Merge master into staging-next

maintainers/maintainer-list.nix

@@ -4969,6 +4969,12 @@
     githubId = 1498782;
     name = "Jesse Haber-Kucharsky";
   };
+  hamburger1984 = {
+    email = "hamburger1984@gmail.com";
+    github = "hamburger1984";
+    githubId = 438976;
+    name = "Andreas Krohn";
+  };
   hamhut1066 = {
     email = "github@hamhut1066.com";
     github = "moredhel";

nixos/modules/security/wrappers/default.nix

@@ -202,15 +202,21 @@ in
   ###### implementation
   config = {
 
-    assertions = lib.mapAttrsToList
-      (name: opts:
+    assertions = lib.concatLists (lib.mapAttrsToList
+      (name: opts: [
         { assertion = opts.setuid || opts.setgid -> opts.capabilities == "";
           message = ''
             The security.wrappers.${name} wrapper is not valid:
                 setuid/setgid and capabilities are mutually exclusive.
           '';
         }
-      ) wrappers;
+        { assertion = lib.pathHasContext (toString opts.source) -> lib.pathExists opts.source;
+          message = ''
+            The security.wrappers.${name} wrapper is not valid:
+                the source store path '${opts.source}' does not exist.
+          '';
+        }
+      ]) wrappers);
 
     security.wrappers =
       let
@@ -273,33 +279,5 @@ in
             ln --symbolic "$wrapperDir" "${wrapperDir}"
           fi
         '';
-
-    ###### wrappers consistency checks
-    system.extraDependencies = lib.singleton (pkgs.runCommandLocal
-      "ensure-all-wrappers-paths-exist" { }
-      ''
-        # make sure we produce output
-        mkdir -p $out
-
-        echo -n "Checking that Nix store paths of all wrapped programs exist... "
-
-        declare -A wrappers
-        ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v:
-          "wrappers['${n}']='${v.source}'") wrappers)}
-
-        for name in "''${!wrappers[@]}"; do
-          path="''${wrappers[$name]}"
-          if [[ "$path" =~ /nix/store ]] && [ ! -e "$path" ]; then
-            test -t 1 && echo -ne '\033[1;31m'
-            echo "FAIL"
-            echo "The path $path does not exist!"
-            echo 'Please, check the value of `security.wrappers."'$name'".source`.'
-            test -t 1 && echo -ne '\033[0m'
-            exit 1
-          fi
-        done
-
-        echo "OK"
-      '');
   };
 }

nixos/modules/services/networking/wpa_supplicant.nix

@@ -114,7 +114,7 @@ let
 
       script =
       ''
-        ${optionalString configIsGenerated ''
+        ${optionalString (configIsGenerated && !cfg.allowAuxiliaryImperativeNetworks) ''
           if [ -f /etc/wpa_supplicant.conf ]; then
             echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead."
           fi

nixos/tests/kernel-generic.nix

@@ -31,6 +31,7 @@ let
       linux_5_10_hardened
       linux_5_15_hardened
       linux_5_17_hardened
+      linux_5_18_hardened
 
       linux_testing;
   };

pkgs/applications/video/kodi/addons/urllib3/default.nix

@@ -1,19 +1,23 @@
-{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+{ lib, buildKodiAddon, fetchFromGitHub, addonUpdateScript }:
+
 buildKodiAddon rec {
   pname = "urllib3";
   namespace = "script.module.urllib3";
-  version = "1.26.4+matrix.1";
+  version = "1.26.8+matrix.1";
 
-  src = fetchzip {
-    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
-    sha256 = "1d2k6gbsnhdadcl1xc7igz4m71z2fcnpln5ppfjv455cmkk110vf";
+  # temporarily fetching from a PR because of CVE-2021-33503
+  # see https://github.com/xbmc/repo-scripts/pull/2193 for details
+  src = fetchFromGitHub {
+    owner = "xbmc";
+    repo = "repo-scripts";
+    rev = "f0bfacab4732e33c5669bedd1a86319fa9e38338";
+    sha256 = "sha256-UEMLrIvuuPARGHMsz6dOZrOuHIYVSpi0gBy2lK1Y2sk=";
   };
 
