Merge master into staging-next

nixos/modules/services/web-apps/mastodon.nix

@@ -43,8 +43,32 @@ let
     LogsDirectoryMode = "0750";
     # Access write directories
     UMask = "0027";
+    # Capabilities
+    CapabilityBoundingSet = "";
+    # Security
+    NoNewPrivileges = true;
     # Sandboxing
+    ProtectSystem = "strict";
+    ProtectHome = true;
     PrivateTmp = true;
+    PrivateDevices = true;
+    PrivateUsers = true;
+    ProtectClock = true;
+    ProtectHostname = true;
+    ProtectKernelLogs = true;
+    ProtectKernelModules = true;
+    ProtectKernelTunables = true;
+    ProtectControlGroups = true;
+    RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
+    RestrictNamespaces = true;
+    LockPersonality = true;
+    MemoryDenyWriteExecute = false;
+    RestrictRealtime = true;
+    RestrictSUIDSGID = true;
+    PrivateMounts = true;
+    # System Call Filtering
+    SystemCallArchitectures = "native";
+    SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap";
   };
 
   envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") (

pkgs/applications/audio/helio-workstation/default.nix

@@ -5,14 +5,14 @@
 
 stdenv.mkDerivation rec {
   pname = "helio-workstation";
-  version = "3.3";
+  version = "3.4";
 
   src = fetchFromGitHub {
     owner = "helio-fm";
     repo = pname;
     rev = version;
     fetchSubmodules = true;
-    sha256 = "sha256-meeNqV1jKUwWc7P3p/LicPsbpzpKKFmQ1wP9DuXc9NY=";
+    sha256 = "sha256-zXsDu/xi7OV6VtnZK9ZJ8uwPeA5uTgNpAQsqe90iwG4=";
   };
 
   buildInputs = [

pkgs/applications/backup/pika-backup/default.nix

@@ -19,20 +19,20 @@
 
 stdenv.mkDerivation rec {
   pname = "pika-backup";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchFromGitLab {
     domain = "gitlab.gnome.org";
     owner = "World";
     repo = "pika-backup";
     rev = "v${version}";
-    sha256 = "0fm6vwpw0pa98v2yn8p3818rrlv9lk3pmgnal1b2kh52im5ll7m8";
+    sha256 = "16284gv31wdwmb99056962d1gh6xz26ami6synr47nsbbp5l0s6k";
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
     inherit src;
     name = "${pname}-${version}";
-    sha256 = "1f5s6a0wjrs2spsicirhbvb5xlz9iflwsaqchij9k02hfcsr308y";
+    sha256 = "12ymjwpxx3sdna8w5j9fnwwfk8ynk9ziwl0lkpq68y0vyllln5an";
   };
 
   patches = [

pkgs/applications/editors/ghostwriter/default.nix

@@ -2,13 +2,13 @@
 
 mkDerivation rec {
   pname = "ghostwriter";
-  version = "2.0.0-rc4";
+  version = "2.0.0-rc5";
 
   src = fetchFromGitHub {
     owner = "wereturtle";
     repo = pname;
     rev = version;
-    sha256 = "07547503a209hc0fcg902w3x0s1m899c10nj3gqz3hak0cmrasi3";
+    sha256 = "sha256-Gc0/AHxxJd5Cq3dBQ0Xy2TF78CBmQFYUzm4s7q1aHEE=";
   };
 
   nativeBuildInputs = [ qmake pkg-config qttools ];

pkgs/applications/editors/vscode/vscode.nix

@@ -34,7 +34,7 @@ in
 
     src = fetchurl {
       name = "VSCode_${version}_${plat}.${archive_fmt}";
-      url = "https://vscode-update.azurewebsites.net/${version}/${plat}/stable";
+      url = "https://update.code.visualstudio.com/${version}/${plat}/stable";
       inherit sha256;
     };
 

