Merge staging-next into staging

doc/using/configuration.chapter.md

@@ -164,14 +164,6 @@ There are several ways to tweak how Nix handles a package which has been marked
 
     Note that `permittedInsecurePackages` is only checked if `allowInsecurePredicate` is not specified.
 
-### `config` Options Reference
-
-The following attributes can be passed in [`config`](#chap-packageconfig).
-
-```{=docbook}
-<include xmlns="http://www.w3.org/2001/XInclude" href="../doc-support/result/config-options.docbook.xml"/>
-```
-
 ## Modify packages via `packageOverrides` {#sec-modify-via-packageOverrides}
 
 You can define a function called `packageOverrides` in your local `~/.config/nixpkgs/config.nix` to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.
@@ -184,6 +176,15 @@ You can define a function called `packageOverrides` in your local `~/.config/nix
 }
 ```
 
+## `config` Options Reference {#sec-config-options-reference}
+
+The following attributes can be passed in [`config`](#chap-packageconfig).
+
+```{=docbook}
+<include xmlns="http://www.w3.org/2001/XInclude" href="../doc-support/result/config-options.docbook.xml"/>
+```
+
+
 ## Declarative Package Management {#sec-declarative-package-management}
 
 ### Build an environment {#sec-building-environment}

pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix

@@ -87,7 +87,7 @@ let
   fteLibPath = makeLibraryPath [ stdenv.cc.cc gmp ];
 
   # Upstream source
-  version = "11.0.13";
+  version = "11.0.14";
 
   lang = "en-US";
 
@@ -98,7 +98,7 @@ let
         "https://tor.eff.org/dist/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz"
         "https://tor.calyxinstitute.org/dist/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz"
       ];
-      sha256 = "03pzwzgikc43pm0lga61jdzg46fanmvd1wsnb2xkq0y1ny8gsqfz";
+      sha256 = "19lsxdxbdismjrv2kmvm10cmr1x5klc2khlmrybycdw2vx7r41mn";
     };
 
     i686-linux = fetchurl {
@@ -107,7 +107,7 @@ let
         "https://tor.eff.org/dist/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz"
         "https://tor.calyxinstitute.org/dist/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz"
       ];
-      sha256 = "0j8h2g404sagzjxnwf55n8hpvmwk52qhml98nyliajf1xg8v8k19";
+      sha256 = "0hkj4vn5jk3z32mdgzzwmhj5xa4mv5p1nnwqhlsbc3g5b5q8bc7q";
     };
   };
 in

pkgs/applications/office/homebank/default.nix

@@ -3,10 +3,10 @@
 
 stdenv.mkDerivation rec {
   pname = "homebank";
-  version = "5.5.4";
+  version = "5.5.5";
   src = fetchurl {
     url = "http://homebank.free.fr/public/homebank-${version}.tar.gz";
-    sha256 = "sha256-DQZpvKCZNArlwhPqE8srkyg7/IoOTPelkCwYKTZuV2U=";
+    sha256 = "sha256-vs4F7LUjkhR0JKoeWheTiXd7gr9Gir69c+twsq+cnmc=";
   };
 
   nativeBuildInputs = [ pkg-config wrapGAppsHook ];

pkgs/development/libraries/liblouis/default.nix

@@ -1,7 +1,6 @@
 { fetchFromGitHub
 , lib
 , stdenv
-, fetchpatch
 , autoreconfHook
 , pkg-config
 , gettext
@@ -14,25 +13,17 @@
 
 stdenv.mkDerivation rec {
   pname = "liblouis";
-  version = "3.21.0";
+  version = "3.22.0";
+
+  outputs = [ "out" "dev" "man" "info" "doc" ];
 
   src = fetchFromGitHub {
     owner = "liblouis";
     repo = "liblouis";
     rev = "v${version}";
-    sha256 = "sha256-Hfn0dfXihtUfO3R+qJaetrPwupcIwblvi1DQdHCF1s8=";
+    sha256 = "sha256-EI/uaHXe0NlqdEw764q0SjerThYEVLRogUlmrsZwXnY=";
   };
 
-  patches = [
-    (fetchpatch {
-      name = "parenthesize-memcpy-calls-clang.patch";
-      url = "https://github.com/liblouis/liblouis/commit/528f38938e9f539a251d9de92ad1c1b90401c4d0.patch";
-      sha256 = "0hlhqsvd5wflg70bd7bmssnchk8znzbr93in0zpspzbyap6xz112";
-    })
-  ];
-
-  outputs = [ "out" "dev" "man" "info" "doc" ];
-
   nativeBuildInputs = [
     autoreconfHook
     pkg-config
@@ -71,7 +62,10 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Open-source braille translator and back-translator";