+  sourceRoot = "source/script.module.urllib3";
+
   passthru = {
     pythonPath = "lib";
-    updateScript = addonUpdateScript {
-      attrPath = "kodi.packages.urllib3";
-    };
   };
 
   meta = with lib; {

pkgs/development/python-modules/afdko/default.nix

@@ -81,8 +81,8 @@ buildPythonPackage rec {
     "test_filename_without_dir"
     "test_overwrite"
     "test_options"
-  ] ++ lib.optionals (stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isRiscV) [
-    # aarch64-only (?) failure, unknown reason so far
+  ] ++ lib.optionals (stdenv.hostPlatform.isAarch32 || stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isRiscV) [
+    # unknown reason so far
     # https://github.com/adobe-type-tools/afdko/issues/1425
     "test_spec"
   ] ++ lib.optionals (stdenv.hostPlatform.isi686) [

pkgs/development/python-modules/asf-search/default.nix

@@ -1,21 +1,57 @@
-{ lib, buildPythonPackage, fetchFromGitHub, pytz, shapely, importlib-metadata, requests, python-dateutil }:
+{ lib
+, buildPythonPackage
+, dateparser
+, fetchFromGitHub
+, importlib-metadata
+, numpy
+, pytestCheckHook
+, python-dateutil
+, pythonOlder
+, pytz
+, requests
+, requests-mock
+, shapely
+, wktutils
+}:
 
 buildPythonPackage rec {
-  pname = "asf_search";
-  version = "3.0.6";
+  pname = "asf-search";
+  version = "3.2.2";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = "asfadmin";
     repo = "Discovery-asf_search";
-    rev = "v${version}";
-    sha256 = "1jzah2l1db1p2mv59w9qf0x3a9hk6s5rzy0jnp2smsddvyxfwcyn";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-9fJp4P2cD11ppU80Av/aJOcqpaBwuYgdWWBTMo/HCeo=";
   };
 
-  propagatedBuildInputs = [ pytz shapely importlib-metadata requests python-dateutil ];
+  propagatedBuildInputs = [
+    dateparser
+    importlib-metadata
+    numpy
+    python-dateutil
+    pytz
+    requests
+    shapely
+    wktutils
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+    requests-mock
+  ];
 
-  doCheck = false;
+  postPatch = ''
+    substituteInPlace setup.py \
+      --replace "WKTUtils==" "WKTUtils>="
+  '';
 
-  pythonImportsCheck = [ "asf_search" ];
+  pythonImportsCheck = [
+    "asf_search"
+  ];
 
   meta = with lib; {
     description = "Python wrapper for the ASF SearchAPI";

pkgs/development/python-modules/browser-cookie3/default.nix

@@ -12,14 +12,14 @@
 
 buildPythonPackage rec {
   pname = "browser-cookie3";
-  version = "0.14.2";
+  version = "0.14.3";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-YR5NcDmbLlnhxcDuyM6hjjuL/Ozw79ytbCF4/nmSZmQ=";
+    hash = "sha256-Ch8ho4T3R9qwQiaP+n5Q21x62Ip3ibtqDJIDnobbh5c=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/entrypoint2/default.nix

@@ -1,17 +1,33 @@
-{ lib, buildPythonPackage, fetchPypi, EasyProcess, path, pytestCheckHook }:
+{ lib
+, buildPythonPackage
+, fetchPypi
+, EasyProcess
+, path
+, pytestCheckHook
+, pythonOlder
+}:
 
 buildPythonPackage rec {
   pname = "entrypoint2";
-  version = "1.0";
+  version = "1.1";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-Z+kG9q2VjYP0i07ewo192CZw6SYZiPa0prY6vJ+zvlY=";
+    hash = "sha256-/At/57IazatHpYWrlAfKflxPlstoiFddtrDOuR8OEFo=";
   };
 
-  pythonImportsCheck = [ "entrypoint2" ];
+  checkInputs = [
+    EasyProcess
+    path
+    pytestCheckHook
+  ];
 