pkgs/applications/misc/josm/default.nix

@@ -1,20 +1,20 @@
 { lib, stdenv, fetchurl, fetchsvn, makeWrapper, unzip, jre, libXxf86vm }:
 let
   pname = "josm";
-  version = "17560";
+  version = "17580";
   srcs = {
     jar = fetchurl {
       url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
-      sha256 = "1ffrbg2d4s2dmc9zy9b4fbsqnp9g0pvp6vnrq7gbsmxh0y23sw56";
+      sha256 = "05y1g48llnpbyv0r8dn3kyhcfqylsg4fbp540xn1n7sk3h17gwsw";
     };
     macosx = fetchurl {
-      url = "https://josm.openstreetmap.de/download/macosx/josm-macosx-${version}.zip";
-      sha256 = "17qrilj20bvzd8ydfjjirpqjrsbqbkxyj4q35q87z9j3pgnd1h71";
+      url = "https://josm.openstreetmap.de/download/macosx/josm-macos-${version}-java16.zip";
+      sha256 = "0aqkr6951zbi7a6zawvpsh51i0c4nyz2xkj52gg8n4vxli5pp3y1";
     };
     pkg = fetchsvn {
       url = "https://josm.openstreetmap.de/svn/trunk/native/linux/tested";
       rev = version;
-      sha256 = "0wmncbi5g3ijn19qvmvwszb2m79wnv4jpdmpjd7332d3qi5rfmwn";
+      sha256 = "04mxrirlyjy8i5s6y8w84kxv3wjlhhdfmlaxxlxd25viim73g3zv";
     };
   };
 in

pkgs/applications/networking/browsers/chromium/upstream-info.json

@@ -31,9 +31,9 @@
     }
   },
   "dev": {
-    "version": "91.0.4449.6",
-    "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3",
-    "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc",
+    "version": "91.0.4455.2",
+    "sha256": "0nqw1jxysyl72dg2bqls7w9cm366j6i1p4sadf3s5vc0i7yr7h3i",
+    "sha256bin64": "0d7s7bg58489ph4i92yj4vkww0cl7473pk9sir64gcmm9z18yjc3",
     "deps": {
       "gn": {
         "version": "2021-03-12",

pkgs/applications/version-management/git-and-tools/bit/default.nix

@@ -0,0 +1,31 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, git
+}:
+
+buildGoModule rec {
+  pname = "bit";
+  version = "1.0.5";
+
+  src = fetchFromGitHub {
+    owner = "chriswalz";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0dv6ma2vwb21cbxkxzrpmj7cqlhwr7a86i4g728m3y1aclh411sn";
+  };
+
+  vendorSha256 = "1j6w7bll4zyp99579dhs2rza4y9kgfz3g8d5grfzgqck6cjj9mn8";
+
+  propagatedBuildInputs = [ git ];
+
+  # Tests require a repository
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Command-line tool for git";
+    homepage = "https://github.com/chriswalz/bit";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/applications/version-management/git-and-tools/git-machete/default.nix

@@ -4,11 +4,11 @@
 
 buildPythonApplication rec {
   pname = "git-machete";
-  version = "3.0.0";
+  version = "3.1.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "077xs3grjidahxz1gc93565b25blf97lwsljmkmr0yapps8z630d";
+    sha256 = "0bb6ap8sdp4ad0xkh3y8vj46a363g5gdw0dzf9ycw0z9ah8ispfx";
   };
 
   nativeBuildInputs = [ installShellFiles pbr ];

pkgs/development/libraries/amdvlk/default.nix

@@ -21,13 +21,13 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "amdvlk";
-  version = "2021.Q1.5";
+  version = "2021.Q1.6";
 
   src = fetchRepoProject {
     name = "${pname}-src";
     manifest = "https://github.com/GPUOpen-Drivers/AMDVLK.git";
     rev = "refs/tags/v-${version}";
-    sha256 = "OSX4alrR49jqIu2QZcTieurUnyWQJ0wheDwFiNd9QcY=";
+    sha256 = "FSQ/bYlvdw0Ih3Yl329o8Gizw0YcZTLtiI222Ju4M8w=";
   };
 
   buildInputs = [

pkgs/development/python-modules/boto3/default.nix

@@ -13,11 +13,11 @@
 
 buildPythonPackage rec {
   pname = "boto3";
-  version = "1.17.33"; # N.B: if you change this, change botocore and awscli to a matching version
+  version = "1.17.34"; # N.B: if you change this, change botocore and awscli to a matching version
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-DKwv/8G6kV97tezuU5MYUy21HyGMkooij6/j5QHpRy4=";
+    sha256 = "sha256-jzPLPS/EKwVHpVYKbXOXqpMzb1CJk4Z2KyRQaCwOmSs=";
   };
 
   propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];

pkgs/development/python-modules/botocore/default.nix

@@ -12,11 +12,11 @@
 
 buildPythonPackage rec {
   pname = "botocore";
-  version = "1.20.33"; # N.B: if you change this, change boto3 and awscli to a matching version
+  version = "1.20.34"; # N.B: if you change this, change boto3 and awscli to a matching version
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-41UwUwlpnTrKHgBQ/CHUhZW0DbBGyw0kkc1X/1smkgs=";
+    sha256 = "sha256-dJvbFR40AynxslYAv+nSI+kw+LomvXS3FHjKV4Hy/q8=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/forbiddenfruit/default.nix

@@ -1,6 +1,6 @@
 { lib
 , buildPythonPackage
-, fetchPypi
+, fetchFromGitHub
 , nose
 }:
 
@@ -8,13 +8,20 @@ buildPythonPackage rec {
   version = "0.1.4";
   pname = "forbiddenfruit";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "e3f7e66561a29ae129aac139a85d610dbf3dd896128187ed5454b6421f624253";
+  src = fetchFromGitHub {
+    owner = "clarete";
+    repo = "forbiddenfruit";
+    rev = version;
+    sha256 = "16chhrxbbmg6lfbzm532fq0v00z8qihcsj0kg2b5jlgnb6qijwn8";
   };
 
   checkInputs = [ nose ];
 
+  preBuild = ''
+    export FFRUIT_EXTENSION="true";
+  '';
+
+  # https://github.com/clarete/forbiddenfruit/pull/47 required to switch to pytest
   checkPhase = ''
     find ./build -name '*.so' -exec mv {} tests/unit \;
     nosetests
@@ -22,7 +29,7 @@ buildPythonPackage rec {
 
   meta = with lib; {
     description = "Patch python built-in objects";
-    homepage = "https://pypi.python.org/pypi/forbiddenfruit";
+    homepage = "https://github.com/clarete/forbiddenfruit";
     license = licenses.mit;
   };
 

pkgs/development/python-modules/hdbscan/default.nix

@@ -1,8 +1,9 @@
 { lib
 , buildPythonPackage
+, fetchpatch
 , cython
 , numpy
-, nose
+, pytestCheckHook
 , scipy
 , scikitlearn
 , fetchPypi
@@ -18,11 +19,22 @@ buildPythonPackage rec {
     inherit pname version;
     sha256 = "e3a418d0d36874f7b6a1bf0b7461f3857fc13a525fd48ba34caed2fe8973aa26";
   };
-
-  checkInputs = [ nose ];
+  patches = [
+    # This patch fixes compatibility with numpy 1.20. It will be in the next release
+    # after 0.8.27
+    (fetchpatch {
+      url = "https://github.com/scikit-learn-contrib/hdbscan/commit/5b67a4fba39c5aebe8187a6a418da677f89a63e0.patch";
+      sha256 = "07d7jdwk0b8kgaqkifd529sarji01j1jiih7cfccc5kxmlb5py9h";
+    })
+  ];
 
   nativeBuildInputs = [ cython ];
   propagatedBuildInputs = [ numpy scipy scikitlearn joblib six ];
+  preCheck = ''
+    cd hdbscan/tests
+    rm __init__.py
+  '';
+  checkInputs = [ pytestCheckHook ];
 
   meta = with lib; {
     description = "Hierarchical Density-Based Spatial Clustering of Applications with Noise, a clustering algorithm with a scikit-learn compatible API";

pkgs/development/python-modules/numtraits/default.nix

@@ -1,32 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchPypi
-, pytest
-, six
-, numpy
-, traitlets
-}:
-
-buildPythonPackage rec {
-  pname = "numtraits";
-  version = "0.2";
-
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "2fca9a6c9334f7358ef1a3e2e64ccaa6a479fc99fc096910e0d5fbe8edcdfd7e";
-  };
-
-  checkInputs = [ pytest ];
-  propagatedBuildInputs = [ six numpy traitlets];
-
-  checkPhase = ''
-    py.test
-  '';
-
-  meta = {
-    description = "Numerical traits for Python objects";
-    license = lib.licenses.bsd2;
-    maintainers = with lib.maintainers; [ fridh ];
-    homepage = "https://github.com/astrofrog/numtraits";
-  };
-}

