Merge master into staging-next

nixos/doc/manual/development/running-nixos-tests-interactively.section.md

@@ -5,7 +5,7 @@ when developing or debugging a test:
 
 ```ShellSession
 $ nix-build . -A nixosTests.login.driverInteractive
-$ ./result/bin/nixos-test-driver --interactive
+$ ./result/bin/nixos-test-driver
 [...]
 >>>
 ```
@@ -28,7 +28,7 @@ You can re-use the VM states coming from a previous run by setting the
 `--keep-vm-state` flag.
 
 ```ShellSession
-$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
+$ ./result/bin/nixos-test-driver --keep-vm-state
 ```
 
 The machine state is stored in the `$TMPDIR/vm-state-machinename`

nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml

@@ -6,7 +6,7 @@
   </para>
   <programlisting>
 $ nix-build . -A nixosTests.login.driverInteractive
-$ ./result/bin/nixos-test-driver --interactive
+$ ./result/bin/nixos-test-driver
 [...]
 &gt;&gt;&gt;
 </programlisting>
@@ -30,7 +30,7 @@ $ ./result/bin/nixos-test-driver --interactive
     the <literal>--keep-vm-state</literal> flag.
   </para>
   <programlisting>
-$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
+$ ./result/bin/nixos-test-driver --keep-vm-state
 </programlisting>
   <para>
     The machine state is stored in the

nixos/lib/test-driver/test_driver/__init__.py

@@ -61,7 +61,7 @@ def main() -> None:
         "-I",
         "--interactive",
         help="drop into a python repl and run the tests interactively",
-        action="store_true",
+        action=argparse.BooleanOptionalAction,
     )
     arg_parser.add_argument(
         "--start-scripts",

nixos/lib/testing-python.nix

@@ -30,7 +30,7 @@ rec {
           # effectively mute the XMLLogger
           export LOGFILE=/dev/null
 
-          ${driver}/bin/nixos-test-driver
+          ${driver}/bin/nixos-test-driver -o $out
         '';
 
       passthru = driver.passthru // {
@@ -51,6 +51,7 @@ rec {
     , enableOCR ? false
     , skipLint ? false
     , passthru ? {}
+    , interactive ? false
   }:
     let
       # Reifies and correctly wraps the python test driver for
@@ -139,7 +140,8 @@ rec {
         wrapProgram $out/bin/nixos-test-driver \
           --set startScripts "''${vmStartScripts[*]}" \
           --set testScript "$out/test-script" \
-          --set vlans '${toString vlans}'
+          --set vlans '${toString vlans}' \
+          ${lib.optionalString (interactive) "--add-flags --interactive"}
       '');
 
   # Make a full-blown test
@@ -217,6 +219,7 @@ rec {
         testName = name;
         qemu_pkg = pkgs.qemu;
         nodes = nodes pkgs.qemu;
+        interactive = true;
       };
 
       test =

nixos/modules/config/xdg/portal.nix

@@ -1,4 +1,4 @@
-{ config, pkgs ,lib ,... }:
+{ config, pkgs, lib, ... }:
 
 with lib;
 
@@ -13,13 +13,13 @@ with lib;
 
   options.xdg.portal = {
     enable =
-      mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{
+      mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>" // {
         default = false;
       };
 
     extraPortals = mkOption {
       type = types.listOf types.package;
-      default = [];
+      default = [ ];
       description = ''
         List of additional portals to add to path. Portals allow interaction
         with system, like choosing files or taking screenshots. At minimum,
@@ -46,25 +46,36 @@ with lib;
     let
       cfg = config.xdg.portal;
       packages = [ pkgs.xdg-desktop-portal ] ++ cfg.extraPortals;
-      joinedPortals = pkgs.symlinkJoin {
+      joinedPortals = pkgs.buildEnv {
         name = "xdg-portals";
-        paths = cfg.extraPortals;
+        paths = packages;
+        pathsToLink = [ "/share/xdg-desktop-portal/portals" "/share/applications" ];
       };
 
-    in mkIf cfg.enable {
+    in
+    mkIf cfg.enable {
 
       assertions = [
-        { assertion = (cfg.gtkUsePortal -> cfg.extraPortals != []);
+        {
-          message = "Setting xdg.portal.gtkUsePortal to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.";
+          assertion = cfg.extraPortals != [ ];
+          message = "Setting xdg.portal.enable to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.";
         }
       ];
 
-      services.dbus.packages  = packages;
+      services.dbus.packages = packages;
       systemd.packages = packages;
 
-      environment.sessionVariables = {
+      environment = {
-        GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
+        # fixes screen sharing on plasmawayland on non-chromium apps by linking
-        XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
+        # share/applications/*.desktop files
+        # see https://github.com/NixOS/nixpkgs/issues/145174
+        systemPackages = [ joinedPortals ];
+        pathsToLink = [ "/share/applications" ];
+
+        sessionVariables = {
+          GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
+          XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
+        };
       };
     };
 }

nixos/modules/module-list.nix

@@ -852,7 +852,6 @@
   ./services/networking/quassel.nix
   ./services/networking/quorum.nix
   ./services/networking/quicktun.nix
-  ./services/networking/racoon.nix
   ./services/networking/radicale.nix
   ./services/networking/radvd.nix
   ./services/networking/rdnssd.nix

nixos/modules/rename.nix

@@ -80,6 +80,9 @@ with lib;
       libinput and synaptics.
     '')
     (mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream")
+    (mkRemovedOptionModule [ "services" "racoon" ] ''
+      The racoon module has been removed, because the software project was abandoned upstream.
+    '')
 
     # Do NOT add any option renames here, see top of the file
   ];

nixos/modules/services/networking/racoon.nix

@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.racoon;
-in {
-  options.services.racoon = {
-    enable = mkEnableOption "racoon";
-
-    config = mkOption {
-      description = "Contents of racoon configuration file.";
-      default = "";
-      type = types.str;
-    };
-
-    configPath = mkOption {
-      description = "Location of racoon config if config is not provided.";
-      default = "/etc/racoon/racoon.conf";
-      type = types.path;
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.racoon = {
-      description = "Racoon Daemon";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      serviceConfig = {
-        ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${
-          if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config
-          else cfg.configPath
-        }";
-        ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config";
-        PIDFile = "/run/racoon.pid";
-        Type = "forking";
-        Restart = "always";
-      };
-      preStart = ''
-        rm /run/racoon.pid || true
-        mkdir -p /var/racoon
-      '';
-    };
-  };
-}

nixos/modules/virtualisation/openvswitch.nix

@@ -36,17 +36,6 @@ in {
         Open vSwitch package to use.
       '';
     };
-
-    ipsec = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Whether to start racoon service for openvswitch.
-        Supported only if openvswitch version is less than 2.6.0.
-        Use <literal>virtualisation.vswitch.package = pkgs.openvswitch-lts</literal>
-        for a version that supports ipsec over GRE.
-      '';
-    };
   };
 
   config = mkIf cfg.enable (let
@@ -65,7 +54,7 @@ in {
       installPhase = "mkdir -p $out";
     };
 