     homepage = "http://liblouis.org/";
-    license = licenses.lgpl21;
+    license = with licenses; [
+      lgpl21Plus # library
+      gpl3Plus # tools
+    ];
     maintainers = with maintainers; [ jtojnar ];
     platforms = platforms.unix;
   };

pkgs/development/python-modules/atom/default.nix

@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "atom";
-  version = "0.8.0";
+  version = "0.8.1";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "nucleic";
     repo = pname;
-    rev = version;
-    hash = "sha256-Xby3QopKw7teShMi80RMG8YdhOOvfQb5vwOuFEUTxHQ=";
+    rev = "refs/tags/${version}";
+    hash = "sha256-odthydKmgbOXYT8YAIn5MlFfH/BD8MMkuRYaiI8OZD4=";
   };
 
   SETUPTOOLS_SCM_PRETEND_VERSION = version;

pkgs/development/python-modules/ghapi/default.nix

@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "ghapi";
-  version = "0.1.20";
+  version = "0.1.21";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
@@ -17,8 +17,8 @@ buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "fastai";
     repo = "ghapi";
-    rev = version;
-    sha256 = "sha256-Pry+qCHCt+c+uwkLaoTVUY1KblESj6kcNtMfGwK1rfk=";
+    rev = "refs/tags/${version}";
+    sha256 = "sha256-6VcsIcRhIHByd1aPZLIJ+g4o1einHpyJuSamwh1Ag5M=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/peaqevcore/default.nix

@@ -6,14 +6,14 @@
 
 buildPythonPackage rec {
   pname = "peaqevcore";
-  version = "1.0.11";
+  version = "1.0.14";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-cY2+H6FiojUEOHuA+wuIubtJKjNQlgten1edWgkoLb0=";
+    hash = "sha256-zHVi950iUultt66amL22d/7INglJtSOHvWCPUSaw5h4=";
   };
 
   postPatch = ''

pkgs/development/python-modules/pyroute2-core/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-core";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.core";
     inherit version;
-    hash = "sha256-9Odxls1lje7pUCu0UkhfQIgbL2dOZQkiV1J/kgfgxGw=";
+    hash = "sha256-uzb8nlAOHNtNq205/sJPoJtvMoo7uCFfrRQas/rv8p8=";
   };
 
   # pyroute2 sub-modules have no tests

pkgs/development/python-modules/pyroute2-ethtool/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-ethtool";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.ethtool";
     inherit version;
-    hash = "sha256-3xFsK50WtnRS8ImEWU4Hke9Ndp1Asm4wPEBfQT1rYXU=";
+    hash = "sha256-MwIRm/DezL7yCN682Yckxd23+iri2V6HCokF4G36apU=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-ipdb/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-ipdb";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.ipdb";
     inherit version;
-    hash = "sha256-UTP5LuZbBukfDpQPJ+N5ZFtKGFJppZfpsISnsm9eabs=";
+    hash = "sha256-hKh5SFFMdhECeMyA3Quzqp7h+iQMMmCYBJEuLEq5dVs=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-ipset/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-ipset";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.ipset";
     inherit version;
-    hash = "sha256-uIfclrm1tujUickd5R4uyDHvPExyC2M9mpm5NLF1rts=";
+    hash = "sha256-nvj7b6HF/XhzqmFg6aOQKMFDEFwAcyOnoJXi/coNvG4=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-ndb/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-ndb";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.ndb";
     inherit version;
-    hash = "sha256-jz956VgO9Z9ZPlMQobB34wd04Og/XV7IP+J58htdk+Y=";
+    hash = "sha256-Oc+uaqftRH6Dw3Sa2G1rZ3Mx2u81ErKIyz8xhnA1QgI=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-nftables/default.nix

@@ -6,12 +6,12 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-nftables";
-  version = "0.6.11";
+  version = "0.6.12";
 
   src = fetchPypi {
     pname = "pyroute2.nftables";
     inherit version;
-    sha256 = "sha256-2SHAH4HBcXknCa2rdHk1s+ju+IN5ndcLPD8dgSGagqU=";