pkgs/development/python-modules/onnx/default.nix

@@ -46,7 +46,8 @@ buildPythonPackage rec {
   ];
 
   postPatch = ''
-    patchShebangs tools/protoc-gen-mypy.py
+    chmod +x tools/protoc-gen-mypy.sh.in
+    patchShebangs tools/protoc-gen-mypy.sh.in tools/protoc-gen-mypy.py
   '';
 
   preBuild = ''

pkgs/development/python-modules/prance/default.nix

@@ -6,10 +6,9 @@
 , requests
 , six
 , semver
-, pytest
+, pytestCheckHook
 , pytestcov
 , pytestrunner
-, sphinx
 , openapi-spec-validator
 }:
 
@@ -35,18 +34,28 @@ buildPythonPackage rec {
   ];
 
   checkInputs = [
-    pytest
+    pytestCheckHook
     pytestcov
     openapi-spec-validator
   ];
 
   postPatch = ''
     substituteInPlace setup.py \
-      --replace "tests_require = dev_require," "tests_require = None,"
+      --replace "tests_require = dev_require," "tests_require = None," \
+      --replace "chardet~=4.0" "" \
+      --replace "semver~=2.13" ""
+    substituteInPlace setup.cfg \
+      --replace "--cov-fail-under=90" ""
   '';
 
-  # many tests require network connection
-  doCheck = false;
+  # Disable tests that require network
+  disabledTestPaths = [
+    "tests/test_convert.py"
+  ];
+  disabledTests = [
+    "test_fetch_url_http"
+  ];
+  pythonImportsCheck = [ "prance" ];
 
   meta = with lib; {
     description = "Resolving Swagger/OpenAPI 2.0 and 3.0.0 Parser";

pkgs/development/python-modules/sphinx-autobuild/default.nix

@@ -24,6 +24,6 @@ buildPythonPackage rec {
     description = "Rebuild Sphinx documentation on changes, with live-reload in the browser";
     homepage = "https://github.com/executablebooks/sphinx-autobuild";
     license = with licenses; [ mit ];
-    maintainer = with maintainers; [holgerpeters];
+    maintainers = with maintainers; [holgerpeters];
   };
 }

pkgs/development/tools/build-managers/mill/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "mill";
-  version = "0.9.3";
+  version = "0.9.5";
 
   src = fetchurl {
-    url = "https://github.com/lihaoyi/mill/releases/download/${version}/${version}";
-    sha256 = "0x9mvcm5znyi7w6cpiasj2v6f63y7d8qdck7lx03p2k6i9aa2f77";
+    url = "https://github.com/com-lihaoyi/mill/releases/download/${version}/${version}";
+    sha256 = "142vr40p60mapvvb5amn8hz6a8930kxsz510baql40hai4yhga7z";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/development/tools/coursier/default.nix

@@ -2,7 +2,7 @@
 , coreutils, git, gnused, nix, nixfmt }:
 
 let
-  version = "2.0.15";
+  version = "2.0.16";
 
   zshCompletion = fetchurl {
     url =
@@ -19,7 +19,7 @@ in stdenv.mkDerivation rec {
   src = fetchurl {
     url =
       "https://github.com/coursier/coursier/releases/download/v${version}/coursier";
-    sha256 = "sha256-XfTW8GNoPsNXamy0K9Ai3SSzBSyS1dNNCeWsbD8xCQI=";
+    sha256 = "sha256-Yx6PvBo763GnEwU5s7AYUs++Au25TF6cZ4WYGgruHpw=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/development/tools/go-task/default.nix