-  in (mkMerge [{
+  in {
     environment.systemPackages = [ cfg.package ];
     boot.kernelModules = [ "tun" "openvswitch" ];
 
@@ -142,48 +131,14 @@ in {
       };
     };
 
-  }
+  });
-  (mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) {
-    environment.systemPackages = [ pkgs.ipsecTools ];
 
-    services.racoon.enable = true;
+  imports = [
-    services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf";
+    (mkRemovedOptionModule [ "virtualisation" "vswitch" "ipsec" ] ''
-
+      OpenVSwitch IPSec functionality has been removed, because it depended on racoon,
-    networking.firewall.extraCommands = ''
+      which was removed from nixpkgs, because it was abanoded upstream.
-      iptables -I INPUT -t mangle -p esp -j MARK --set-mark 1/1
+    '')
-      iptables -I INPUT -t mangle -p udp --dport 4500 -j MARK --set-mark 1/1
+  ];
-    '';
-
-    systemd.services.ovs-monitor-ipsec = {
-      description = "Open_vSwitch Ipsec Daemon";
-      wantedBy = [ "multi-user.target" ];
-      requires = [ "ovsdb.service" ];
-      before = [ "vswitchd.service" "racoon.service" ];
-      environment.UNIXCTLPATH = "/tmp/ovsdb.ctl.sock";
-      serviceConfig = {
-        ExecStart = ''
-          ${cfg.package}/bin/ovs-monitor-ipsec \
-            --root-prefix ${runDir}/ipsec \
-            --pidfile /run/openvswitch/ovs-monitor-ipsec.pid \
-            --monitor --detach \
-            unix:/run/openvswitch/db.sock
-        '';
-        PIDFile = "/run/openvswitch/ovs-monitor-ipsec.pid";
-        # Use service type 'forking' to correctly determine when ovs-monitor-ipsec is ready.
-        Type = "forking";
-      };
-
-      preStart = ''
-        rm -r ${runDir}/ipsec/etc/racoon/certs || true
-        mkdir -p ${runDir}/ipsec/{etc/racoon,etc/init.d/,usr/sbin/}
-        ln -fs ${pkgs.ipsecTools}/bin/setkey ${runDir}/ipsec/usr/sbin/setkey
-        ln -fs ${pkgs.writeScript "racoon-restart" ''
-        #!${pkgs.runtimeShell}
-        /run/current-system/sw/bin/systemctl $1 racoon
-        ''} ${runDir}/ipsec/etc/init.d/racoon
-      '';
-    };
-  })]));
 
   meta.maintainers = with maintainers; [ netixx ];
 

nixos/tests/teeworlds.nix

@@ -36,12 +36,12 @@ in {
       client1.wait_for_x()
       client2.wait_for_x()
 
-      client1.execute("teeworlds 'player_name Alice;connect server'&")
+      client1.execute("teeworlds 'player_name Alice;connect server' >&2 &")
       server.wait_until_succeeds(
           'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Alice"'
       )
 
-      client2.execute("teeworlds 'player_name Bob;connect server'&")
+      client2.execute("teeworlds 'player_name Bob;connect server' >&2 &")
       server.wait_until_succeeds(
           'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Bob"'
       )

pkgs/applications/networking/ids/zeek/default.nix

@@ -21,16 +21,33 @@
 
 stdenv.mkDerivation rec {
   pname = "zeek";
-  version = "4.1.1";
+  version = "4.2.0";
 
   src = fetchurl {
     url = "https://download.zeek.org/zeek-${version}.tar.gz";
-    sha256 = "0wq3kjc3zc5ikzwix7k7gr92v75rg6283kx5fzvc3lcdkaczq2lc";
+    sha256 = "sha256-jZoCjKn+x61KnkinY+KWBSOEz0AupM03FXe/8YPCdFE=";
   };
 
-  nativeBuildInputs = [ cmake flex bison file ];
+  nativeBuildInputs = [
-  buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python3 swig ncurses ]
+    bison
-    ++ lib.optionals stdenv.isDarwin [ gettext ];
+    cmake
+    file
+    flex
+  ];
+
+  buildInputs = [
+    curl
+    gperftools
+    libmaxminddb
+    libpcap
+    ncurses
+    openssl
+    python3
+    swig
+    zlib
+  ] ++ lib.optionals stdenv.isDarwin [
+    gettext
+  ];
 
   outputs = [ "out" "lib" "py" ];
 
@@ -54,7 +71,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = with lib; {
-    description = "Powerful network analysis framework much different from a typical IDS";
+    description = "Network analysis framework much different from a typical IDS";
     homepage = "https://www.zeek.org";
     changelog = "https://github.com/zeek/zeek/blob/v${version}/CHANGES";
     license = licenses.bsd3;

pkgs/applications/networking/mullvad-vpn/default.nix

@@ -2,6 +2,7 @@
 , alsa-lib, atk, cairo, cups, dbus, expat, fontconfig, freetype
 , gdk-pixbuf, glib, gnome2, pango, nspr, nss, gtk3, mesa
 , xorg, autoPatchelfHook, systemd, libnotify, libappindicator
+, makeWrapper
 }:
 
 let deps = [
@@ -53,6 +54,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [
     autoPatchelfHook
     dpkg
+    makeWrapper
   ];
 
   buildInputs = deps;
@@ -73,12 +75,14 @@ stdenv.mkDerivation rec {
     mv usr/bin/* $out/bin
     mv opt/Mullvad\ VPN/* $out/share/mullvad
 
