Merge master into staging-next

maintainers/maintainer-list.nix

@@ -7001,6 +7001,12 @@
     githubId = 458783;
     name = "Martin Gammelsæter";
   };
+  martfont = {
+    name = "Martino Fontana";
+    email = "tinozzo123@tutanota.com";
+    github = "SuperSamus";
+    githubId = 40663462;
+  };
   marzipankaiser = {
     email = "nixos@gaisseml.de";
     github = "marzipankaiser";

maintainers/team-list.nix

@@ -164,6 +164,16 @@ with lib.maintainers; {
     scope = "Maintain Kodi and related packages.";
   };
 
+  linux-kernel = {
+    members = [
+      TredwellGit
+      ma27
+      nequissimus
+      qyliss
+    ];
+    scope = "Maintain the Linux kernel.";
+  };
+
   mate = {
     members = [
       j03

nixos/modules/services/mail/roundcube.nix

@@ -7,7 +7,7 @@ let
   fpm = config.services.phpfpm.pools.roundcube;
   localDB = cfg.database.host == "localhost";
   user = cfg.database.username;
-  phpWithPspell = pkgs.php74.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
+  phpWithPspell = pkgs.php80.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
 in
 {
   options.services.roundcube = {

nixos/modules/services/monitoring/prometheus/exporters/node.nix

@@ -35,10 +35,15 @@ in
           ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
           --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags}
       '';
-      # The systemd collector needs AF_UNIX
-      RestrictAddressFamilies = lib.optional (lib.any (x: x == "systemd") cfg.enabledCollectors) "AF_UNIX";
+      RestrictAddressFamilies = optionals (any (collector: (collector == "logind" || collector == "systemd")) cfg.enabledCollectors) [
+        # needs access to dbus via unix sockets (logind/systemd)
+        "AF_UNIX"
+      ] ++ optionals (any (collector: (collector == "network_route" || collector == "wifi")) cfg.enabledCollectors) [
+        # needs netlink sockets for wireless collector
+        "AF_NETLINK"
+      ];
       # The timex collector needs to access clock APIs
-      ProtectClock = lib.any (x: x == "timex") cfg.disabledCollectors;
+      ProtectClock = any (collector: collector == "timex") cfg.disabledCollectors;
     };
   };
 }

pkgs/applications/graphics/image-roll/default.nix

@@ -0,0 +1,33 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, glib
+, pkg-config
+, wrapGAppsHook
+, gtk3
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "image-roll";
+  version = "1.3.1";
+
+  src = fetchFromGitHub {
+    owner = "weclaw1";
+    repo = pname;
+    rev = version;
+    sha256 = "007jzmrn4cnqbi6fy5lxanbwa4pc72fbcv9irk3pfd0wspp05s8j";
+  };
+
+  cargoSha256 = "sha256-dRRBfdGTXtoNbp7OWqOdNECXHCpj0ipkCOvcdekW+G4=";
+
+  nativeBuildInputs = [ glib pkg-config wrapGAppsHook ];
+
+  buildInputs = [ gtk3 ];
+
+  meta = with lib; {
+    description = "Simple and fast GTK image viewer with basic image manipulation tools";
+    homepage = "https://github.com/weclaw1/image-roll";
+    license = licenses.mit;
+    maintainers = with maintainers; [ figsoda ];
+  };
+}

pkgs/applications/misc/fuzzel/default.nix

@@ -13,29 +13,24 @@
 , tllist
 , fcft
 , enableCairo ? true
-, enablePNG ? true
-, enableSVG ? true
+, withPNGBackend ? "libpng"
+, withSVGBackend ? "librsvg"
 # Optional dependencies
 , cairo
 , librsvg
 , libpng
 }:
 
-let
-  # Courtesy of sternenseemann and FRidh, commit c9a7fdfcfb420be8e0179214d0d91a34f5974c54
-  mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}";
-in
-
 stdenv.mkDerivation rec {
   pname = "fuzzel";
-  version = "1.6.1";
+  version = "1.6.4";
 
   src = fetchFromGitea {
     domain = "codeberg.org";
     owner = "dnkl";
     repo = "fuzzel";
     rev = version;
-    sha256 = "sha256-JW5sAlTprSRIdFbmSaUreGtNccERgQMGEW+WCSscYQk=";
+    sha256 = "sha256-wl3dO6EwLXWf0XtAIml1NlNRIvpIQJuq1pxLmo/pAUE=";
   };
 
   nativeBuildInputs = [
@@ -54,15 +49,15 @@ stdenv.mkDerivation rec {
     tllist
     fcft
   ] ++ lib.optional enableCairo cairo
-    ++ lib.optional enablePNG libpng
-    ++ lib.optional enableSVG librsvg;
+    ++ lib.optional (withPNGBackend == "libpng") libpng
+    ++ lib.optional (withSVGBackend == "librsvg") librsvg;
 
   mesonBuildType = "release";
 