+    sha256 = "sha256-jy04M73r49LxfbHAuDgSaoFWmkc0O/jPJwdDlW8YCSc=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-nslink/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-nslink";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.nslink";
     inherit version;
-    hash = "sha256-R94n1UEceOMmXXbCCkgq6N2JLnp2eqAW4qweIpNI2CI=";
+    hash = "sha256-c66rD7CyHdyYACIiq1Nfu6rmUsIL9YmFp4Z1gxOFik4=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2-protocols/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyroute2-protocols";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "pyroute2.protocols";
     inherit version;
-    hash = "sha256-AnmW9ILlcZh2mwO5fbhY4ZazWSAy2wHJgLp5Anlmxk4=";
+    hash = "sha256-j83UNlQVjxIyKhOqDsx6yhvMZEfAh54gRjniacCpSxY=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyroute2/default.nix

@@ -15,14 +15,14 @@
 
 buildPythonPackage rec {
   pname = "pyroute2";
-  version = "0.6.11";
+  version = "0.6.12";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-E2NGvmbVUuRUHQZ52/+say4SN9/TnuGpUGL4UCRJF70=";
+    hash = "sha256-cnUvmx9R+4oUGgf6LpbMlAadVh/EYcNX1ep88gtPTn4=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/social-auth-core/default.nix

@@ -1,30 +1,65 @@
 { lib
 , buildPythonPackage
+, cryptography
+, defusedxml
 , fetchFromGitHub
-, requests
+, httpretty
+, lxml
 , oauthlib
-, requests-oauthlib
 , pyjwt
-, cryptography
-, defusedxml
-, python3-openid
+, pytestCheckHook
 , python-jose
+, python3-openid
 , python3-saml
-, pytestCheckHook
-, httpretty
+, pythonOlder
+, requests
+, requests-oauthlib
 }:
 
 buildPythonPackage rec {
   pname = "social-auth-core";
-  version = "4.2.0";
+  version = "4.3.0";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = "python-social-auth";
     repo = "social-core";
-    rev = version;
-    sha256 = "sha256-kaL6sfAyQlzxszCEbhW7sns/mcOv0U+QgplmUd6oegQ=";
+    rev = "refs/tags/${version}";
+    hash = "sha256-P9IWnu1/PWVNl/tZZ4bqz0WnruKu/jXASZBoaWXWeYI=";
   };
 
+  propagatedBuildInputs = [
+    cryptography
+    defusedxml
+    oauthlib
+    pyjwt
+    python3-openid
+    requests
+    requests-oauthlib
+  ];
+
+  passthru.optional-dependencies = {
+    openidconnect = [
+      python-jose
+    ];
+    saml = [
+      lxml
+      python3-saml
+    ];
+    azuread = [
+      cryptography
+    ];
+  };
+
+  checkInputs = [
+    pytestCheckHook
+    httpretty
+  ] ++ passthru.optional-dependencies.openidconnect
+  ++ passthru.optional-dependencies.saml
+  ++ passthru.optional-dependencies.azuread;
+
   # Disable checking the code coverage
   prePatch = ''
     substituteInPlace social_core/tests/requirements.txt \
@@ -35,28 +70,13 @@ buildPythonPackage rec {
       --replace "{posargs:-v --cov=social_core}" "{posargs:-v}"
   '';
 
-  propagatedBuildInputs = [
-    requests
-    oauthlib
-    requests-oauthlib
-    pyjwt
-    cryptography
-    defusedxml
-    python3-openid
-    python-jose
-    python3-saml
-  ];
-
-  checkInputs = [
-    pytestCheckHook
-    httpretty
+  pythonImportsCheck = [
+    "social_core"
   ];
 
-  pythonImportsCheck = [ "social_core" ];
-
   meta = with lib; {
+    description = "Module for social authentication/registration mechanisms";
     homepage = "https://github.com/python-social-auth/social-core";
-    description = "Python Social Auth - Core";
     license = licenses.bsd3;
     maintainers = with maintainers; [ n0emis ];
   };

pkgs/os-specific/linux/checksec/default.nix

@@ -1,39 +1,59 @@
-{ lib, stdenv, fetchFromGitHub, makeWrapper, file, findutils
-, binutils-unwrapped, glibc, coreutils, sysctl, openssl
+{ lib
+, stdenv
+, fetchFromGitHub
+, makeWrapper
+, file
+, findutils
+, binutils-unwrapped
+, glibc
+, coreutils
+, sysctl
+, openssl
 }:
 
 stdenv.mkDerivation rec {
   pname = "checksec";
-  version = "2.5.0";
+  version = "2.6.0";
 
   src = fetchFromGitHub {
     owner = "slimm609";
     repo = "checksec.sh";
     rev = version;