-    sed -i 's|"\/opt\/Mullvad.*VPN|env MULLVAD_DISABLE_UPDATE_NOTIFICATION=1 "'$out'/bin|g' $out/share/applications/mullvad-vpn.desktop
-
     ln -s $out/share/mullvad/mullvad-{gui,vpn} $out/bin/
     ln -s $out/share/mullvad/resources/mullvad-daemon $out/bin/mullvad-daemon
     ln -sf $out/share/mullvad/resources/mullvad-problem-report $out/bin/mullvad-problem-report
 
+    wrapProgram $out/bin/mullvad-vpn --set MULLVAD_DISABLE_UPDATE_NOTIFICATION 1
+
+    sed -i "s|Exec.*$|Exec=$out/bin/mullvad-vpn $U|" $out/share/applications/mullvad-vpn.desktop
+
     runHook postInstall
   '';
 

pkgs/applications/science/misc/tulip/default.nix

@@ -1,19 +1,20 @@
-{ fetchurl, lib, stdenv, libxml2, freetype, libGLU, libGL, glew, qt4
+{ fetchurl, lib, stdenv, libxml2, freetype, libGLU, libGL, glew
-, cmake, makeWrapper, libjpeg, python2 }:
+, qtbase, wrapQtAppsHook, python3
+, cmake, libjpeg }:
 
-let version = "5.2.1"; in
 stdenv.mkDerivation rec {
   pname = "tulip";
-  inherit version;
+  version = "5.6.1";
 
   src = fetchurl {
     url = "mirror://sourceforge/auber/${pname}-${version}_src.tar.gz";
-    sha256 = "0bqmqy6sri87a8xv5xf7ffaq5zin4hiaa13g0l64b84i7yckfwky";
+    sha256 = "1fy3nvgxv3igwc1d23zailcgigj1d0f2kkh7a5j24c0dyqz5zxmw";
   };
 
-  buildInputs = [ libxml2 freetype glew libGLU libGL qt4 libjpeg python2 ];
+  buildInputs = [ libxml2 freetype glew libGLU libGL libjpeg qtbase python3 ];
+  nativeBuildInputs = [ cmake wrapQtAppsHook ];
 
-  nativeBuildInputs = [ cmake makeWrapper ];
+  qtWrapperArgs = [ ''--prefix PATH : ${lib.makeBinPath [ python3 ]}'' ];
 
   # FIXME: "make check" needs Docbook's DTD 4.4, among other things.
   doCheck = false;

pkgs/applications/video/vlc/default.nix

@@ -155,7 +155,7 @@ stdenv.mkDerivation rec {
     xcbutilkeysyms
     xlibsWrapper
   ])
-  ++ optional (!hostIsAarch) live555
+  ++ optional (!hostIsAarch && !onlyLibVLC) live555
   ++ optional jackSupport libjack2
   ++ optionals chromecastSupport [ libmicrodns protobuf ]
   ++ optionals skins2Support (with xorg; [

pkgs/applications/virtualization/crun/default.nix

@@ -37,13 +37,13 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "crun";
-  version = "1.4.1";
+  version = "1.4.2";
 
   src = fetchFromGitHub {
     owner = "containers";
     repo = pname;
     rev = version;
-    sha256 = "sha256-j2+ga+jnKnjnFGmrOOym99keLALg7wR7Jk+jjesiMc4=";
+    sha256 = "sha256-zGtHO8CgpbXTh8nZ6WA0ocakzLjL/PW2IULI5QSEPVI=";
     fetchSubmodules = true;
   };
 

pkgs/applications/virtualization/xen/generic.nix

@@ -254,5 +254,9 @@ stdenv.mkDerivation (rec {
     platforms = [ "x86_64-linux" ];
     maintainers = with lib.maintainers; [ eelco tstrobel oxij ];
     license = lib.licenses.gpl2;
+    # https://xenbits.xen.org/docs/unstable/support-matrix.html
+    knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [
+      "This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
+    ];
   } // (config.meta or {});
 } // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ])

pkgs/development/libraries/imath/default.nix

@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "imath";
-  version = "3.1.3";
+  version = "3.1.4";
 
   src = fetchFromGitHub {
     owner = "AcademySoftwareFoundation";
     repo = "imath";
     rev = "v${version}";
-    sha256 = "sha256-LoyV1Wtugva6MTpREstP2rYMrHW2xR0qfEAIV1Fo1Ns=";
+    sha256 = "sha256-FZXIIzAxhd0QlJAV0q7spEa1pNFXutI0WFZbT3izN4M=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/development/python-modules/aiogithubapi/default.nix

@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "aiogithubapi";
-  version = "22.1.0";
+  version = "22.1.2";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
@@ -21,7 +21,7 @@ buildPythonPackage rec {
     owner = "ludeeus";
     repo = pname;
     rev = version;
-    sha256 = "sha256-rzZtf3xrbNg9VaOAOM6ux1A9S1WqUKBMKxWfHDo7/VM=";
+    sha256 = "sha256-n6OkyMh3HxsFY2zXqbpdvbv5NdFC+J30tW/tLEEaSeU=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/dask-ml/default.nix

@@ -17,13 +17,13 @@
 }:
 
 buildPythonPackage rec {
-  version = "2021.11.30";
+  version = "2022.1.22";
   pname = "dask-ml";
   disabled = pythonOlder "3.6"; # >= 3.6
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "4f73306b5ee56e9b41b133697062d0028d30b1ece883ac6b56532fea5bd3e94a";
+    sha256 = "21a128e9f4f10e3b39cf82b36266eae28b17d16f2f6aa351bd73eb361e49326a";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/entrypoint2/default.nix

@@ -1,31 +1,17 @@
-{ lib, buildPythonPackage, fetchPypi, EasyProcess, pathpy, pytest }:
+{ lib, buildPythonPackage, fetchPypi, EasyProcess, pathpy, pytestCheckHook }:
 
 buildPythonPackage rec {
   pname = "entrypoint2";
-  version = "0.2.4";
+  version = "1.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "4770c3afcf3865c606a6e5f7cfcc5c59212f555fcee9b2540270399149c1dde3";
+    sha256 = "sha256-Z+kG9q2VjYP0i07ewo192CZw6SYZiPa0prY6vJ+zvlY=";
   };
 
-  propagatedBuildInputs = [ ];
-
   pythonImportsCheck = [ "entrypoint2" ];
 