   mesonFlags = [
-    (mesonFeatureFlag "enable-cairo" enableCairo)
-    (mesonFeatureFlag "enable-png" enablePNG)
-    (mesonFeatureFlag "enable-svg" enableSVG)
+    "-Denable-cairo=${if enableCairo then "enabled" else "disabled"}"
+    "-Dpng-backend=${withPNGBackend}"
+    "-Dsvg-backend=${withSVGBackend}"
   ];
 
   meta = with lib; {

pkgs/applications/misc/rootbar/default.nix

@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
   ];
 
   meta = with lib; {
-    homepage = "https://github.com/alexays/waybar";
+    homepage = "https://hg.sr.ht/~scoopta/rootbar";
     description = "A bar for Wayland WMs";
     longDescription = ''
       Root Bar is a bar for wlroots based wayland compositors such as sway and

pkgs/applications/networking/cluster/fluxcd/update.sh

@@ -24,7 +24,7 @@ setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # The
 
 cd ../../../../../
 set +e
-VENDOR_SHA256=$(nix-build --no-out-link -A fluxcd 2>&1 | grep "got:" | cut -d':' -f3)
+VENDOR_SHA256=$(nix-build --no-out-link -A fluxcd 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
 set -e
 
 cd - > /dev/null

pkgs/applications/networking/cluster/k3s/default.nix

@@ -242,6 +242,9 @@ stdenv.mkDerivation rec {
   pname = "k3s";
   version = k3sVersion;
 
+  # `src` here is a workaround for the updateScript bot. It couldn't be empty.
+  src = builtins.filterSource (path: type: false) ./.;
+
   # Important utilities used by the kubelet, see
   # https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
   # Note the list in that issue is stale and some aren't relevant for k3s.

pkgs/applications/networking/cluster/k3s/update.sh

@@ -12,7 +12,7 @@ LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json
 curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \
     https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE}
 
-LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -r | head -n1)
+LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -V -r | head -n1)
 K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//')
 
 K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \

pkgs/applications/networking/cluster/kubecfg/default.nix

@@ -15,6 +15,8 @@ buildGoPackage {
 
   goPackagePath = "github.com/bitnami/kubecfg";
 
+  ldflags = [ "-s" "-w" "-X main.version=v${version}" ];
+
   meta = {
     description = "A tool for managing Kubernetes resources as code";
     homepage = "https://github.com/bitnami/kubecfg";

pkgs/applications/networking/cluster/linkerd/update-edge.sh

@@ -5,13 +5,11 @@ set -x -eu -o pipefail
 
 cd $(dirname "$0")
 
-TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \
+VERSION=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \
     --silent https://api.github.com/repos/linkerd/linkerd2/releases | \
-    jq 'map(.tag_name)' | grep edge | sed 's/["|,| ]//g' | sort -r | head -n1)
+    jq 'map(.tag_name)' | grep edge | sed 's/["|,| ]//g' | sed 's/edge-//' | sort -V -r | head -n1)
 
-VERSION=$(echo ${TAG} | sed 's/^edge-//')
-
-SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/${TAG}.tar.gz)
+SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/edge-${VERSION}.tar.gz)
 
 setKV () {
     sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" ./edge.nix
@@ -19,11 +17,11 @@ setKV () {
 
 setKV version ${VERSION}
 setKV sha256 ${SHA256}
-setKV vendorSha256 "" # Necessary to force clean build.
+setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # Necessary to force clean build.
 
 cd ../../../../../
 set +e
-VENDOR_SHA256=$(nix-build --no-out-link -A linkerd_edge 2>&1 | grep "got:" | cut -d':' -f2 | sed 's| ||g')
+VENDOR_SHA256=$(nix-build --no-out-link -A linkerd_edge 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
 set -e
 cd - > /dev/null
 

pkgs/applications/networking/cluster/linkerd/update-stable.sh

@@ -5,13 +5,11 @@ set -x -eu -o pipefail
 
 cd $(dirname "$0")
 
-TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \
-    --silent https://api.github.com/repos/linkerd/linkerd2/releases/latest | \
-    jq -r '.tag_name')
+VERSION=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \
+    --silent https://api.github.com/repos/linkerd/linkerd2/releases | \
+    jq 'map(.tag_name)' | grep stable | sed 's/["|,| ]//g' | sed 's/stable-//' | sort -V -r | head -n1)
 
-VERSION=$(echo ${TAG} | sed 's/^stable-//')
-
-SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/${TAG}.tar.gz)
+SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/stable-${VERSION}.tar.gz)
 
 setKV () {
   sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" ./default.nix
@@ -19,11 +17,11 @@ setKV () {
 
 setKV version ${VERSION}
 setKV sha256 ${SHA256}
-setKV vendorSha256 "" # Necessary to force clean build.
+setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # Necessary to force clean build.
 
 cd ../../../../../
 set +e
-VENDOR_SHA256=$(nix-build --no-out-link -A linkerd 2>&1 | grep "got:" | cut -d':' -f2 | sed 's| ||g')
+VENDOR_SHA256=$(nix-build --no-out-link -A linkerd 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
 set -e
 cd - > /dev/null
 

pkgs/applications/terminal-emulators/terminator/default.nix

@@ -56,6 +56,12 @@ python3.pkgs.buildPythonApplication rec {
 
   doCheck = false;
 
