Merge staging-next into staging

2 years ago · e87bfef273
parent add75748e2 115f2f7878
commit e87bfef273
26 changed files with 137 additions and 143 deletions
--- a/lib/tests/modules.sh
+++ b/lib/tests/modules.sh
@ -313,7 +313,7 @@ checkConfigOutput "bar" config.priorities ./raw.nix
 ## Option collision
 checkConfigError \
-  'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integers. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
+  'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integer. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
  config.set \
  ./declare-set.nix ./declare-enable-nested.nix
--- a/lib/types.nix
+++ b/lib/types.nix
@ -397,7 +397,7 @@ rec {
    listOf = elemType: mkOptionType rec {
      name = "listOf";
-      description = "list of ${elemType.description}s";
+      description = "list of ${elemType.description}";
      check = isList;
      merge = loc: defs:
        map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def:
@ -426,7 +426,7 @@ rec {
    attrsOf = elemType: mkOptionType rec {
      name = "attrsOf";
-      description = "attribute set of ${elemType.description}s";
+      description = "attribute set of ${elemType.description}";
      check = isAttrs;
      merge = loc: defs:
        mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
@ -449,7 +449,7 @@ rec {
    # error that it's not defined. Use only if conditional definitions don't make sense.
    lazyAttrsOf = elemType: mkOptionType rec {
      name = "lazyAttrsOf";
-      description = "lazy attribute set of ${elemType.description}s";
+      description = "lazy attribute set of ${elemType.description}";
      check = isAttrs;
      merge = loc: defs:
        zipAttrsWith (name: defs:
--- a/nixos/modules/security/wrappers/wrapper.c
+++ b/nixos/modules/security/wrappers/wrapper.c
@ -2,12 +2,12 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdnoreturn.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/xattr.h>
 #include <fcntl.h>
 #include <dirent.h>
 #include <assert.h>
 #include <errno.h>
 #include <linux/capability.h>
 #include <sys/prctl.h>
@ -16,10 +16,7 @@
 #include <syscall.h>
 #include <byteswap.h>
-// Make sure assertions are not compiled out, we use them to codify
+#define ASSERT(expr) ((expr) ? (void) 0 : assert_failure(#expr))
 // invariants about this program and we want it to fail fast and
 // loudly if they are violated.
 #undef NDEBUG
 extern char **environ;
@ -38,6 +35,12 @@ static char *wrapper_debug = "WRAPPER_DEBUG";
 #define LE32_TO_H(x) (x)
 #endif
 static noreturn void assert_failure(const char *assertion) {
    fprintf(stderr, "Assertion `%s` in NixOS's wrapper.c failed.\n", assertion);
    fflush(stderr);
    abort();
 }
 int get_last_cap(unsigned *last_cap) {
    FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r");
    if (file == NULL) {
@ -167,6 +170,7 @@ int readlink_malloc(const char *p, char **ret) {
 }
 int main(int argc, char **argv) {
    ASSERT(argc >= 1);
    char *self_path = NULL;
    int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
    if (self_path_size < 0) {
@ -181,36 +185,36 @@ int main(int argc, char **argv) {
    int len = strlen(wrapper_dir);
    if (len > 0 && '/' == wrapper_dir[len - 1])
      --len;
-    assert(!strncmp(self_path, wrapper_dir, len));
+    ASSERT(!strncmp(self_path, wrapper_dir, len));
-    assert('/' == wrapper_dir[0]);
+    ASSERT('/' == wrapper_dir[0]);
-    assert('/' == self_path[len]);
+    ASSERT('/' == self_path[len]);
    // Make *really* *really* sure that we were executed as
    // `self_path', and not, say, as some other setuid program. That
    // is, our effective uid/gid should match the uid/gid of
    // `self_path'.
    struct stat st;
-    assert(lstat(self_path, &st) != -1);
+    ASSERT(lstat(self_path, &st) != -1);
-    assert(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
+    ASSERT(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
-    assert(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
+    ASSERT(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
    // And, of course, we shouldn't be writable.