-  # argparse is part of the standardlib
+  checkInputs = [ EasyProcess pathpy pytestCheckHook ];
-  prePatch = ''
-    substituteInPlace setup.py --replace "argparse" ""
-  '';
-
-  checkInputs = [ EasyProcess pathpy pytest ];
-
-  # 0.2.1 has incompatible pycache files included
-  # https://github.com/ponty/entrypoint2/issues/8
-  checkPhase = ''
-    rm -rf tests/__pycache__
-    pytest tests
-  '';
 
   meta = with lib; {
     description = "Easy to use command-line interface for python modules";

pkgs/development/python-modules/hahomematic/default.nix

@@ -14,7 +14,7 @@
 
 buildPythonPackage rec {
   pname = "hahomematic";
-  version = "0.27.0";
+  version = "0.27.2";
   format = "setuptools";
 
   disabled = pythonOlder "3.9";
@@ -23,7 +23,7 @@ buildPythonPackage rec {
     owner = "danielperna84";
     repo = pname;
     rev = version;
-    sha256 = "sha256-RPUj0We1nsKgAl1DTpa3pCD7gMm590N00+xwOVFIOaw=";
+    sha256 = "sha256-XBGA3wRZdl8rJ1hLLPPLK7E87Ggoly+kePbLY4x9/ZE=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/openai/default.nix

@@ -17,7 +17,7 @@
 
 buildPythonPackage rec {
   pname = "openai";
-  version = "0.12.0";
+  version = "0.13.0";
 
   disabled = pythonOlder "3.7.1";
 
@@ -26,7 +26,7 @@ buildPythonPackage rec {
     owner = "openai";
     repo = "openai-python";
     rev = "v${version}";
-    sha256 = "12qkbaw1gyqhs6qwyj65g6l8v5xxnilwgk0gxlwnlzrr82q458ia";
+    sha256 = "sha256-y1ewaVwCcJGACwupGoh7zcKxE9qVXRjMf7k3q/hFhDE=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pubnub/default.nix

@@ -8,18 +8,21 @@
 , pytest-vcr
 , pytest-asyncio
 , requests
-, six
+, pythonOlder
 }:
 
 buildPythonPackage rec {
   pname = "pubnub";
-  version = "5.5.0";
+  version = "6.0.0";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = "python";
     rev = "v${version}";
-    sha256 = "133sis24jd40yq4sgp8lmg2kac5wiiccisjpkhm50rb9wdbpn6kh";
+    hash = "sha256-ktwPut4FBkPMukUk00I1xNOuTvSJkbskPOjoYDJN5Eg=";
   };
 
   propagatedBuildInputs = [
@@ -27,22 +30,24 @@ buildPythonPackage rec {
     cbor2
     pycryptodomex
     requests
-    six
   ];
 
   checkInputs = [
     pytest-asyncio
-    pytestCheckHook
     pytest-vcr
+    pytestCheckHook
   ];
 
-  # Some tests don't pass with recent releases of twisted
   disabledTestPaths = [
+    # Tests require network access
     "tests/integrational"
-    "tests/manual/asyncio"
+    "tests/manual"
+    "tests/functional/push"
   ];
 
-  pythonImportsCheck = [ "pubnub" ];
+  pythonImportsCheck = [
+    "pubnub"
+  ];
 
   meta = with lib; {
     description = "Python-based APIs for PubNub";

pkgs/development/python-modules/pydeconz/default.nix

@@ -10,14 +10,16 @@
 
 buildPythonPackage rec {
   pname = "pydeconz";
-  version = "85";
+  version = "86";
+  format = "setuptools";
+
   disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = "Kane610";
     repo = "deconz";
     rev = "v${version}";
-    sha256 = "sha256-6GTMG3BfHcfLMoyabFbhsJFVDHmEICuzf32603+jyZ4=";
+    sha256 = "sha256-NqNXbF5rGMCbugzZY+AQPPHYmQx/RrSwqtnoF1shSSU=";
   };
 
   propagatedBuildInputs = [
@@ -30,7 +32,9 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
-  pythonImportsCheck = [ "pydeconz" ];
+  pythonImportsCheck = [
+    "pydeconz"
+  ];
 
   meta = with lib; {
     description = "Python library wrapping the Deconz REST API";

pkgs/development/python-modules/pykrakenapi/default.nix

@@ -7,13 +7,13 @@
 
 buildPythonPackage rec {
   pname = "pykrakenapi";
-  version = "0.2.3";
+  version = "0.2.4";
 
   src = fetchFromGitHub {
     owner = "dominiktraxl";
     repo = "pykrakenapi";
     rev = "v${version}";
-    sha256 = "0yvhgk5wyklwqd67hfajnd7ims79h4h89pp65xb3x5mcmdcfz4ss";
+    hash = "sha256-i2r6t+JcL6INI8Y26gvVvNjv6XxMj4G+pF9Xf/hsx1A=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/regenmaschine/default.nix

@@ -14,15 +14,16 @@
 
 buildPythonPackage rec {
   pname = "regenmaschine";
-  version = "2021.10.0";
+  version = "2022.01.0";
   format = "pyproject";
-  disabled = pythonOlder "3.6";
+
+  disabled = pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "bachya";
     repo = pname;
     rev = version;
-    sha256 = "sha256-vMXDnnIQiRuyLvem1JKop6FJ0fhwR8xP0276PdZi/QI=";
+    sha256 = "sha256-TPiz3d1GbcIWCKRz3Hq4JU9+df/Fw4dUXQkIM6QO1Fs=";
   };
 
   nativeBuildInputs = [
@@ -42,7 +43,14 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
-  pythonImportsCheck = [ "regenmaschine" ];
+  disabledTestPaths = [
+    # Examples are prefix with test_
+    "examples/"
+  ];
+
+  pythonImportsCheck = [
+    "regenmaschine"
+  ];
 
   __darwinAllowLocalNetworking = true;
 

pkgs/development/python-modules/rokuecp/default.nix

@@ -2,6 +2,7 @@
 , aiohttp
 , aresponses
 , buildPythonPackage
+, cachetools
 , fetchFromGitHub
 , pytest-asyncio
 , pytestCheckHook
@@ -12,20 +13,21 @@
 
 buildPythonPackage rec {
   pname = "rokuecp";
-  version = "0.8.4";
+  version = "0.11.0";
   format = "setuptools";
 