+  dontWrapGApps = true;
+
+  preFixup = ''
+    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
+  '';
+
   meta = with lib; {
     description = "Terminal emulator with support for tiling and tabs";
     longDescription = ''

pkgs/applications/window-managers/cagebreak/default.nix

@@ -74,7 +74,8 @@ stdenv.mkDerivation rec {
   '';
 
   postFixup = lib.optionalString withXwayland ''
-    wrapProgram $out/bin/cagebreak --prefix PATH : "${xwayland}/bin"
+    wrapProgram $out/bin/cagebreak \
+      --prefix PATH : "${lib.makeBinPath [ xwayland ]}"
   '';
 
   meta = with lib; {

pkgs/applications/window-managers/sway/lock-fancy.nix

@@ -1,5 +1,5 @@
-{ lib, stdenv, fetchFromGitHub, coreutils, grim, gawk, swaylock
-, imagemagick, getopt, fontconfig, makeWrapper
+{ lib, stdenv, fetchFromGitHub, coreutils, grim, gawk, jq, swaylock
+, imagemagick, getopt, fontconfig, wmctrl, makeWrapper
 }:
 
 let
@@ -7,20 +7,22 @@ let
     coreutils
     grim
     gawk
+    jq
     swaylock
     imagemagick
     getopt
     fontconfig
+    wmctrl
   ];
 in stdenv.mkDerivation rec {
   pname = "swaylock-fancy-unstable";
-  version = "2020-02-22";
+  version = "2021-10-11";
 
   src = fetchFromGitHub {
     owner = "Big-B";
     repo = "swaylock-fancy";
-    rev = "5cf977b12f372740aa7b7e5a607d583f93f1e028";
-    sha256 = "0laqwzi6069sgz91i69438ns0g2nq4zkqickavrf80h4g3gcs8vm";
+    rev = "265fbfb438392339bf676b0a9dbe294abe2a699e";
+    sha256 = "NjxeJyWYXBb1P8sXKgb2EWjF+cNodTE83r1YwRYoBjM=";
   };
 
   postPatch = ''

pkgs/development/python-modules/ailment/default.nix

@@ -7,14 +7,14 @@
 
 buildPythonPackage rec {
   pname = "ailment";
-  version = "9.0.10159";
+  version = "9.0.10281";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-45wdHlAkuzLqwy3B7bEm2fhHD8iT5xSVmeRGOa2SNnI=";
+    sha256 = "sha256-5XP7HcffdnFyUrQAga6MFKU3pS0aOeJRTtEQgSaPNDU=";
   };
 
   propagatedBuildInputs = [ pyvex ];

pkgs/development/python-modules/angr/default.nix

@@ -43,14 +43,14 @@ in
 
 buildPythonPackage rec {
   pname = "angr";
-  version = "9.0.10159";
+  version = "9.0.10281";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-j3SbKBoREeB4IJmXVm27K4C1FLcZwqFMFXQwWnMtE0g=";
+    sha256 = "sha256-ab4G71LjiQftV5NidGPUpt1/oKhJPZKsTN/fbLR1n80=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/angrop/default.nix

@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "angrop";
-  version = "9.0.10159";
+  version = "9.0.10281";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-gVYriEt0/DPB0lDK9hGSnipGLCZtSOf27gtF8KwCMDA=";
+    sha256 = "sha256-A+e6rSuSI4kGxccJ34Dp6WohtRkc0EzeTAffxgOYg5o=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/ansible/core.nix

@@ -23,8 +23,8 @@
 
 let
   ansible-collections = callPackage ./collections.nix {
-    version = "4.5.0";
-    sha256 = "1c8dspqy4in7sgz10y1pggwnh1hv79wap7p7xhai0f0s6nr54lyc";
+    version = "4.7.0";
+    sha256 = "0aab9id6dqfw2111r731c7y1p77dpzczynmgl4d989p3a7n54z0b";
   };
 in
 buildPythonPackage rec {

pkgs/development/python-modules/archinfo/default.nix

@@ -7,13 +7,13 @@
 
 buildPythonPackage rec {
   pname = "archinfo";
-  version = "9.0.10159";
+  version = "9.0.10281";
 
   src = fetchFromGitHub {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-WkA4vSXzndd7ldNBVagEEodj+2GuYg9OURnMLhRq8W8=";
+    sha256 = "sha256-ZmrCVXvnUZQqxMonq3obmAJQGEgghk22NA2G5Y2BPQg=";
   };
 
   checkInputs = [

pkgs/development/python-modules/claripy/default.nix

@@ -13,14 +13,14 @@
 
 buildPythonPackage rec {
   pname = "claripy";
-  version = "9.0.10159";
+  version = "9.0.10281";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-0I3ITMCOuYm5fmmnQN+zy9lunvfsLb1qlUzSOnPGwlQ=";
+    sha256 = "sha256-URp429ZLZvdGgXaZq/xoV5ZZs+o+QrA/zbONl59z9QM=";
   };
 