-    assert(!(st.st_mode & (S_IWGRP | S_IWOTH)));
+    ASSERT(!(st.st_mode & (S_IWGRP | S_IWOTH)));
    // Read the path of the real (wrapped) program from <self>.real.
    char real_fn[PATH_MAX + 10];
    int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path);
-    assert(real_fn_size < sizeof(real_fn));
+    ASSERT(real_fn_size < sizeof(real_fn));
    int fd_self = open(real_fn, O_RDONLY);
-    assert(fd_self != -1);
+    ASSERT(fd_self != -1);
    char source_prog[PATH_MAX];
    len = read(fd_self, source_prog, PATH_MAX);
-    assert(len != -1);
+    ASSERT(len != -1);
-    assert(len < sizeof(source_prog));
+    ASSERT(len < sizeof(source_prog));
-    assert(len > 0);
+    ASSERT(len > 0);
    source_prog[len] = 0;
    close(fd_self);
--- a/nixos/modules/services/misc/nitter.nix
+++ b/nixos/modules/services/misc/nitter.nix
@ -277,7 +277,7 @@ in
          Add settings here to override NixOS module generated settings.
          Check the official repository for the available settings:
-          https://github.com/zedeus/nitter/blob/master/nitter.conf
+          https://github.com/zedeus/nitter/blob/master/nitter.example.conf
        '';
      };
--- a/pkgs/applications/networking/cluster/k0sctl/default.nix
+++ b/pkgs/applications/networking/cluster/k0sctl/default.nix
@ -1,20 +1,29 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
 , fetchpatch
 , installShellFiles
 }:
 buildGoModule rec {
  pname = "k0sctl";
-  version = "0.11.4";
+  version = "0.12.6";
  src = fetchFromGitHub {
    owner = "k0sproject";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-Fk1aYSa3LqzxiHtlzH5pcNtodOprjfnCFh4UMqCa6Rc=";
+    sha256 = "sha256-TkkMO6xBHY5t5Rpd0ieSDXMrnQ+Xdq+65Rk93ZkYcUs=";
  };
-  vendorSha256 = "sha256-21C6wZ8lKQnbUg3aD0ZFVOgopblXyWk4WP/ubZVk3Yk=";
+  vendorSha256 = "sha256-nTAuvHcsJiW0XYX5GM1SL8cnOhwdrj6iw8tuAkEWNzQ=";
  patches = [
    (fetchpatch {
      url = "https://github.com/k0sproject/${pname}/commit/22c694ab0335a1e6146d0d3f939ef79d2c005a3d.patch";
      sha256 = "sha256-Ftq/vbQd5ArdHboDt6NdyuqpFalHVnsQBdpmyDG/t5Q=";
    })
  ];
  ldflags = [
    "-s"
@ -23,6 +32,15 @@ buildGoModule rec {
    "-X github.com/k0sproject/k0sctl/version.Version=${version}"
  ];
  nativeBuildInputs = [ installShellFiles ];
  postInstall = ''
    for shell in bash zsh fish; do
      installShellCompletion --cmd ${pname} \
        --$shell <($out/bin/${pname} completion --shell $shell)
    done
  '';
  meta = with lib; {
    description = "A bootstrapping and management tool for k0s clusters.";
    homepage = "https://k0sproject.io/";
--- a/pkgs/applications/networking/cluster/tilt/default.nix
+++ b/pkgs/applications/networking/cluster/tilt/default.nix
@ -5,13 +5,13 @@ buildGoModule rec {
  /* Do not use "dev" as a version. If you do, Tilt will consider itself
    running in development environment and try to serve assets from the
    source tree, which is not there once build completes.  */
-  version = "0.26.3";
+  version = "0.30.0";