-  checkInputs = [ EasyProcess path pytestCheckHook ];
+  pythonImportsCheck = [
+    "entrypoint2"
+  ];
 
   meta = with lib; {
     description = "Easy to use command-line interface for python modules";

pkgs/development/python-modules/kml2geojson/default.nix

@@ -0,0 +1,46 @@
+{ lib
+, buildPythonPackage
+, poetry-core
+, fetchFromGitHub
+, pytestCheckHook
+, pythonOlder
+, click
+}:
+
+buildPythonPackage rec {
+  pname = "kml2geojson";
+  version = "5.1.0";
+  format = "pyproject";
+
+  disabled = pythonOlder "3.8";
+
+  src = fetchFromGitHub {
+    owner = "mrcagney";
+    repo = pname;
+    rev = version;
+    hash = "sha256-iJEcXpvy+Y3MkxAF2Q1Tkcx8GxUVjeVzv6gl134zdiI=";
+  };
+
+  nativeBuildInputs = [
+    poetry-core
+  ];
+
+  propagatedBuildInputs = [
+    click
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "kml2geojson"
+  ];
+
+  meta = with lib; {
+    description = "Library to convert KML to GeoJSON";
+    homepage = "https://github.com/mrcagney/kml2geojson";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/development/python-modules/plugwise/default.nix

@@ -21,7 +21,7 @@
 
 buildPythonPackage rec {
   pname = "plugwise";
-  version = "0.19.0";
+  version = "0.19.1";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -30,7 +30,7 @@ buildPythonPackage rec {
     owner = pname;
     repo = "python-plugwise";
     rev = "refs/tags/v${version}";
-    sha256 = "sha256-ST7eC7IXW47b1AlX25ubUPTi6Hkcjd+7L0tzht3fz9s=";
+    sha256 = "sha256-eytv61aTGL6rTLHfZD9Tsl9FycdExo+TGsVBCNu1fIo=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/uvloop/default.nix

@@ -46,7 +46,7 @@ buildPythonPackage rec {
     "--assert=plain"
     "--strict"
     "--tb=native"
-  ] ++ lib.optionals (stdenv.isAarch64) [
+  ] ++ lib.optionals (stdenv.isAarch32 || stdenv.isAarch64) [
     # test gets stuck in epoll_pwait on hydras aarch64 builders
     # https://github.com/MagicStack/uvloop/issues/412
     "--deselect" "tests/test_tcp.py::Test_AIO_TCPSSL::test_remote_shutdown_receives_trailing_data"

pkgs/development/python-modules/wktutils/default.nix

@@ -0,0 +1,66 @@
+{ lib
+, buildPythonPackage
+, dateparser
+, defusedxml
+, fetchFromGitHub
+, fiona
+, geomet
+, geopandas
+, kml2geojson
+, pyshp
+, pythonOlder
+, pyyaml
+, regex
+, requests
+, shapely
+, scikit-learn
+}:
+
+buildPythonPackage rec {
+  pname = "wktutils";
+  version = "1.1.4";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "asfadmin";
+    repo = "Discovery-WKTUtils";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-/gcMnZ+wWflbvLlyfIaEoSYaLrsosMyD60ei/5Iis6E=";
+  };
+
+  propagatedBuildInputs = [
+    dateparser
+    defusedxml
+    fiona
+    geomet
+    geopandas
+    kml2geojson
+    pyshp
+    pyyaml
+    regex
+    requests
+    shapely
+    scikit-learn
+  ];
+
+  postPatch = ''
+    substituteInPlace setup.py \
+      --replace "sklearn" "scikit-learn"
+  '';
+
+  # Module doesn't have tests
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "WKTUtils"
+  ];
+
+  meta = with lib; {
+    description = "Collection of tools for handling WKTs";
+    homepage = "https://github.com/asfadmin/Discovery-WKTUtils";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/os-specific/linux/kernel/hardened/patches.json