   # Use upstream z3 implementation

pkgs/development/python-modules/cle/default.nix

@@ -15,7 +15,7 @@
 
 let
   # The binaries are following the argr projects release cycle
-  version = "9.0.10159";
+  version = "9.0.10281";
 
   # Binary files from https://github.com/angr/binaries (only used for testing and only here)
   binaries = fetchFromGitHub {
@@ -35,7 +35,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-DkddaVmSIQToF5b7uj+96vCSZU0cJdfqIDSwDIFEEyI=";
+    sha256 = "sha256-BeFxak7cbRDjbxTjAlvXuh7ot0bS6xv3Z30c6PD+9nU=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/crownstone-cloud/default.nix

@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "crownstone-cloud";
-  version = "1.4.5";
+  version = "1.4.8";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
@@ -18,8 +18,8 @@ buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "crownstone";
     repo = "crownstone-lib-python-cloud";
-    rev = "v${version}";
-    sha256 = "1a8bkqkrc7iyggr5rr20qdqg67sycdx2d94dd1ylkmr7627r34ys";
+    rev = version;
+    sha256 = "sha256-iHn4g52/QM0TS/flKkcFrX6IFrCjiXUxcjVLHNg6tVo=";
   };
 
   propagatedBuildInputs = [
@@ -32,9 +32,13 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
+  disabledTests = [
+    # https://github.com/crownstone/crownstone-lib-python-cloud/issues/1
+    "test_data_structure"
+  ];
+
   postPatch = ''
-    substituteInPlace requirements.txt \
-      --replace "codecov>=2.1.10" ""
+    sed -i '/codecov/d' requirements.txt
   '';
 
   pythonImportsCheck = [

pkgs/development/python-modules/pyvex/default.nix

@@ -11,11 +11,11 @@
 
 buildPythonPackage rec {
   pname = "pyvex";
-  version = "9.0.10159";
+  version = "9.0.10281";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-9I9gAPbazuPdZDyoXpjw0IrTu+97dwznoOnyBzkNNCw=";
+    sha256 = "sha256-fa3VB/+z+1yt6uguJYH9/fj1QVV9PQuFWNyLHQhs0Oo=";
   };
 
   postPatch = lib.optionalString stdenv.isDarwin ''

pkgs/development/python-modules/simplisafe-python/default.nix

@@ -1,22 +1,24 @@
 { lib
 , aiohttp
-, aioresponses
+, aresponses
 , asynctest
 , backoff
 , buildPythonPackage
 , fetchFromGitHub
 , poetry-core
 , pytest-aiohttp
+, pytest-asyncio
 , pytestCheckHook
 , pythonOlder
 , pytz
 , types-pytz
 , voluptuous
+, websockets
 }:
 
 buildPythonPackage rec {
   pname = "simplisafe-python";
-  version = "11.0.6";
+  version = "12.0.2";
   format = "pyproject";
   disabled = pythonOlder "3.7";
 
@@ -24,7 +26,7 @@ buildPythonPackage rec {
     owner = "bachya";
     repo = pname;
     rev = version;
-    sha256 = "sha256-XVn/GBcTTthvsRJOnCZ0yOF3nUwbBZ2dfMJZsJXnE6U=";
+    sha256 = "sha256-/KnDsnx+Jrirj6uBkdao6PI2jhtzKqDK6cmmQgsO5T4=";
   };
 
   nativeBuildInputs = [ poetry-core ];
@@ -35,12 +37,14 @@ buildPythonPackage rec {
     pytz
     types-pytz
     voluptuous
+    websockets
   ];
 
   checkInputs = [
-    aioresponses
+    aresponses
     asynctest
     pytest-aiohttp
+    pytest-asyncio
     pytestCheckHook
   ];
 

pkgs/development/tools/gopls/default.nix

@@ -2,16 +2,17 @@
 
 buildGoModule rec {
   pname = "gopls";
-  version = "0.7.1";
+  version = "0.7.3";
 
   src = fetchgit {
-    rev = "gopls/v${version}";
     url = "https://go.googlesource.com/tools";
-    sha256 = "0cq8mangcc1fz1ii7v4smxbpzynhwy6gvl80n5hvhjpgkp0k4fsm";
+    rev = "gopls/v${version}";
+    name = "gopls-source-${version}";
+    sha256 = "sha256-aaRaStQ35a/SK4YIR5rjvp8gPxvoNuhLh2AGbr0c6p4=";
   };
 
   modRoot = "gopls";
-  vendorSha256 = "1mzn1nn3l080lch0yhh4g2sq02g95v14nha8k3d373vwvwg45igs";
+  vendorSha256 = "sha256-8+sWd48w+ghQzznobBPcCQMuc9HLgOuAZPwD6lbbfj8=";
 
   doCheck = false;
 