-  disabled = pythonOlder "3.7";
+  disabled = pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "ctalkington";
     repo = "python-rokuecp";
     rev = version;
-    sha256 = "sha256-vwXBYwiDQZBxEZDwLX9if6dt7tKQQOLyKL5m0q/3eUw=";
+    sha256 = "sha256-Y4Ge7IOR7//MJ0w7kdOgchLWFGR1qJbY0PSpJrjucaQ=";
   };
 
   propagatedBuildInputs = [
     aiohttp
+    cachetools
     xmltodict
     yarl
   ];

pkgs/development/python-modules/zha-quirks/default.nix

@@ -9,13 +9,13 @@
 
 buildPythonPackage rec {
   pname = "zha-quirks";
-  version = "0.0.65";
+  version = "0.0.66";
 
   src = fetchFromGitHub {
     owner = "zigpy";
     repo = "zha-device-handlers";
     rev = version;
-    sha256 = "sha256-3Lcmc95KotFMlL44zDugIQkHtplMMlyWjSb+SLehaqs=";
+    sha256 = "18g0i6b60ndfmbvdsx5pniq56fyc5k39ylp3sjhrfjcj434wvbvc";
   };
 
   propagatedBuildInputs = [

pkgs/development/tools/build-managers/cmake/2.8.nix

@@ -1,88 +0,0 @@
-{ lib, stdenv, fetchurl, fetchpatch, curl, expat, zlib, bzip2
-, useNcurses ? false, ncurses, useQt4 ? false, qt4, ps
-}:
-
-with lib;
-
-assert stdenv ? cc;
-assert stdenv.cc ? libc;
-
-let
-  os = lib.optionalString;
-  majorVersion = "2.8";
-  minorVersion = "12.2";
-  version = "${majorVersion}.${minorVersion}";
-in
-
-stdenv.mkDerivation rec {
-  pname = "cmake${os useNcurses "-cursesUI"}${os useQt4 "-qt4UI"}";
-  inherit version;
-
-  inherit majorVersion;
-
-  src = fetchurl {
-    url = "${meta.homepage}files/v${majorVersion}/cmake-${version}.tar.gz";
-    sha256 = "0phf295a9cby0v7zqdswr238v5aiy3rb2fs6dz39zjxbmzlp8rcc";
-  };
-
-  enableParallelBuilding = true;
-
-  patches =
-    [(fetchpatch { # see https://www.cmake.org/Bug/view.php?id=13959
-      name = "FindFreetype-2.5.patch";
-      url = "https://public.kitware.com/Bug/file/4660/0001-Support-finding-freetype2-using-pkg-config.patch";
-      sha256 = "136z63ff83hnwd247cq4m8m8164pklzyl5i2csf5h6wd8p01pdkj";
-    })] ++
-    # Don't search in non-Nix locations such as /usr, but do search in our libc.
-    [ ./search-path-2.8.patch ] ++
-    optional (stdenv.hostPlatform != stdenv.buildPlatform) (fetchurl {
-      name = "fix-darwin-cross-compile.patch";
-      url = "https://public.kitware.com/Bug/file_download.php?"
-          + "file_id=4981&type=bug";
-      sha256 = "16acmdr27adma7gs9rs0dxdiqppm15vl3vv3agy7y8s94wyh4ybv";
-    });
-
-  postPatch = ''
-    substituteInPlace Utilities/cmlibarchive/CMakeLists.txt \
-      --replace '"-framework CoreServices"' '""'
-  '';
-
-  buildInputs = [ setupHook curl expat zlib bzip2 ]
-    ++ optional useNcurses ncurses
-    ++ optional useQt4 qt4;
-
-  propagatedBuildInputs = [ ps ];
-
-  CMAKE_PREFIX_PATH = concatStringsSep ":"
-    (concatMap (p: [ (p.dev or p) (p.out or p) ]) buildInputs);
-
-  configureFlags = [
-    "--docdir=/share/doc/${pname}-${version}"
-    "--mandir=/share/man"
-    "--system-libs"
-    "--no-system-libarchive"
-   ] ++ lib.optional useQt4 "--qt-gui";
-
-  setupHook = ./setup-hook.sh;
-
-  dontUseCmakeConfigure = true;
-
-  preConfigure = with stdenv; ''
-      fixCmakeFiles .
-      substituteInPlace Modules/Platform/UnixPaths.cmake \
-        --subst-var-by libc_bin ${getBin cc.libc} \
-        --subst-var-by libc_dev ${getDev cc.libc} \
-        --subst-var-by libc_lib ${getLib cc.libc}
-      configureFlags="--parallel=''${NIX_BUILD_CORES:-1} $configureFlags"
-    '';
-
-  hardeningDisable = [ "format" ];
-
-  meta = {
-    homepage = "https://cmake.org";
-    description = "Cross-Platform Makefile Generator";
-    platforms = if useQt4 then qt4.meta.platforms else lib.platforms.unix;
-    maintainers = with lib.maintainers; [ xfix ];
-    license = lib.licenses.bsd3;
-  };
-}