@@ -2,61 +2,71 @@
     "4.14": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-4.14.281-hardened1.patch",
-            "sha256": "1i70qrv9dfpp0szl2m6icrnzpgw1r21nr4b6bbpdf1gmq22y9gf1",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.281-hardened1/linux-hardened-4.14.281-hardened1.patch"
+            "name": "linux-hardened-4.14.282-hardened1.patch",
+            "sha256": "0f7av5llr1ccx0k6z2p2spaqk4jfaw9555gf59303zgxsvakavmi",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.282-hardened1/linux-hardened-4.14.282-hardened1.patch"
         },
-        "sha256": "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis",
-        "version": "4.14.281"
+        "sha256": "18sp2qvk8dkjrlxwf4d470282m9wyvhajvyys9vs94rh1i3whdv6",
+        "version": "4.14.282"
     },
     "4.19": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-4.19.245-hardened1.patch",
-            "sha256": "181bsz4zzw1hmk3l0cxrgfxlf1z5gy86bxrnwxh08n3j35biywf2",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.245-hardened1/linux-hardened-4.19.245-hardened1.patch"
+            "name": "linux-hardened-4.19.246-hardened1.patch",
+            "sha256": "00827r0hiiia95z4nwvbqi1jxj5bzh8hna3d4p08gj2pvq5rwvxk",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.246-hardened1/linux-hardened-4.19.246-hardened1.patch"
         },
-        "sha256": "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr",
-        "version": "4.19.245"
+        "sha256": "0fmsglkvdgdmrkm53vyi9d4hvdl4py9qn1z0mni224n96rd2zb80",
+        "version": "4.19.246"
     },
     "5.10": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.10.118-hardened1.patch",
-            "sha256": "0kn33lzb92p80rvy3jzkhnv5izr8h082x400s6ihxp1sqdal0fb7",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.118-hardened1/linux-hardened-5.10.118-hardened1.patch"
+            "name": "linux-hardened-5.10.121-hardened1.patch",
+            "sha256": "1a7mvfnm15ci81129mpvh3gn6w75bq0i1ydv02zyngk9cz5mgjc1",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.121-hardened1/linux-hardened-5.10.121-hardened1.patch"
         },
-        "sha256": "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65",
-        "version": "5.10.118"
+        "sha256": "1iljaaiwqg30rqb9zxrxc4l1p56q75jf0zvsrmn67z2a12sffi4h",
+        "version": "5.10.121"
     },
     "5.15": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.15.43-hardened1.patch",
-            "sha256": "03ilpzhr01567aaadwwk3qdnh9hlm427ihyrr59dwlwsfcqy2fd9",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.43-hardened1/linux-hardened-5.15.43-hardened1.patch"
+            "name": "linux-hardened-5.15.46-hardened1.patch",
+            "sha256": "1ndvrr98mn40705dsfkyda9ny5r273bl9f6n1xb5ndx34j396wrh",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.46-hardened1/linux-hardened-5.15.46-hardened1.patch"
         },
-        "sha256": "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6",
-        "version": "5.15.43"
+        "sha256": "0srp0wypl24gf5yz91mpk1c2kllabq6wvby1wqrrbdwvfx35figb",
+        "version": "5.15.46"
     },
     "5.17": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.17.11-hardened1.patch",
-            "sha256": "01l4k1j23ckkifjxwaq9lcfp7ynpasyn5f7nqsff6xx2wcg0qyxf",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.11-hardened1/linux-hardened-5.17.11-hardened1.patch"
+            "name": "linux-hardened-5.17.14-hardened1.patch",
+            "sha256": "017dq8ngg3mxnfffjkf1knkzii8hsf1gsi65zla34n7kjyajlchq",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.14-hardened1/linux-hardened-5.17.14-hardened1.patch"
         },
-        "sha256": "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p",
-        "version": "5.17.11"
+        "sha256": "0r2skbgxzw42cn29mr7i9w7fczzxhc1lx3xvri44ljjyfdqn7r0b",
+        "version": "5.17.14"
+    },
+    "5.18": {
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-5.18.3-hardened1.patch",
+            "sha256": "1kfnknpw2g39j7gqy6mqjmkaxkmdigx617rz2vpqvjxddfv59764",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.18.3-hardened1/linux-hardened-5.18.3-hardened1.patch"
+        },
+        "sha256": "1sngy576db1zl2284kd0j8ds4biln0q98wnywirzsg3c0w2v8367",
+        "version": "5.18.3"
     },
     "5.4": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.4.196-hardened1.patch",
-            "sha256": "11q9sadncbz84yhsai7xdbrgmcbghj0hc1lqc45767v1f3snmpyi",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.196-hardened1/linux-hardened-5.4.196-hardened1.patch"
+            "name": "linux-hardened-5.4.197-hardened1.patch",
+            "sha256": "0kqfviyx5aigadm051y9xkbyscnn9f92zwqxkjkxhpn0y684i7n5",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.197-hardened1/linux-hardened-5.4.197-hardened1.patch"
         },
-        "sha256": "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig",
-        "version": "5.4.196"
+        "sha256": "1a1nzrx873vwlpm018l6rk19yh59badvwsknw3chbkbhzjrigbf2",
+        "version": "5.4.197"
     }
 }