  src = fetchFromGitHub {
    owner  = "tilt-dev";
    repo   = pname;
    rev    = "v${version}";
-    sha256 = "sha256-jrVf6vNlEkTgALS93o3kIiticvsyFHm5oA2Fh1edAGY=";
+    sha256 = "sha256-bZYm9T3NRNNtT8RDGwnXcXC7Rb/GuIxI/U06By4gR/w=";
  };
  vendorSha256 = null;
--- a/pkgs/applications/video/mpc-qt/default.nix
+++ b/pkgs/applications/video/mpc-qt/default.nix
@ -1,23 +1,16 @@
-{ lib, stdenv, mkDerivation, fetchFromGitLab, fetchpatch, pkg-config, qmake, qtx11extras, qttools, mpv }:
+{ lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, qmake, qtx11extras, qttools, mpv }:
 mkDerivation rec {
  pname = "mpc-qt";
-  version = "2019-06-09";
+  version = "22.02";
-  src = fetchFromGitLab {
+  src = fetchFromGitHub {
    owner = "mpc-qt";
    repo = "mpc-qt";
-    rev = "2abe6e7fc643068d50522468fe75d614861555ad";
+    rev = "v${version}";
-    sha256 = "1cis8dl9pm91mpnp696zvwsfp96gkwr8jgs45anbwd7ldw78w4x5";
+    sha256 = "sha256-DRbNDrWnaTT4A0dRFAv9MX/MDwV/rXIw+R8fQJmVN+g=";
  };
  patches = [
    (fetchpatch {
      url = "https://gitlab.com/mpc-qt/mpc-qt/-/commit/02f2bc7a22e863a89ba322b9acb61cf1aef23ba0.diff";
      sha256 = "0khld55i194zgi18d0wch5459lfzzkbfdbl1im8akvq8ks5xijis";
    })
  ];
  nativeBuildInputs = [ pkg-config qmake qttools ];
  buildInputs = [ mpv qtx11extras ];
@ -26,7 +19,7 @@ mkDerivation rec {
  meta = with lib; {
    description = "Media Player Classic Qute Theater";
-    homepage = "https://gitlab.com/mpc-qt/mpc-qt";
+    homepage = "https://mpc-qt.github.io";
    license = licenses.gpl2;
    platforms = platforms.unix;
    broken = stdenv.isDarwin;
--- a/pkgs/development/libraries/bullet/default.nix
+++ b/pkgs/development/libraries/bullet/default.nix
@ -11,13 +11,13 @@
 stdenv.mkDerivation rec {
  pname = "bullet";
-  version = "3.22b";
+  version = "3.23";
  src = fetchFromGitHub {
    owner = "bulletphysics";
    repo = "bullet3";
    rev = version;
-    sha256 = "sha256-hf2b7enh9mziPKFcdU8NwLdhcxhV7Ididf9Bwwa+5/M=";
+    sha256 = "sha256-XZpwCVfSJD3W93BJrGefy3dGrevNzChU+TrKalMpY4Q=";
  };
  nativeBuildInputs = [ cmake ];
--- a/pkgs/development/libraries/libdigidocpp/default.nix
+++ b/pkgs/development/libraries/libdigidocpp/default.nix
@ -2,12 +2,12 @@
 , xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
 stdenv.mkDerivation rec {
-  version = "3.14.7";
+  version = "3.14.8";
  pname = "libdigidocpp";
  src = fetchurl {
     url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
-     sha256 = "sha256-QdctW2+T8kPNUJv30pXZ/qfnw1Uhq6gScSjUI+bZMfY=";
+     sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=";
  };
  nativeBuildInputs = [ cmake pkg-config xxd ];
--- a/pkgs/development/nim-packages/jsony/default.nix
+++ b/pkgs/development/nim-packages/jsony/default.nix
@ -2,13 +2,13 @@
 buildNimPackage rec {
  pname = "jsony";
-  version = "1.1.3";
+  version = "d0e69bddf83874e15b5c2f52f8b1386ac080b443";
  src = fetchFromGitHub {
    owner = "treeform";
    repo = pname;
    rev = version;