@@ -22,6 +23,6 @@ buildGoModule rec {
     description = "Official language server for the Go language";
     homepage = "https://github.com/golang/tools/tree/master/gopls";
     license = licenses.bsd3;
-    maintainers = with maintainers; [ mic92 zimbatm ];
+    maintainers = with maintainers; [ mic92 SuperSandro2000 zimbatm ];
   };
 }

pkgs/development/tools/sumneko-lua-language-server/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "sumneko-lua-language-server";
-  version = "2.4.3";
+  version = "2.4.5";
 
   src = fetchFromGitHub {
     owner = "sumneko";
     repo = "lua-language-server";
     rev = version;
-    sha256 = "sha256-qap6TsqaCy+9prWiUow78eBgaWGq5eUkOXBTYFnAZyo=";
+    sha256 = "sha256-7eTYHZDJLmYTwe0K+RJMRl4tRz9o0DeniHD5+v9f1Jw=";
     fetchSubmodules = true;
   };
 

pkgs/os-specific/linux/kernel/hardened/patches.json

@@ -1,32 +1,52 @@
 {
     "4.14": {
-        "extra": "-hardened1",
-        "name": "linux-hardened-4.14.250-hardened1.patch",
-        "sha256": "1jgqmrj5djapvk56jwlfq181knhywzrk9cswv1lp5y2jwnnvlj9x",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.250-hardened1/linux-hardened-4.14.250-hardened1.patch"
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-4.14.252-hardened1.patch",
+            "sha256": "1isqlqg4diz0i3f77rigvb07fs2p1v9w2h5165l0rnkb6h26i1gn",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.252-hardened1/linux-hardened-4.14.252-hardened1.patch"
+        },
+        "sha256": "022rw51s8fzz6wcxa9xq6h60fglfx0hq7bmqgs5dlrci6plv4fwk",
+        "version": "4.14.252"
     },
     "4.19": {
-        "extra": "-hardened1",
-        "name": "linux-hardened-4.19.210-hardened1.patch",
-        "sha256": "0lnv0ym6jcf460hsn26lax65n2yb1vvzsfmckaz04jb2kdgm6hr5",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.210-hardened1/linux-hardened-4.19.210-hardened1.patch"
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-4.19.213-hardened1.patch",
+            "sha256": "03lk4m6sm3545s0xxx0w4sqgrsvrxqm8qg7swn05s36jj20viprm",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.213-hardened1/linux-hardened-4.19.213-hardened1.patch"
+        },
+        "sha256": "162f5y3jplql3ca5xy889mq6izjinryx2kx16zp582yvsqf8rwiq",
+        "version": "4.19.213"
     },
     "5.10": {
-        "extra": "-hardened1",
-        "name": "linux-hardened-5.10.72-hardened1.patch",
-        "sha256": "14zchx1hc4jrq7prv4kkswjnmyqv74wfkjvky57scc8yl04yaqs6",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.72-hardened1/linux-hardened-5.10.72-hardened1.patch"
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-5.10.75-hardened1.patch",
+            "sha256": "17gm50aislxihfnmr4vi0p0gpg13m2pbldjpi81clnx93a7rrfw2",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.75-hardened1/linux-hardened-5.10.75-hardened1.patch"
+        },
+        "sha256": "0jrhhk89587caw54nhnwms93kq33qdm75x5f18cp61xrxxgjyaqa",
+        "version": "5.10.75"
     },
     "5.14": {
-        "extra": "-hardened1",
-        "name": "linux-hardened-5.14.11-hardened1.patch",
-        "sha256": "05n74rnq5c2jx7iynxwgj5wypb0i0p3dar0ri2zxmyssasmbkfa7",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.11-hardened1/linux-hardened-5.14.11-hardened1.patch"
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-5.14.14-hardened1.patch",
+            "sha256": "1hx5yal8jqnxr9c9ikvc6d0xp99kqjarj67720v9d4wvlmgsfabj",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.14-hardened1/linux-hardened-5.14.14-hardened1.patch"
+        },
+        "sha256": "0snh17ah49wmfmazy6x42rhvl484h657y0iq4l09a885sjb4xzsd",
+        "version": "5.14.14"
     },
     "5.4": {
-        "extra": "-hardened1",
-        "name": "linux-hardened-5.4.152-hardened1.patch",
-        "sha256": "01rf9za9sv14pxpi0pj1izq4bihhldi2qnhaka5rxlw7nifzzsj2",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.152-hardened1/linux-hardened-5.4.152-hardened1.patch"
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-5.4.155-hardened1.patch",
+            "sha256": "0l8h9i6asiypgbxl90370kzfsyyc3f4vwl2r191arvrsgw863bid",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.155-hardened1/linux-hardened-5.4.155-hardened1.patch"
+        },
+        "sha256": "0f2hfz76rnhmv99zhbh7n1z48316ilxrxrnh4b5m3lj84y80y36c",
+        "version": "5.4.155"
     }
 }

pkgs/os-specific/linux/kernel/hardened/update.py

@@ -31,7 +31,12 @@ VersionComponent = Union[int, str]
 Version = List[VersionComponent]
 