pkgs/development/tools/build-managers/cmake/search-path-2.8.patch

@@ -1,92 +0,0 @@
-diff -ru3 cmake-2.8.12.2/Modules/Platform/Linux.cmake cmake-2.8.12.2-new/Modules/Platform/Linux.cmake
---- cmake-2.8.12.2/Modules/Platform/Linux.cmake	2014-01-16 21:15:08.000000000 +0400
-+++ cmake-2.8.12.2-new/Modules/Platform/Linux.cmake	2016-04-13 22:00:32.928575740 +0300
-@@ -36,22 +36,11 @@
-   # checking the platform every time.  This option is advanced enough
-   # that only package maintainers should need to adjust it.  They are
-   # capable of providing a setting on the command line.
--  if(EXISTS "/etc/debian_version")
--    set(CMAKE_INSTALL_SO_NO_EXE 1 CACHE INTERNAL
--      "Install .so files without execute permission.")
--  else()
--    set(CMAKE_INSTALL_SO_NO_EXE 0 CACHE INTERNAL
--      "Install .so files without execute permission.")
--  endif()
-+  set(CMAKE_INSTALL_SO_NO_EXE 0 CACHE INTERNAL
-+    "Install .so files without execute permission.")
- endif()
- 
- # Match multiarch library directory names.
- set(CMAKE_LIBRARY_ARCHITECTURE_REGEX "[a-z0-9_]+(-[a-z0-9_]+)?-linux-gnu[a-z0-9_]*")
- 
- include(Platform/UnixPaths)
--
--# Debian has lib64 paths only for compatibility so they should not be
--# searched.
--if(EXISTS "/etc/debian_version")
--  set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS FALSE)
--endif()
-diff -ru3 cmake-2.8.12.2/Modules/Platform/UnixPaths.cmake cmake-2.8.12.2-new/Modules/Platform/UnixPaths.cmake
---- cmake-2.8.12.2/Modules/Platform/UnixPaths.cmake	2014-01-16 21:15:08.000000000 +0400
-+++ cmake-2.8.12.2-new/Modules/Platform/UnixPaths.cmake	2016-04-14 00:09:10.106362636 +0300
-@@ -32,9 +32,6 @@
- # List common installation prefixes.  These will be used for all
- # search types.
- list(APPEND CMAKE_SYSTEM_PREFIX_PATH
--  # Standard
--  /usr/local /usr /
--
-   # CMake install location
-   "${_CMAKE_INSTALL_DIR}"
- 
-@@ -44,44 +41,26 @@
- 
- # List common include file locations not under the common prefixes.
- list(APPEND CMAKE_SYSTEM_INCLUDE_PATH
--  # Windows API on Cygwin
--  /usr/include/w32api
--
--  # X11
--  /usr/X11R6/include /usr/include/X11
--
--  # Other
--  /usr/pkg/include
--  /opt/csw/include /opt/include
--  /usr/openwin/include
-+  @libc_dev@/include
-   )
- 
- list(APPEND CMAKE_SYSTEM_LIBRARY_PATH
--  # Windows API on Cygwin
--  /usr/lib/w32api
--
--  # X11
--  /usr/X11R6/lib /usr/lib/X11
--
--  # Other
--  /usr/pkg/lib
--  /opt/csw/lib /opt/lib
--  /usr/openwin/lib
-+  @libc_lib@/lib
-   )
- 
- list(APPEND CMAKE_SYSTEM_PROGRAM_PATH
--  /usr/pkg/bin
-+  @libc_bin@/bin
-   )
- 
- list(APPEND CMAKE_PLATFORM_IMPLICIT_LINK_DIRECTORIES
--  /lib /usr/lib /usr/lib32 /usr/lib64
-+  @libc_lib@/lib
-   )
- 
- list(APPEND CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES
--  /usr/include
-+  @libc_dev@/include
-   )
- list(APPEND CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
--  /usr/include
-+  @libc_dev@/include
-   )
- 
- # Enable use of lib64 search path variants by default.

pkgs/development/tools/metal-cli/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "metal-cli";
-  version = "0.7.0";
+  version = "0.7.1";
 
   src = fetchFromGitHub {
     owner = "equinix";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Zl0OuyqF+bNsp1AqnS8jhQlY7l4U6OjHHgth7pRPwEc=";
+    sha256 = "sha256-Ekwucff12FIjaZ8qDvonhTdz7+DRpPLMGz2yqaCy+Bc=";
   };
 
   vendorSha256 = "sha256-F8d5i9jvjY11Pv6w0ZXI3jr0Wix++B/w9oRTuJGpQfE=";

pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch

@@ -1,16 +0,0 @@
-Index: pkg-ipsec-tools/src/racoon/gssapi.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/gssapi.c
-+++ pkg-ipsec-tools/src/racoon/gssapi.c
-@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
-	gss_name_t princ, canon_princ;
-	OM_uint32 maj_stat, min_stat;
-
-+	if (iph1->rmconf == NULL) {
-+		plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
-+		return -1;
-+	}
-+
-	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
-	if (gps == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");