-    hash = "sha256-jtUCoqwCmE536Kpv/vZxGgqiHyReZf1WOiBdUzmMhM4=";
+    sha256 = "1p250wb97nzz2g0vvq6mn521fx7sn1jpk1ralbzqh5q8clh4g7wr";
  };
  doCheck = true;
--- a/pkgs/development/nim-packages/supersnappy/default.nix
+++ b/pkgs/development/nim-packages/supersnappy/default.nix
@ -3,6 +3,6 @@
 fetchFromGitHub {
  owner = "guzba";
  repo = "supersnappy";
-  rev = "1.1.5";
+  rev = "2.1.1";
-  sha256 = "1y26sgnszvdf5sn7j0jx2dpd4i03mvbk9i9ni9kbyrs798bjwi6z";
+  sha256 = "03df1qgrbp84swhqy12ansyn951lkaw0kf1arbnki4fkgdnqdamf";
 }
--- a/pkgs/development/python-modules/apache-airflow/default.nix
+++ b/pkgs/development/python-modules/apache-airflow/default.nix
@ -243,5 +243,7 @@ buildPythonPackage rec {
    homepage = "https://airflow.apache.org/";
    license = licenses.asl20;
    maintainers = with maintainers; [ bhipple costrouc ingenieroariel ];
    # requires extremely outdated versions of multiple dependencies
    broken = true;
  };
 }
--- a/pkgs/development/python-modules/djangorestframework/default.nix
+++ b/pkgs/development/python-modules/djangorestframework/default.nix
@ -1,4 +1,4 @@
-{ lib, buildPythonPackage, fetchFromGitHub, django, isPy27 }:
+{ lib, buildPythonPackage, fetchFromGitHub, django, pytz, isPy27 }:
 buildPythonPackage rec {
  version = "3.12.4";
@ -15,7 +15,7 @@ buildPythonPackage rec {
  # Test settings are missing
  doCheck = false;
-  propagatedBuildInputs = [ django ];
+  propagatedBuildInputs = [ django pytz ];
  meta = with lib; {
    description = "Web APIs for Django, made easy";
--- a/pkgs/development/python-modules/mkdocs-material/default.nix
+++ b/pkgs/development/python-modules/mkdocs-material/default.nix
@ -13,7 +13,7 @@
 buildPythonApplication rec {
  pname = "mkdocs-material";
-  version = "8.2.11";
+  version = "8.2.15";
  format = "setuptools";
  disabled = pythonOlder "3.6";
@ -22,7 +22,7 @@ buildPythonApplication rec {
    owner = "squidfunk";
    repo = pname;
    rev = "refs/tags/${version}";
-    hash = "sha256-YAXdIA36QWwdQxTux6Sy/F0j8lprSO+5/VezFcsGQYg=";
+    hash = "sha256-6x3ENFPGmtRDMV6YRGlTLCYusmX49LrGBDwicg8sDB0=";
  };
  propagatedBuildInputs = [
--- a/pkgs/development/python-modules/pycep-parser/default.nix
+++ b/pkgs/development/python-modules/pycep-parser/default.nix
@ -12,7 +12,7 @@
 buildPythonPackage rec {
  pname = "pycep-parser";
-  version = "0.3.4";
+  version = "0.3.5";
  format = "pyproject";
  disabled = pythonOlder "3.7";
@ -20,8 +20,8 @@ buildPythonPackage rec {
  src = fetchFromGitHub {
    owner = "gruebel";
    repo = "pycep";
-    rev = version;
+    rev = "refs/tags/${version}";
-    hash = "sha256-o2sYPvZVevDqZV8EtKWTL2zHHzX2kmTZ4iVHsUhFv7M=";
+    hash = "sha256-Nj/drNRSIBh8DaE+vzQRijQg8NVUK5qBClwU3aWiA48=";
  };
  nativeBuildInputs = [
--- a/pkgs/development/python-modules/pymdown-extensions/default.nix
+++ b/pkgs/development/python-modules/pymdown-extensions/default.nix
@ -1,7 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
-, fetchpatch
+, hatchling
 , pytestCheckHook
 , markdown