 
-Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str, "extra": str})
+PatchData = TypedDict("PatchData", {"name": str, "url": str, "sha256": str, "extra": str})
+Patch = TypedDict("Patch", {
+    "patch": PatchData,
+    "version": str,
+    "sha256": str,
+})
 
 
 @dataclass
@@ -133,7 +138,15 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]:
     if not sig_ok:
         return None
 
-    return Patch(name=patch_filename, url=patch_url, sha256=sha256, extra=extra)
+    kernel_ver = release_info.release.tag_name.replace("-hardened1", "")
+    major = kernel_ver.split('.')[0]
+    sha256_kernel, _ = nix_prefetch_url(f"mirror://kernel/linux/kernel/v{major}.x/linux-{kernel_ver}.tar.xz")
+
+    return Patch(
+        patch=PatchData(name=patch_filename, url=patch_url, sha256=sha256, extra=extra),
+        version=kernel_ver,
+        sha256=sha256_kernel
+    )
 
 
 def parse_version(version_str: str) -> Version:
@@ -249,7 +262,7 @@ for kernel_key in sorted(releases.keys()):
     old_version_str: Optional[str] = None
     update: bool
     try:
-        old_filename = patches[kernel_key]["name"]
+        old_filename = patches[kernel_key]["patch"]["name"]
         old_version_str = old_filename.replace("linux-hardened-", "").replace(
             ".patch", ""
         )

pkgs/os-specific/linux/kernel/linux-4.14.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.14.251";
+  version = "4.14.252";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "08g1i6wylwi50rns2grdi9f0m8np64qvfqb28drafy772m2klinp";
+    sha256 = "022rw51s8fzz6wcxa9xq6h60fglfx0hq7bmqgs5dlrci6plv4fwk";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-4.19.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.19.212";
+  version = "4.19.213";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0hxn3mzxh4hpnrkyjv9gipb81k6p0zd07a3xvb6fb6njvmwdpvsw";
+    sha256 = "162f5y3jplql3ca5xy889mq6izjinryx2kx16zp582yvsqf8rwiq";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-5.10.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.74";
+  version = "5.10.75";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1c717mn47mg43k7xfwydygwv14r67aksn1c24c99hf8qf14acmap";
+    sha256 = "0jrhhk89587caw54nhnwms93kq33qdm75x5f18cp61xrxxgjyaqa";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-5.14.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.14.13";
+  version = "5.14.14";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0kcn9g5jyd043f75wk3k34j430callzhw5jh1if9zacqq2s7haw3";
+    sha256 = "0snh17ah49wmfmazy6x42rhvl484h657y0iq4l09a885sjb4xzsd";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.4.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.154";
+  version = "5.4.155";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "01iwbz1ncakw90yykdw3cx04wnclwf1qa8nmlis08svbcvs99285";
+    sha256 = "0f2hfz76rnhmv99zhbh7n1z48316ilxrxrnh4b5m3lj84y80y36c";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/manual-config.nix

@@ -293,7 +293,7 @@ let
         license = lib.licenses.gpl2Only;
         homepage = "https://www.kernel.org/";
         repositories.git = "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git";
-        maintainers = [
+        maintainers = lib.teams.linux-kernel.members ++ [
           maintainers.thoughtpolice
         ];
         platforms = platforms.linux;

pkgs/os-specific/linux/kernel/patches.nix

@@ -47,10 +47,11 @@
   cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;
 
   hardened = let
-    mkPatch = kernelVersion: src: {
+    mkPatch = kernelVersion: { version, sha256, patch }: let src = patch; in {
       name = lib.removeSuffix ".patch" src.name;
       patch = fetchurl (lib.filterAttrs (k: v: k != "extra") src);
       extra = src.extra;
+      inherit version sha256;
     };
     patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json);
   in lib.mapAttrs mkPatch patches;

pkgs/servers/home-assistant/component-packages.nix

@@ -2,7 +2,7 @@
 # Do not edit!
 
 {
-  version = "2021.10.4";
+  version = "2021.10.6";
   components = {
     "abode" = ps: with ps; [ abodepy ];
     "accuweather" = ps: with ps; [ accuweather ];
@@ -151,7 +151,7 @@
     "cover" = ps: with ps; [ ];
     "cppm_tracker" = ps: with ps; [ ]; # missing inputs: clearpasspy
     "cpuspeed" = ps: with ps; [ py-cpuinfo ];
-    "crownstone" = ps: with ps; [ aiohttp-cors pyserial pyudev ]; # missing inputs: crownstone-cloud crownstone-sse crownstone-uart
+    "crownstone" = ps: with ps; [ aiohttp-cors crownstone-cloud crownstone-sse crownstone-uart pyserial pyudev ];
     "cups" = ps: with ps; [ pycups ];
     "currencylayer" = ps: with ps; [ ];
     "daikin" = ps: with ps; [ pydaikin ];

pkgs/servers/home-assistant/default.nix

@@ -68,6 +68,20 @@ let
     # Pinned due to API changes in 0.1.0
     (mkOverride "poolsense" "0.0.8" "09y4fq0gdvgkfsykpxnvmfv92dpbknnq5v82spz43ak6hjnhgcyp")
 