-    sha256 = "sha256-GxWXocz+GCEssRrIQP6E9hjVIhVh2EmZrefELxQlV1Q=";
+    hash = "sha256-BWtchWXukIDSLJkFX8M/NZBvfi7vUE2j4yFfS0KEZDo=";
   };
 
-  patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ];
-  nativeBuildInputs = [ makeWrapper ];
+  patches = [
+    ./0001-attempt-to-modprobe-config-before-checking-kernel.patch
+  ];
 
-  installPhase = let
-    path = lib.makeBinPath [
-      findutils file binutils-unwrapped sysctl openssl
-    ];
-  in ''
-    mkdir -p $out/bin
-    install checksec $out/bin
-    substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
-    substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
-    wrapProgram $out/bin/checksec \
-      --prefix PATH : ${path}
-  '';
+  nativeBuildInputs = [
+    makeWrapper
+  ];
+
+  installPhase =
+    let
+      path = lib.makeBinPath [
+        findutils
+        file
+        binutils-unwrapped
+        sysctl
+        openssl
+      ];
+    in
+    ''
+      mkdir -p $out/bin
+      install checksec $out/bin
+      substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
+      substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
+      wrapProgram $out/bin/checksec \
+        --prefix PATH : ${path}
+    '';
 
   meta = with lib; {
-    description = "A tool for checking security bits on executables";
-    homepage    = "https://www.trapkit.de/tools/checksec/";
-    license     = licenses.bsd3;
-    platforms   = platforms.linux;
+    description = "Tool for checking security bits on executables";
+    homepage = "https://www.trapkit.de/tools/checksec/";
+    license = licenses.bsd3;
+    platforms = platforms.linux;
     maintainers = with maintainers; [ thoughtpolice globin ];
   };
 }

pkgs/tools/security/hash-slinger/default.nix

@@ -8,13 +8,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hash-slinger";
-  version = "3.1";
+  version = "3.2";
 
   src = fetchFromGitHub {
     owner = "letoams";
     repo = pname;
     rev = version;
-    sha256 = "sha256-mhMUdZt846QjwRIh2m/4EE+93fUcCKc2FFeoFpzKYvk=";
+    sha256 = "sha256-PfOEGqPMGLixoqHENZnxOv9nK+dYMqe6P0k+ZiJMik0=";
   };
 
   pythonPath = with python3.pkgs; [

pkgs/tools/security/haveged/default.nix

@@ -1,14 +1,17 @@
-{ lib, stdenv, fetchFromGitHub }:
+{ lib
+, stdenv
+, fetchFromGitHub
+}:
 
 stdenv.mkDerivation rec {
   pname = "haveged";
-  version = "1.9.17";
+  version = "1.9.18";
 
   src = fetchFromGitHub {
     owner = "jirka-h";
     repo = "haveged";
     rev = "v${version}";
-    sha256 = "sha256-uVl+TZVMsf+9aRATQndYMK4l4JfOBvstd1O2nTHyMYU=";
+    hash = "sha256-fyL/J2A13ap582j4gdC8u63Ah67Old+BaO/CLyEeN/g=";
   };
 
   strictDeps = true;

pkgs/tools/security/ldapmonitor/default.nix

@@ -0,0 +1,40 @@
+{ lib
+, fetchFromGitHub
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "ldapmonitor";
+  version = "1.3";
+  format = "other";
+
+  src = fetchFromGitHub {
+    owner = "p0dalirius";
+    repo = pname;
+    rev = version;
+    hash = "sha256-lwTXvrnOVodCUQtR8FmCXiPuZ1Wx1ySfDKghpLXNuI4=";
+  };
+
+  sourceRoot = "${src.name}/python";
+
+  propagatedBuildInputs = with python3.pkgs; [
+    impacket
+    ldap
+    ldap3
+  ];
+
+  installPhase = ''
+    runHook preInstall
+
+    install -vD pyLDAPmonitor.py $out/bin/ldapmonitor
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Tool to monitor creation, deletion and changes to LDAP objects";
+    homepage = "https://github.com/p0dalirius/LDAPmonitor";
+    license = with licenses; [ gpl3Only ];
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -7951,6 +7951,8 @@ with pkgs;
 
   lcdf-typetools = callPackage ../tools/misc/lcdf-typetools { };
 
+  ldapmonitor = callPackage ../tools/security/ldapmonitor { };
+
   ldapvi = callPackage ../tools/misc/ldapvi { };
 
   ldeep = python3Packages.callPackage ../tools/security/ldeep { };