pkgs/os-specific/linux/kernel/linux-4.14.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.14.281";
+  version = "4.14.282";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0pivb1m2cwqnlm8bhd4ccnlq9pwp2r5lmn77gp91k6vbjv3gkqis";
+    sha256 = "18sp2qvk8dkjrlxwf4d470282m9wyvhajvyys9vs94rh1i3whdv6";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-4.19.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.19.245";
+  version = "4.19.246";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1s58qci6xhmss12glzkqk41kp60pqmzh4d84kyz4m4nf4xhdvzcr";
+    sha256 = "0fmsglkvdgdmrkm53vyi9d4hvdl4py9qn1z0mni224n96rd2zb80";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-4.9.nix

@@ -1,12 +1,12 @@
 { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.316";
+  version = "4.9.317";
   extraMeta.branch = "4.9";
   extraMeta.broken = stdenv.isAarch64;
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "05yd7djm6dcxv3vaylhmj3p0yml421azv8qabmhv4ric1f99idjp";
+    sha256 = "06qdqcplslnp1ncaqvp5yjr294rz3x4qrxnv522v76awj6dkd8vy";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-5.10.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.118";
+  version = "5.10.121";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0jqbzvgbvaldwwarvg27mcv2kfcgmfw72zpy4h4sp5d1hzqj1q65";
+    sha256 = "1iljaaiwqg30rqb9zxrxc4l1p56q75jf0zvsrmn67z2a12sffi4h";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-5.15.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.15.43";
+  version = "5.15.46";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -15,6 +15,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "04hwaykdjdqhcdk1pr6p4kkyw6h3z6ig4qpsra2klxsqklx92jq6";
+    sha256 = "0srp0wypl24gf5yz91mpk1c2kllabq6wvby1wqrrbdwvfx35figb";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.17.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.17.11";
+  version = "5.17.14";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0c8vz02lbfm0zkgsr1gvdp8bzxz255dk863pnakw6d77z9bfc22p";
+    sha256 = "0r2skbgxzw42cn29mr7i9w7fczzxhc1lx3xvri44ljjyfdqn7r0b";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.18.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.18";
+  version = "5.18.3";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1vjwhl4s8qxfg1aabn8xnpjza3qzrjcp5450h9qpjvl999lg3wsi";
+    sha256 = "1sngy576db1zl2284kd0j8ds4biln0q98wnywirzsg3c0w2v8367";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.4.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.196";
+  version = "5.4.197";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1x5irgki792f21hm5146xary0260cl9r475kvw8vm9w32vyx18ig";
+    sha256 = "1a1nzrx873vwlpm018l6rk19yh59badvwsknw3chbkbhzjrigbf2";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-libre.nix

@@ -1,8 +1,8 @@
 { stdenv, lib, fetchsvn, linux
 , scripts ? fetchsvn {
     url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/";
-    rev = "18738";
-    sha256 = "024iw4352h8b1kbbimqgid95h868swiw45wn91sjkpmwr612v6kd";
+    rev = "18777";
+    sha256 = "0ycg799pdi3rarkdgrrxcfjl15n8i24d9zc54xhg79wpgxcv39n3";
   }
 , ...
 }:

pkgs/os-specific/linux/kernel/linux-rt-5.10.nix

@@ -6,7 +6,7 @@
 , ... } @ args:
 
 let
-  version = "5.10.115-rt67"; # updated by ./update-rt.sh
+  version = "5.10.120-rt70"; # updated by ./update-rt.sh
   branch = lib.versions.majorMinor version;
   kversion = builtins.elemAt (lib.splitString "-" version) 0;
 in buildLinux (args // {
@@ -18,14 +18,14 @@ in buildLinux (args // {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
-    sha256 = "0w9gwizyqjgsj93dqqvlh6bqkmpzjajhj09319nqncc95yrigr7m";
+    sha256 = "12qfgmzif2dy3kj4rqrnlx1if87c4fjmnya1bqpwx3hm0ih7ayjv";
   };
 