@@ -22,7 +22,7 @@ buildGoModule rec {
   ];
 
   postInstall = ''
-    mv $out/bin/task $out/bin/go-task
+    ln -s $out/bin/task $out/bin/go-task
   '';
 
   meta = with lib; {

pkgs/development/tools/jbang/default.nix

@@ -1,12 +1,12 @@
 { stdenv, lib, fetchzip, jdk, makeWrapper, coreutils, curl }:
 
 stdenv.mkDerivation rec {
-  version = "0.68.0";
+  version = "0.69.1";
   pname = "jbang";
 
   src = fetchzip {
     url = "https://github.com/jbangdev/jbang/releases/download/v${version}/${pname}-${version}.tar";
-    sha256 = "sha256-+hBI4asgRZg1nu50GMCl0/djqCxjb92xlO3roU4LZS8=";
+    sha256 = "sha256-FuwivcF1SpGbLcoQshVNSWSQ7PgWC0XPCQF+i9zHb/w=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/misc/emulators/cen64/default.nix

@@ -2,21 +2,22 @@
 
 stdenv.mkDerivation rec {
   pname = "cen64";
-  version = "unstable-2020-02-20";
+  version = "unstable-2021-03-12";
 
   src = fetchFromGitHub {
     owner = "n64dev";
     repo = "cen64";
-    rev = "6f9f5784bf0a720522c4ecb0915e20229c126aed";
-    sha256 = "08q0a3b2ilb95zlz4cw681gwz45n2wrb2gp2z414cf0bhn90vz0s";
+    rev = "1b31ca9b3c3bb783391ab9773bd26c50db2056a8";
+    sha256 = "0x1fz3z4ffl5xssiyxnmbhpjlf0k0fxsqn4f2ikrn17742dx4c0z";
   };
 
   nativeBuildInputs = [ cmake ];
   buildInputs = [ libGL libiconv openal libX11 ];
 
   installPhase = ''
-    mkdir -p $out/bin
-    mv cen64 $out/bin
+    runHook preInstall
+    install -D {,$out/bin/}${pname}
+    runHook postInstall
   '';
 
   meta = with lib; {

pkgs/os-specific/linux/kernel/hardened/config.nix

@@ -55,8 +55,8 @@ assert (versionAtLeast version "4.9");
 
   # Wipe higher-level memory allocations on free() with page_poison=1
   PAGE_POISONING           = yes;
-  PAGE_POISONING_NO_SANITY = yes;
-  PAGE_POISONING_ZERO      = yes;
+  PAGE_POISONING_NO_SANITY = whenOlder "5.11" yes;
+  PAGE_POISONING_ZERO      = whenOlder "5.11" yes;
 
   # Enable the SafeSetId LSM
   SECURITY_SAFESETID = whenAtLeast "5.1" yes;

pkgs/servers/http/apache-modules/mod_perl/default.nix

@@ -1,11 +1,12 @@
 { stdenv, fetchurl, apacheHttpd, perl }:
 
 stdenv.mkDerivation rec {
-  name = "mod_perl-2.0.10";
+  pname = "mod_perl";
+  version = "2.0.11";
 
   src = fetchurl {
-    url = "mirror://apache/perl/${name}.tar.gz";
-    sha256 = "0r1bhzwl5gr0202r6448943hjxsickzn55kdmb7dzad39vnq7kyi";
+    url = "mirror://apache/perl/${pname}-${version}.tar.gz";
+    sha256 = "0x3gq4nz96y202cymgrf56n8spm7bffkd1p74dh9q3zrrlc9wana";
   };
 
   buildInputs = [ apacheHttpd perl ];

pkgs/tools/admin/awscli/default.nix

@@ -28,11 +28,11 @@ let
 in
 with py.pkgs; buildPythonApplication rec {
   pname = "awscli";
-  version = "1.19.33"; # N.B: if you change this, change botocore and boto3 to a matching version too
+  version = "1.19.34"; # N.B: if you change this, change botocore and boto3 to a matching version too
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-Rz0aZTsFV3RAdH04d3jvvqi1wFuIIx3SFddONhM8c8E=";
+    sha256 = "sha256-RJ+ibZmOxH4r+pGI/rrkRES89u0IRUU3sSE5OFSJ2qw=";
   };
 