+    # Pinned due to missing simpliypy.errors.PendingAuthorizationError in simplisafe-python>12 which results in a failing import
+    (self: super: {
+      simplisafe-python = super.simplisafe-python.overridePythonAttrs (oldAttrs: rec {
+        version = "11.0.7";
+        src = fetchFromGitHub {
+          owner = "bachya";
+          repo = "simplisafe-python";
+          rev = version;
+          sha256 = "02nrighkdcd5n9qgbizm9gyfnpgdm4iibw7y8nbyfaxpng069fzp";
+        };
+        checkInputs = oldAttrs.checkInputs ++ [ super.aioresponses ];
+      });
+    })
+
     # Pinned due to changes in total-connect-client>0.58 which made the tests fails at the moment
     (self: super: {
       total-connect-client = super.total-connect-client.overridePythonAttrs (oldAttrs: rec {
@@ -114,7 +128,7 @@ let
   extraBuildInputs = extraPackages py.pkgs;
 
   # Don't forget to run parse-requirements.py after updating
-  hassVersion = "2021.10.4";
+  hassVersion = "2021.10.6";
 
 in with py.pkgs; buildPythonApplication rec {
   pname = "homeassistant";
@@ -131,7 +145,7 @@ in with py.pkgs; buildPythonApplication rec {
     owner = "home-assistant";
     repo = "core";
     rev = version;
-    sha256 = "1cl0h15285x7xba425d9anv882adi6bdqx4i3cicg3gf0nzcc8am";
+    sha256 = "0275f327dzr4cggfw5n8x533b4h8zz8yli5d0js7cw1rmi3cmkbc";
   };
 
   # leave this in, so users don't have to constantly update their downstream patch handling

pkgs/servers/matrix-synapse/default.nix

@@ -27,11 +27,11 @@ let
 in
 buildPythonApplication rec {
   pname = "matrix-synapse";
-  version = "1.45.0";
+  version = "1.45.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-t8+sLhpjwaehe+cUi9weUZNTJAfNq/fwBZbM4SYKfnM=";
+    sha256 = "sha256-8ZcZdQbNxrRy91gxKSoasu8QmdV27T7HeWIRz0bStzY=";
   };
 
   patches = [

pkgs/servers/roundcube/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "roundcube";
-  version = "1.4.11";
+  version = "1.5.0";
 
   src = fetchurl {
     url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/roundcubemail-${version}-complete.tar.gz";
-    sha256 = "sha256-rHMZBwwwX8LIjHcjYFVi2GBwMHMr7ukxzbQJHPBeabc=";
+    sha256 = "sha256-L9x7FmPl6ZcGv/NAk6pHMdS/IqWMtVWiUg7RveeNASw=";
   };
 
   patches = [ ./0001-Don-t-resolve-symlinks-when-trying-to-find-INSTALL_P.patch ];

pkgs/tools/misc/hyperfine/default.nix

@@ -1,17 +1,21 @@
-{ lib, stdenv, fetchCrate, rustPlatform, installShellFiles
+{ lib
+, rustPlatform
+, fetchCrate
+, installShellFiles
+, stdenv
 , Security
 }:
 
 rustPlatform.buildRustPackage rec {
   pname = "hyperfine";
-  version = "1.11.0";
+  version = "1.12.0";
 
   src = fetchCrate {
     inherit pname version;
-    sha256 = "0dla2jzwcxkdx3n4fqkkh6wirqs2f31lvqsw2pjf1jbnnif54mzh";
+    sha256 = "sha256-Vs754nvtYV5d736xsZ2foawfxMc25bUfMhm8Vxqxw6U=";
   };
 
-  cargoSha256 = "13dd5x0mr1pqcba48w9v5jjpddapd7gk34d4bysbjqsriwpbrdgp";
+  cargoSha256 = "sha256-X9WFnKP2+GM8V1kyd5VxpwBXql8Be5mugBVGrYdSsaM=";
 
   nativeBuildInputs = [ installShellFiles ];
   buildInputs = lib.optional stdenv.isDarwin Security;
@@ -26,8 +30,9 @@ rustPlatform.buildRustPackage rec {
 
   meta = with lib; {
     description = "Command-line benchmarking tool";
-    homepage    = "https://github.com/sharkdp/hyperfine";
-    license     = with licenses; [ asl20 /* or */ mit ];
-    maintainers = [ maintainers.thoughtpolice ];
+    homepage = "https://github.com/sharkdp/hyperfine";
+    changelog = "https://github.com/sharkdp/hyperfine/blob/v${version}/CHANGELOG.md";
+    license = with licenses; [ asl20 /* or */ mit ];
+    maintainers = with maintainers; [ figsoda thoughtpolice ];
   };
 }