 , pyyaml
@ -38,26 +38,17 @@ let
 in
 buildPythonPackage rec {
  pname = "pymdown-extensions";
-  version = "9.1";
+  version = "9.4";
  format = "pyproject";
  src = fetchFromGitHub {
    owner = "facelessuser";
    repo = "pymdown-extensions";
    rev = version;
-    sha256 = "sha256-II8Po8144h3wPFrzMbOB/qiCm2HseYrcZkyIZFGT+ek=";
+    sha256 = "sha256-9oYLDerz6ZcE4QyLO4mFPuHws8oZoXX8LcSV209MFec=";
  };
-  patches = [
+  nativeBuildInputs = [ hatchling ];
    # this patch is needed to allow tests to pass for later versions of the
    # markdown dependency
    #
    # it can be removed after the next pymdown-extensions release
    (fetchpatch {
      url = "https://github.com/facelessuser/pymdown-extensions/commit/8ee5b5caec8f9373e025f50064585fb9d9b71f86.patch";
      sha256 = "sha256-jTHNcsV0zL0EkSTSj8zCGXXtpUaLnNPldmL+krZj3Gk=";
    })
  ];
  propagatedBuildInputs = [ markdown pygments ];
--- a/pkgs/development/python-modules/pyskyqhub/default.nix
+++ b/pkgs/development/python-modules/pyskyqhub/default.nix
@ -7,7 +7,7 @@
 buildPythonPackage rec {
  pname = "pyskyqhub";
-  version = "0.1.8";
+  version = "0.1.9";
  format = "setuptools";
  disabled = pythonOlder "3.8";
@ -16,7 +16,7 @@ buildPythonPackage rec {
    owner = "RogerSelwyn";
    repo = "skyq_hub";
    rev = version;
-    sha256 = "sha256-1KNgF3d5w+aNKNkOZVkdD3VVLz/F8NyQ5MxO1UaWrFk=";
+    sha256 = "sha256-yXqtABbsCh1yb96lsEA0gquikVenGLCo6J93AeXAC8k=";
  };
  propagatedBuildInputs = [
--- a/pkgs/development/python-modules/sanic/default.nix
+++ b/pkgs/development/python-modules/sanic/default.nix
@ -82,6 +82,9 @@ buildPythonPackage rec {
    # needed for relative paths for some packages
    cd tests
  '' + lib.optionalString stdenv.isDarwin  ''
    # OSError: [Errno 24] Too many open files
    ulimit -n 1024
  '';
  # uvloop usage is buggy
--- a/pkgs/development/tools/ocaml/merlin/4.x.nix
+++ b/pkgs/development/tools/ocaml/merlin/4.x.nix
@ -15,12 +15,13 @@
 }:
 let
-  merlinVersion = "4.4";
+  merlinVersion = "4.5";
  hashes = {
-    "4.4-411" = "sha256:0chx28098mmnjbnaz5wgzsn82rh1w9dhzqmsykb412cq13msl1q4";
+    "4.5-411" = "sha256:05nz6y7r91rh0lj8b6xdv3s3yknmvjc7y60v17kszgqnr887bvpn";
-    "4.4-412" = "sha256:18xjpsiz7xbgjdnsxfc52l7yfh22harj0birlph4xm42d14pkn0n";
+    "4.5-412" = "sha256:0i5c3rfzinmwdjya7gv94zyknsm32qx9dlg472xpfqivwvnnhf1z";
-    "4.4-413" = "sha256:1ilmh2gqpwgr51w2ba8r0s5zkj75h00wkw4az61ssvivn9jxr7k0";
+    "4.5-413" = "sha256:1sphq9anfg1qzrvj7hdcqflj6cmc1qiyfkljhng9fxnnr0i7550s";
    "4.5-414" = "sha256:13h588kwih05zd9p3p7q528q4zc0d1l983kkvbmkxgay5d17nn1i";
  };
  ocamlVersionShorthand = lib.concatStrings
@ -55,8 +56,6 @@ buildDunePackage {
    ./test.patch
  ;
  useDune2 = true;
  strictDeps = true;
  nativeBuildInputs = [
--- a/pkgs/servers/mail/mailman/hyperkitty.nix
+++ b/pkgs/servers/mail/mailman/hyperkitty.nix
@ -1,5 +1,6 @@
 { lib
 , buildPythonPackage
 , fetchpatch
 , fetchPypi
 , pythonOlder
@ -40,6 +41,15 @@ buildPythonPackage rec {