pkgs/os-specific/linux/ipsec-tools/CVE-2016-10396.patch

@@ -1,193 +0,0 @@
-From: Antoine_Beaupre <anarcat@orangeseeds.org>
-Acked-by: Jiri Bohac <jbohac@suse.cz>
-Subject: PR/51682: Avoid DoS with fragment out of order insertion; keep fragments sorted in the list.
-References: bsc#1047443, CVE-2016-10396
-
-
-
-Index: a/src/racoon/handler.h
-===================================================================
---- a/src/racoon/handler.h.orig	2018-01-26 18:05:21.114764376 +0100
-+++ a/src/racoon/handler.h	2018-01-26 18:05:33.986741103 +0100
-@@ -141,6 +141,7 @@ struct ph1handle {
- #endif
- #ifdef ENABLE_FRAG
- 	int frag;			/* IKE phase 1 fragmentation */
-+	int frag_last_index;
- 	struct isakmp_frag_item *frag_chain;	/* Received fragments */
- #endif
- 
-Index: a/src/racoon/isakmp.c
-===================================================================
---- a/src/racoon/isakmp.c.orig	2018-01-26 18:05:21.118764369 +0100
-+++ a/src/racoon/isakmp.c	2018-01-26 18:05:33.986741103 +0100
-@@ -1069,6 +1069,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
- 		iph1->frag = 1;
- 	else
- 		iph1->frag = 0;
-+	iph1->frag_last_index = 0;
- 	iph1->frag_chain = NULL;
- #endif
- 	iph1->approval = NULL;
-@@ -1173,6 +1174,7 @@ isakmp_ph1begin_r(msg, remote, local, et
- #endif
- #ifdef ENABLE_FRAG
- 	iph1->frag = 0;
-+	iph1->frag_last_index = 0;
- 	iph1->frag_chain = NULL;
- #endif
- 	iph1->approval = NULL;
-Index: a/src/racoon/isakmp_frag.c
-===================================================================
---- a/src/racoon/isakmp_frag.c.orig	2018-01-26 18:05:21.118764369 +0100
-+++ a/src/racoon/isakmp_frag.c	2018-01-26 18:05:33.986741103 +0100
-@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
- 	return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
- }
- 
-+static int 
-+isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
-+{
-+	struct isakmp_frag_item *pitem = NULL;
-+	struct isakmp_frag_item *citem = iph1->frag_chain;
-+
-+	/* no frag yet, just insert at beginning of list */
-+	if (iph1->frag_chain == NULL) {
-+		iph1->frag_chain = item;
-+		return 0;
-+	}
-+
-+	do {
-+		/* duplicate fragment number, abort (CVE-2016-10396) */
-+		if (citem->frag_num == item->frag_num)
-+			return -1;
-+
-+		/* need to insert before current item */
-+		if (citem->frag_num > item->frag_num) {
-+			if (pitem != NULL)
-+				pitem->frag_next = item;
-+			else
-+				/* insert at the beginning of the list  */
-+				iph1->frag_chain = item;
-+			item->frag_next = citem;
-+			return 0;
-+		}
-+
-+		pitem = citem;
-+		citem = citem->frag_next;
-+	} while (citem != NULL);
-+
-+	/* we reached the end of the list, insert */
-+	pitem->frag_next = item;
-+	return 0;
-+}
-+
- int 
- isakmp_frag_extract(iph1, msg)
- 	struct ph1handle *iph1;
-@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
- 	item->frag_next = NULL;
- 	item->frag_packet = buf;
- 
--	/* Look for the last frag while inserting the new item in the chain */
--	if (item->frag_last)
--		last_frag = item->frag_num;
-+	/* Check for the last frag before inserting the new item in the chain */
-+	if (item->frag_last) {
-+		/* if we have the last fragment, indices must match */
-+		if (iph1->frag_last_index != 0 &&
-+		    item->frag_last != iph1->frag_last_index) {
-+			plog(LLV_ERROR, LOCATION, NULL,
-+			     "Repeated last fragment index mismatch\n");
-+			racoon_free(item);
-+			vfree(buf);
-+			return -1;
-+		}
- 
--	if (iph1->frag_chain == NULL) {
--		iph1->frag_chain = item;
--	} else {
--		struct isakmp_frag_item *current;
-+		last_frag = iph1->frag_last_index = item->frag_num;
-+	}
- 
--		current = iph1->frag_chain;
--		while (current->frag_next) {
--			if (current->frag_last)
--				last_frag = item->frag_num;
--			current = current->frag_next;
--		}
--		current->frag_next = item;
-+	/* insert fragment into chain */
-+	if (isakmp_frag_insert(iph1, item) == -1) {
-+		plog(LLV_ERROR, LOCATION, NULL,
-+		    "Repeated fragment index mismatch\n");
-+		racoon_free(item);
-+		vfree(buf);
-+		return -1;
- 	}
- 
--	/* If we saw the last frag, check if the chain is complete */
-+	/* If we saw the last frag, check if the chain is complete
-+	 * we have a sorted list now, so just walk through */
- 	if (last_frag != 0) {
-+		item = iph1->frag_chain;
- 		for (i = 1; i <= last_frag; i++) {
--			item = iph1->frag_chain;
--			do {
--				if (item->frag_num == i)
--					break;
--				item = item->frag_next;
--			} while (item != NULL);
--
-+			if (item->frag_num != i)
-+				break;
-+			item = item->frag_next;
- 			if (item == NULL) /* Not found */
- 				break;
- 		}
- 
--		if (item != NULL) /* It is complete */
-+		if (i > last_frag) /* It is complete */
- 			return 1;
- 	}
- 		
-@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
- 	}
- 	data = buf->v;
- 
-+	item = iph1->frag_chain;
- 	for (i = 1; i <= frag_count; i++) {
--		item = iph1->frag_chain;
--		do {
--			if (item->frag_num == i)
--				break;
--			item = item->frag_next;
--		} while (item != NULL);
--
--		if (item == NULL) {
-+		if (item->frag_num != i) {
- 			plog(LLV_ERROR, LOCATION, NULL, 
- 			    "Missing fragment #%d\n", i);
- 			vfree(buf);
-@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
- 		}
- 		memcpy(data, item->frag_packet->v, item->frag_packet->l);
- 		data += item->frag_packet->l;
-+		item = item->frag_next;
- 	}
- 
- out:
-
-
-diff -u -p -r1.50 -r1.51
---- a/src/racoon/isakmp_inf.c	2013/04/12 09:53:10	1.50
-+++ a/src/racoon/isakmp_inf.c	2017/01/24 19:23:56	1.51
-@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
- #endif
- #ifdef ENABLE_FRAG
- 	iph1->frag = 0;
-+	iph1->frag_last_index = 0;
- 	iph1->frag_chain = NULL;
- #endif
- 

pkgs/os-specific/linux/ipsec-tools/default.nix

@@ -1,49 +0,0 @@
-{ lib, stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, libkrb5, pam }:
-
-# TODO: These tools are supposed to work under NetBSD and FreeBSD as
-# well, so I guess it's not appropriate to place this expression in
-# "os-specific/linux/ipsec-tools". Since I cannot verify that the
-# expression actually builds on those platforms, I'll leave it here for
-# the time being.
-
-stdenv.mkDerivation rec {
-  pname = "ipsec-tools";
-  version = "0.8.2";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/ipsec-tools/ipsec-tools-${version}.tar.bz2";
-    sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf";
-  };
-
-  buildInputs = [ readline openssl flex libkrb5 pam ];
-
-  patches = [
-    ./dont-create-localstatedir-during-install.patch
-    ./CVE-2015-4047.patch
-    ./CVE-2016-10396.patch
-  ];
-
-  # fix build with newer gcc versions
-  preConfigure = ''substituteInPlace configure --replace "-Werror" "" '';
-
-  configureFlags = [
-    "--sysconfdir=/etc --localstatedir=/var"
-    "--with-kernel-headers=${linuxHeaders}/include"
-    "--disable-security-context"
-    "--enable-adminport"
-    "--enable-dpd"
-    "--enable-frag"
-    "--enable-gssapi"
-    "--enable-hybrid"
-    "--enable-natt"
-    "--enable-shared"
-    "--enable-stats"
-  ];
-
-  meta = with lib; {
-    homepage = "http://ipsec-tools.sourceforge.net/";
-    description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation";
-    license = licenses.bsd3;
-    platforms = platforms.linux;
-  };
-}

pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch

@@ -1,13 +0,0 @@
-diff -ubr ipsec-tools-0.8.0-orig/src/racoon/Makefile.in ipsec-tools-0.8.0/src/racoon/Makefile.in
---- ipsec-tools-0.8.0-orig/src/racoon/Makefile.in	2012-10-20 13:01:07.700903316 +0200
-+++ ipsec-tools-0.8.0/src/racoon/Makefile.in	2012-10-20 13:01:13.177832616 +0200
-@@ -1085,9 +1085,6 @@
- 	uninstall-sbinPROGRAMS
- 
- 
--install-exec-local:
--	${mkinstalldirs} $(DESTDIR)${adminsockdir}
--
- # special object rules
- crypto_openssl_test.o: crypto_openssl.c
- 	$(COMPILE) -DEAYDEBUG -o crypto_openssl_test.o -c $(srcdir)/crypto_openssl.c

