4

pkgs/top-level/python-packages.nix

··· 4743 4743 4744 4744 kmapper = callPackage ../development/python-modules/kmapper { }; 4745 4745 4746 + kml2geojson = callPackage ../development/python-modules/kml2geojson { }; 4747 + 4746 4748 kmsxx = toPythonModule (pkgs.kmsxx.override { 4747 4749 withPython = true; 4748 4750 }); ··· 11207 11209 winacl = callPackage ../development/python-modules/winacl { }; 11208 11210 11209 11211 winsspi = callPackage ../development/python-modules/winsspi { }; 11212 + 11213 + wktutils = callPackage ../development/python-modules/wktutils { }; 11210 11214 11211 11215 wled = callPackage ../development/python-modules/wled { }; 11212 11216