   # https://github.com/aws/aws-cli/issues/4837

pkgs/tools/misc/tz/default.nix

@@ -0,0 +1,22 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "tz";
+  version = "0.4";
+
+  src = fetchFromGitHub {
+    owner = "oz";
+    repo = "tz";
+    rev = "v${version}";
+    sha256 = "sha256-36nTau7xjABdeUOioHar28cuawFWW3DBaDH0YAvdufI=";
+  };
+
+  vendorSha256 = "sha256-Soa87I7oMa34LjYKxNAz9Limi0kQ6JUtb/zI4G7yZnw=";
+
+  meta = with lib; {
+    description = "A time zone helper";
+    homepage = "https://github.com/oz/tz";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ siraben ];
+  };
+}

pkgs/tools/package-management/cargo-audit/default.nix

@@ -15,6 +15,9 @@ rustPlatform.buildRustPackage rec {
   buildInputs = [ openssl libiconv ] ++ lib.optionals stdenv.isDarwin [ Security ];
   nativeBuildInputs = [ pkg-config ];
 
+  # enables `cargo audit fix`
+  cargoBuildFlags = [ "--features fix" ];
+
   # The tests require network access which is not available in sandboxed Nix builds.
   doCheck = false;
 

pkgs/tools/security/ldeep/default.nix

@@ -10,11 +10,11 @@
 
 buildPythonApplication rec {
   pname = "ldeep";
-  version = "1.0.9";
+  version = "1.0.10";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0n38idkn9hy31m5xkrc36dmw364d137c7phssvj76gr2gqsrqjy3";
+    sha256 = "sha256-/7mcmAj69NmuiK+xlQijAk39sMLDX8kHatmSI6XYbwE=";
   };
 
   propagatedBuildInputs = [

pkgs/tools/security/slowhttptest/default.nix

@@ -0,0 +1,26 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, openssl
+}:
+
+stdenv.mkDerivation rec {
+  pname = "slowhttptest";
+  version = "1.8.2";
+
+  src = fetchFromGitHub {
+    owner = "shekyan";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1xv2j3hl4zj0s2cxcsvlwgridh9ap4g84g7c4918d03id15wydcx";
+  };
+
+  buildInputs = [ openssl ];
+
+  meta = with lib; {
+    description = "Application Layer DoS attack simulator";
+    homepage = "https://github.com/shekyan/slowhttptest";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -1138,6 +1138,8 @@ in
 
   bcachefs-tools = callPackage ../tools/filesystems/bcachefs-tools { };
 
+  bit = callPackage ../applications/version-management/git-and-tools/bit { };
+
   bitwarden = callPackage ../tools/security/bitwarden { };
 
   inherit (nodePackages) bitwarden-cli;
@@ -8774,6 +8776,8 @@ in
 
   tydra = callPackage ../tools/misc/tydra { };
 
+  tz = callPackage ../tools/misc/tz { };
+
   u9fs = callPackage ../servers/u9fs { };
 
   ua = callPackage ../tools/networking/ua { };
@@ -19878,7 +19882,7 @@ in
   # Hardened Linux
   hardenedLinuxPackagesFor = kernel': overrides:
     let # Note: We use this hack since the hardened patches can lag behind and we don't want to delay updates:
-      linux_latest_for_hardened = pkgs.linux_5_10;
+      linux_latest_for_hardened = pkgs.linux_5_11;
       kernel = (if kernel' == pkgs.linux_latest then linux_latest_for_hardened else kernel').override overrides;
     in linuxPackagesFor (kernel.override {
       structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix {
@@ -25292,6 +25296,8 @@ in
 
   slop = callPackage ../tools/misc/slop {};
 
+  slowhttptest = callPackage ../tools/security/slowhttptest { };
+
   slrn = callPackage ../applications/networking/newsreaders/slrn { };
 
   sniproxy = callPackage ../applications/networking/sniproxy { };

pkgs/top-level/python-packages.nix

@@ -4716,8 +4716,6 @@ in {
 
   numpy-stl = callPackage ../development/python-modules/numpy-stl { };
 
-  numtraits = callPackage ../development/python-modules/numtraits { };
-
   nunavut = callPackage ../development/python-modules/nunavut { };
 
   nvchecker = callPackage ../development/python-modules/nvchecker { };
@@ -7877,7 +7875,7 @@ in {
 
   sphinx-argparse = callPackage ../development/python-modules/sphinx-argparse { };
 
-  sphinx-autobuild = callPackage ../development/python-modules/sphinx-argparse { };
+  sphinx-autobuild = callPackage ../development/python-modules/sphinx-autobuild { };
 
   sphinx-jinja = callPackage ../development/python-modules/sphinx-jinja { };