    sha256 = "sha256-gmkiK8pIHfubbbxNdm/D6L2o722FptxYgINYdIUOn4Y=";
  };
  patches = [
    # FIXME: backport Python 3.10 support fix, remove for next release
    (fetchpatch {
      url = "https://gitlab.com/mailman/hyperkitty/-/commit/551a44a76e46931fc5c1bcb341235d8f579820be.patch";
      sha256 = "sha256-5XCrvyrDEqH3JryPMoOXSlVVDLQ+PdYBqwGYxkExdvk=";
      includes = [ "hyperkitty/*" ];
    })
  ];
  postPatch = ''
    # isort is a development dependency
    sed -i '/isort/d' setup.py
--- a/pkgs/servers/nitter/default.nix
+++ b/pkgs/servers/nitter/default.nix
@ -2,14 +2,14 @@
 nimPackages.buildNimPackage rec {
  pname = "nitter";
-  version = "unstable-2022-03-21";
+  version = "unstable-2022-05-13";
  nimBinOnly = true;
  src = fetchFromGitHub {
    owner = "zedeus";
    repo = "nitter";
-    rev = "6884f05041a9b8619ec709afacdfdd6482a120a0";
+    rev = "683c052036b268028f0ecae020a1519bc586516d";
-    sha256 = "1mnc6jqljpqp9lgcrxxvf3aiswssr34v139cxfbwlmj45swmsazh";
+    sha256 = "179z66jlwbdarrgvpdh8aqy2ihkiakd22wqydrfgpsgr59ma8fgl";
  };
  buildInputs = with nimPackages; [
@ -29,6 +29,7 @@ nimPackages.buildNimPackage rec {
  postBuild = ''
    nim c --hint[Processing]:off -r tools/gencss
    nim c --hint[Processing]:off -r tools/rendermd
  '';
  postInstall = ''
--- a/pkgs/servers/web-apps/netbox/default.nix
+++ b/pkgs/servers/web-apps/netbox/default.nix
@ -9,36 +9,7 @@
 let
  py = python3.override {
    packageOverrides = self: super: {
-      django = super.django_3;
+      django = super.django_4;
      jsonschema = super.jsonschema.overridePythonAttrs (old: rec {
        version = "3.2.0";
        src = self.fetchPypi {
          pname = old.pname;
          inherit version;
          sha256 = "c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a";
        };
      });
      lxml = super.lxml.overridePythonAttrs (old: rec {
        version = "4.6.5";
        src = self.fetchPypi {
          pname = old.pname;
          inherit version;
          sha256 = "6e84edecc3a82f90d44ddee2ee2a2630d4994b8471816e226d2b771cda7ac4ca";
        };
      });
      werkzeug = super.werkzeug.overridePythonAttrs (old: rec {
        version = "2.0.3";
        src = self.fetchPypi {
          pname = "Werkzeug";
          inherit version;
          sha256 = "sha256-uGP4/wV8UiFktgZ8niiwQRYbS+W6TQ2s7qpQoWOCLTw=";
        };
      });
      sentry-sdk = super.sentry-sdk.overridePythonAttrs (old: rec {
        disabledTestPaths = old.disabledTestPaths ++ [
          "tests/integrations/flask/test_flask.py"
        ];
      });
    };
  };
@ -64,7 +35,7 @@ py.pkgs.buildPythonApplication rec {
    ];
    propagatedBuildInputs = with py.pkgs; [
-      django_3
+      django_4
      django-cors-headers
      django-debug-toolbar
      django-filter
--- a/pkgs/shells/rc/default.nix
+++ b/pkgs/shells/rc/default.nix
@ -14,10 +14,10 @@ stdenv.mkDerivation rec {
  };
  strictDeps = true;
-  nativeBuildInputs = [ autoreconfHook ];
+  nativeBuildInputs = [ autoreconfHook byacc ];