   kernelPatches = let rt-patch = {
     name = "rt";
     patch = fetchurl {
       url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
-      sha256 = "16igpdqq8nqzf98pkrs9v692d1r1fpnwrh3qxrkja0fgzswdwc0j";
+      sha256 = "0l0fp7bqfj11qcq3dqd5lv468z1hha0y774dfiliv97lx7gq34m9";
     };
   }; in [ rt-patch ] ++ kernelPatches;
 

pkgs/os-specific/linux/rtl8821cu/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "rtl8821cu";
-  version = "${kernel.version}-unstable-2022-03-08";
+  version = "${kernel.version}-unstable-2022-05-07";
 
   src = fetchFromGitHub {
     owner = "morrownr";
     repo = "8821cu-20210118";
-    rev = "4bdd7c8668562e43564cd5d786055633e591ad4d";
-    sha256 = "sha256-dfvDpjsra/nHwIGywOkZICTEP/Ex7ooH4zzkXqAaDkI=";
+    rev = "e3cf788e1dddaba3273190755ce424f93fe593e4";
+    hash = "sha256-VUZU/oFSaxewy/BF/2k4OssAi4AWSWweqXYZPHmsQvY=";
   };
 
   hardeningDisable = [ "pic" ];

pkgs/tools/bluetooth/bluewalker/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "bluewalker";
-  version = "0.3.0";
+  version = "0.3.1";
 
   src = fetchFromGitLab {
     owner = "jtaimisto";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-spuJRiNiaBV4EsetUq8vUfR6ejUNZxLhVzS3AZZyrrQ=";
+    sha256 = "sha256-wAzBlCczsLfHboGYIsyN7dGwz52CMw+L3XQ0njfLVR0=";
   };
 
   vendorSha256 = "189qs6vmx63vwsjmc4qgf1y8xjsi7x6l1f5c3kd8j8jnagl26z4h";

pkgs/tools/filesystems/sshfs-fuse/default.nix

@@ -22,7 +22,7 @@ in if stdenv.isDarwin then
   }
 else
   mkSSHFS {
-    version = "3.7.2";
-    sha256 = "0i0ycgwdxja8313hlkrlwrl85a4ykkyqddgg484jkr4rnr7ylk8w";
+    version = "3.7.3";
+    sha256 = "0s2hilqixjmv4y8n67zaq374sgnbscp95lgz5ignp69g3p1vmhwz";
     platforms = lib.platforms.linux;
   }

pkgs/tools/misc/hwatch/default.nix

@@ -0,0 +1,33 @@
+{ lib, stdenv, fetchFromGitHub, fetchpatch, rustPlatform }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "hwatch";
+  version = "0.3.6";
+
+  src = fetchFromGitHub {
+    owner = "blacknon";
+    repo = pname;
+    # prefix, because just "0.3.6' causes the download to silently fail:
+    # $ curl -v https://github.com/blacknon/hwatch/archive/0.3.6.tar.gz
+    # ...
+    # < HTTP/2 300
+    # ...
+    # the given path has multiple possibilities: #<Git::Ref:0x00007fbb2e52bed0>, #<Git::Ref:0x00007fbb2e52ae40>
+    rev = "refs/tags/${version}";
+    sha256 = "sha256-uaAgA6DWwYVT9mQh55onW+qxIC2i9GVuimctTJpUgfA=";
+  };
+
+  cargoSha256 = "sha256-Xt3Z6ax3Y45KZhTYMBr/Rfx1o+ZAoPYj51SN5hnrXQM=";
+
+  meta = with lib; {
+    homepage = "https://github.com/blackmon/hwatch";
+    description= "Modern alternative to the watch command";
+    longDescription = ''
+      A modern alternative to the watch command, records the differences in
+      execution results and can check this differences at after.
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ hamburger1984 ];
+    platforms = platforms.linux;
+  };
+}

pkgs/tools/networking/libreswan/default.nix

@@ -43,11 +43,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "libreswan";
-  version = "4.6";
+  version = "4.7";
 
   src = fetchurl {
     url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
-    sha256 = "1zsnsfx18pf5dy1p4jva2sfl0bdfx5y9ls54f9bp70m64r46yf96";
+    sha256 = "0i7wyfgkaq6kcfhh1yshb1v7q42n3zvdkhq10f3ks1h075xk7mnx";
   };
 
   strictDeps = true;
@@ -112,6 +112,7 @@ stdenv.mkDerivation rec {
     "INITSYSTEM=systemd"
     "UNITDIR=$(out)/etc/systemd/system/"
     "TMPFILESDIR=$(out)/lib/tmpfiles.d/"
+    "LINUX_VARIANT=nixos"
   ];
 