pkgs/tools/misc/timelimit/default.nix

@@ -0,0 +1,28 @@
+{ lib, stdenv, fetchFromGitLab, perl }:
+
+stdenv.mkDerivation rec {
+  pname = "timelimit";
+  version = "1.9.2";
+
+  src = fetchFromGitLab {
+    owner = "timelimit";
+    repo = pname;
+    rev = "release/${version}";
+    sha256 = "sha256-5IEAF8zCKaCVH6BAxjoa/2rrue9pRGBBkFzN57d+g+g=";
+  };
+
+  checkInputs = [ perl ];
+  doCheck = true;
+
+  installFlags = [ "PREFIX=$(out)" ];
+  INSTALL_PROGRAM = "install -m755";
+  INSTALL_DATA = "install -m644";
+
+  meta = with lib; {
+    description = "Execute a command and terminates the spawned process after a given time with a given signal";
+    homepage = "https://devel.ringlet.net/sysutils/timelimit/";
+    license = licenses.bsd2;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ figsoda ];
+  };
+}

pkgs/tools/networking/assh/default.nix

@@ -7,16 +7,16 @@
 
 buildGoModule rec {
   pname = "assh";
-  version = "2.11.3";
+  version = "2.12.0";
 
   src = fetchFromGitHub {
     repo = "advanced-ssh-config";
     owner = "moul";
     rev = "v${version}";
-    sha256 = "sha256-NH7Dmqsu7uRhKWGFHBnh5GGqsNFOijDxsc+ATt28jtY=";
+    sha256 = "sha256-FqxxNTsZVmCsIGNHRWusFP2gba2+geqBubw+6PeR75c=";
   };
 
-  vendorSha256 = "sha256-6OAsO7zWAgPfQWD9k+nYH7hnDDUlKIjTB61ivvoubn0=";
+  vendorSha256 = "sha256-AYBwuRSeam5i2gex9PSG9Qk+FHdEhIpY250CJo01cFE=";
 
   doCheck = false;
 

pkgs/tools/networking/nethogs/default.nix

@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ ncurses libpcap ];
 
-  makeFlags = [ "VERSION=${version}" ];
+  makeFlags = [ "VERSION=${version}" "nethogs" ];
 
   installFlags = [ "PREFIX=$(out)" "sbin=$(out)/bin" ];
 

pkgs/tools/security/exploitdb/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "exploitdb";
-  version = "2021-10-16";
+  version = "2021-10-20";
 
   src = fetchFromGitHub {
     owner = "offensive-security";
     repo = pname;
     rev = version;
-    sha256 = "sha256-kzMMcipE9AKOWka2yAuljwNG/g+8fF2rYehTtxdQY+k=";
+    sha256 = "sha256-IHZpfUJA0h1dDkq3pp+x+gT9RSTMq9egHyXGi6ZmBP8=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/top-level/all-packages.nix

@@ -25594,6 +25594,8 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) Security;
   };
 
+  image-roll = callPackage ../applications/graphics/image-roll { };
+
   imagej = callPackage ../applications/graphics/imagej { };
 
   imagemagick6_light = imagemagick6.override {
@@ -28115,6 +28117,8 @@ with pkgs;
     fftw = fftwSinglePrec;
   };
 
+  timelimit = callPackage ../tools/misc/timelimit { };
+
   timewarrior = callPackage ../applications/misc/timewarrior { };
 
   timew-sync-server = callPackage ../applications/misc/timew-sync-server { };

pkgs/top-level/linux-kernels.nix

@@ -10,6 +10,7 @@
 , stdenvNoCC
 , newScope
 , lib
+, fetchurl
 }:
 
 # When adding a kernel:
@@ -26,16 +27,27 @@ let
 
   # Hardened Linux
   hardenedKernelFor = kernel': overrides:
-    let kernel = kernel'.override overrides;
+    let
+      kernel = kernel'.override overrides;
+      version = kernelPatches.hardened.${kernel.meta.branch}.version;
+      major = lib.versions.major version;
+      sha256 = kernelPatches.hardened.${kernel.meta.branch}.sha256;
+      modDirVersion' = builtins.replaceStrings [ kernel.version ] [ version ] kernel.modDirVersion;
     in kernel.override {
       structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix {
-        inherit lib;
-        inherit (kernel) version;
+        inherit lib version;
+      };
+      argsOverride = {
+        inherit version;
+        src = fetchurl {
+          url = "mirror://kernel/linux/kernel/v${major}.x/linux-${version}.tar.xz";
+          inherit sha256;
+        };
       };
       kernelPatches = kernel.kernelPatches ++ [
         kernelPatches.hardened.${kernel.meta.branch}
       ];
-      modDirVersionArg = kernel.modDirVersion + (kernelPatches.hardened.${kernel.meta.branch}).extra;
+      modDirVersionArg = modDirVersion' + (kernelPatches.hardened.${kernel.meta.branch}).extra;
       isHardened = true;
   };
 in {