  # acinclude.m4 wants headers for tgetent().
-  buildInputs = [ byacc ncurses ]
+  buildInputs = [ ncurses ]
    ++ lib.optionals readlineSupport [ readline ];
  configureFlags = [
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@ -1,52 +1,32 @@
-{ lib, stdenv, fetchurl, pkg-config
+{ lib, stdenv, fetchurl, pkg-config, cmake
 , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
 , libmspack, systemd, Foundation, json_c, check
 , rustc, rust-bindgen, rustfmt, cargo, python3
 }:
 stdenv.mkDerivation rec {
  pname = "clamav";
-  version = "0.103.6";
+  version = "0.105.0";
  src = fetchurl {
    url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
-    sha256 = "sha256-qqEuPcGfHTI7HFDXoQ+or1V+Q5AUnoZNWb3jm2rZujM=";
+    sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ=";
  };
-  # don't install sample config files into the absolute sysconfdir folder
+  # Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed
-  postPatch = ''
+  patches = [ ./remove-freshclam-test.patch ];
    substituteInPlace Makefile.in --replace ' etc ' ' '
  '';
  enableParallelBuilding = true;
-  nativeBuildInputs = [ pkg-config ];
+  nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ];
  buildInputs = [
    zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
  ] ++ lib.optional stdenv.isLinux systemd
    ++ lib.optional stdenv.isDarwin Foundation;
-  configureFlags = [
+  cmakeFlags = [
-    "--libdir=$(out)/lib"
+    "-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd"
-    "--sysconfdir=/etc/clamav"
+  ];
    "--disable-llvm" # enabling breaks the build at the moment
    "--with-zlib=${zlib.dev}"
    "--with-xml=${libxml2.dev}"
    "--with-openssl=${openssl.dev}"
    "--with-libcurl=${curl.dev}"
    "--with-libjson=${json_c.dev}"
    "--with-system-libmspack"
    "--enable-milter"
    "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly
    "--enable-check"
  ] ++ lib.optional stdenv.isLinux
    "--with-systemdsystemunitdir=$(out)/lib/systemd";
  postInstall = ''
    mkdir $out/etc
    cp etc/*.sample $out/etc
  '';
  # Only required for the unit tests
  hardeningDisable = [ "format" ];
  doCheck = true;
  meta = with lib; {
--- a/pkgs/tools/security/clamav/remove-freshclam-test.patch
+++ b/pkgs/tools/security/clamav/remove-freshclam-test.patch
@ -0,0 +1,20 @@
 diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt
 index 1460357ba..1194abc9d 100644
 --- a/unit_tests/CMakeLists.txt
 +++ b/unit_tests/CMakeLists.txt
@@ -371,15 +371,6 @@ if(ENABLE_APP)
         set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
     endif()
 -    add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py
 -        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 -    set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT})
 -    if(Valgrind_FOUND)
 -        add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py
 -            WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 -        set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
 -    endif()
 -
     add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py
         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
     set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT})
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -34684,7 +34684,9 @@ with pkgs;
  tgswitch = callPackage ../applications/networking/cluster/tgswitch {};
-  tilt = callPackage ../applications/networking/cluster/tilt { };
+  tilt = callPackage ../applications/networking/cluster/tilt {
    buildGoModule = buildGo118Module;
  };
  timeular = callPackage ../applications/office/timeular {};