   # Hack to make install work

pkgs/tools/package-management/nix/default.nix

@@ -89,6 +89,14 @@ in lib.makeExtensible (self: {
   nix_2_9 = common {
     version = "2.9.1";
     sha256 = "sha256-qNL3lQPBsnStkru3j1ajN/H+knXI+X3dku8/dBfSw3g=";
+    patches = [
+      # add missing --git-dir flags
+      # remove once 2.9.2 is out
+      (fetchpatch {
+        url = "https://github.com/NixOS/nix/commit/1a994cc35b33dcfd484e7a96be0e76e23bfb9029.patch";
+        sha256 = "sha256-7rDlqWRSVPijbvrTm4P+YykbMWyJryorXqGLEgg8/Wo=";
+      })
+    ];
   };
 
   stable = self.nix_2_9;

pkgs/top-level/all-packages.nix

@@ -404,6 +404,8 @@ with pkgs;
 
   gpick = callPackage ../tools/misc/gpick { };
 
+  hwatch = callPackage ../tools/misc/hwatch { };
+
   hobbes = callPackage ../development/tools/hobbes { stdenv = gcc10StdenvCompat; };
 
   html5validator = python3Packages.callPackage ../applications/misc/html5validator { };
@@ -23357,6 +23359,8 @@ with pkgs;
   linux_5_15_hardened = linuxKernel.kernels.linux_5_15_hardened;
   linuxPackages_5_17_hardened = linuxKernel.packages.linux_5_17_hardened;
   linux_5_17_hardened = linuxKernel.kernels.linux_5_17_hardened;
+  linuxPackages_5_18_hardened = linuxKernel.packages.linux_5_18_hardened;
+  linux_5_18_hardened = linuxKernel.kernels.linux_5_18_hardened;
 
   # Hardkernel (Odroid) kernels.
   linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;

pkgs/top-level/linux-kernels.nix

@@ -244,6 +244,7 @@ in {
     linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { };
     linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
     linux_5_17_hardened = hardenedKernelFor kernels.linux_5_17 { };
+    linux_5_18_hardened = hardenedKernelFor kernels.linux_5_18 { };
 
   }));
   /*  Linux kernel modules are inherently tied to a specific kernel.  So
@@ -551,6 +552,7 @@ in {
     linux_5_10_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_10 { });
     linux_5_15_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_15 { });
     linux_5_17_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_17 { });
+    linux_5_18_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_5_18 { });
 
     linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
     linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);
@@ -565,7 +567,7 @@ in {
   });
 
   packageAliases = {
-    linux_default = if stdenv.hostPlatform.isi686 then packages.linux_5_10 else packages.linux_5_15;
+    linux_default = if stdenv.hostPlatform.is32bit then packages.linux_5_10 else packages.linux_5_15;
     # Update this when adding the newest kernel major version!
     linux_latest = packages.linux_5_18;
     linux_mptcp = packages.linux_mptcp_95;

pkgs/top-level/python-packages.nix

@@ -4743,6 +4743,8 @@ in {
 
   kmapper = callPackage ../development/python-modules/kmapper { };
 
+  kml2geojson = callPackage ../development/python-modules/kml2geojson { };
+
   kmsxx = toPythonModule (pkgs.kmsxx.override {
     withPython = true;
   });
@@ -11208,6 +11210,8 @@ in {
 
   winsspi = callPackage ../development/python-modules/winsspi { };
 
+  wktutils = callPackage ../development/python-modules/wktutils { };
+
   wled = callPackage ../development/python-modules/wled { };
 
   woob = callPackage ../development/python-modules/woob { };