pkgs/os-specific/linux/kernel/hardened/patches.json

@@ -22,31 +22,31 @@
     "5.10": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.10.92-hardened1.patch",
+            "name": "linux-hardened-5.10.93-hardened1.patch",
-            "sha256": "08vhk7vzwd9r76mphyphc5n718kdpg3l2i0smrr92w5mx19pvs8g",
+            "sha256": "0ka3vnd1pwdjkz10hpn4jpxbg6s00kf5jj47847vhbi7fmbgvbg5",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.92-hardened1/linux-hardened-5.10.92-hardened1.patch"
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.93-hardened1/linux-hardened-5.10.93-hardened1.patch"
         },
-        "sha256": "0lmvdskxk1r18p6rn2dhw23wj8g3a8blar6xn5x1sgqxln006xfm",
+        "sha256": "1jxv7can60rc5i2yjgj8frcjvwi1jnba1jl8i3070xmb1d1qqy56",
-        "version": "5.10.92"
+        "version": "5.10.93"
     },
     "5.15": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.15.15-hardened1.patch",
+            "name": "linux-hardened-5.15.16-hardened1.patch",
-            "sha256": "0js9fz2xx8gshxb5dc6ycmgycmcfqpxdkbpbmx92d397qdnj0460",
+            "sha256": "0a8cdxw2s0jr39j072pn7xr5j8zfdmrbsfl5rbvcjqrfnj4ijc15",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.15-hardened1/linux-hardened-5.15.15-hardened1.patch"
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.16-hardened1/linux-hardened-5.15.16-hardened1.patch"
         },
-        "sha256": "0nisr3i9sxpp0s25wg6sb45287l0v9vmsgnz6d4igbvih37mfg0x",
+        "sha256": "150pzxra564z9xaaclmbbd29x4x9il8y78zz7szi50lzx0a0l2ms",
-        "version": "5.15.15"
+        "version": "5.15.16"
     },
     "5.4": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-5.4.172-hardened1.patch",
+            "name": "linux-hardened-5.4.173-hardened1.patch",
-            "sha256": "124l2b3km1278dc4lgm35f50jfxnbdia1127j27w3b3dhs37baw9",
+            "sha256": "1zpczgxyh76lazsjgf7n1872aayaxg660x6phyr6db667wa8x3r4",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.172-hardened1/linux-hardened-5.4.172-hardened1.patch"
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.173-hardened1/linux-hardened-5.4.173-hardened1.patch"
         },
-        "sha256": "1r3ci123dmijk0n3z91xqri89rbvnk51hd9d4q430ag8cw5qk7mi",
+        "sha256": "0ff2jvwxj55547wvwp94a8bsd610s72906d4nsyhiirrn9sy5s4r",
-        "version": "5.4.172"
+        "version": "5.4.173"
     }
 }

pkgs/servers/mail/postfix/default.nix

@@ -24,11 +24,11 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "postfix";
-  version = "3.6.3";
+  version = "3.6.4";
 
   src = fetchurl {
     url = "http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/${pname}-${version}.tar.gz";
-    sha256 = "1g5ii5vvcr87qkabsbyg3n7kzy1g5k2n5gwa8468w5d0ava424hg";
+    hash = "sha256-jeBhnc8vp8IVqAz4S4KrcWMdTUciy6CUlyXOPhgDHU4=";
   };
 
   nativeBuildInputs = [ makeWrapper m4 ];

pkgs/tools/archivers/unrar/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "unrar";
-  version = "6.1.3";
+  version = "6.1.4";
 
   src = fetchurl {
     url = "https://www.rarlab.com/rar/unrarsrc-${version}.tar.gz";
-    sha256 = "sha256-0FAiRCAJICp5LliL7FiSHBI/8Eb8dV9/InKHGlvXljY=";
+    sha256 = "sha256-wO1YYpJDlhw/HskMCLEf+TJh5Wjb/c4r87dZ7npKO3w=";
   };
 
   postPatch = ''

pkgs/tools/misc/esphome/default.nix

@@ -17,14 +17,14 @@ let
 in
 with python.pkgs; buildPythonApplication rec {
   pname = "esphome";
-  version = "2022.1.1";
+  version = "2022.1.2";
   format = "setuptools";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = version;
-    sha256 = "sha256-cqL+54Hjqql1YpsXEFLTD5UhxoEizFSr//4TZm7QEVU=";
+    sha256 = "sha256-hq+gYhDkEzIqgP4CcHRuA5A9694L3LeW9bditejfjm8=";
   };
 
   patches = [

pkgs/tools/networking/urlwatch/default.nix

@@ -17,6 +17,7 @@ python3Packages.buildPythonApplication rec {
   propagatedBuildInputs = with python3Packages; [
     appdirs
     cssselect
+    jq
     keyring
     lxml
     markdown2

pkgs/tools/security/rng-tools/default.nix

@@ -23,13 +23,6 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-qheJaeVX2zuv0mvKEd6wcbSHFjiJE0t5hVCJiRSKm3M=";
   };
 
-  postPatch = ''
-    ${optionalString withPkcs11 ''
-      substituteInPlace rngd.c \
-        --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so
-    ''}
-  '';
-
   nativeBuildInputs = [ autoreconfHook libtool pkg-config ];
 
   configureFlags = [
@@ -49,8 +42,11 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  # For cross-compilation
+  makeFlags = [
-  makeFlags = [ "AR:=$(AR)" ];
+    "AR:=$(AR)" # For cross-compilation
+  ] ++ optionals (withPkcs11) [
+    "PKCS11_ENGINE=${opensc}/lib/opensc-pkcs11.so" # Overrides configure script paths
+  ];
 
   doCheck = true;
   preCheck = "patchShebangs tests/*.sh";

pkgs/tools/security/volatility3/default.nix

@@ -5,7 +5,7 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "volatility3";
-  version = "1.0.1";
+  version = "2.0.0";
 
   disabled = python3.pythonOlder "3.6";
 
@@ -13,7 +13,7 @@ python3.pkgs.buildPythonApplication rec {
     owner = "volatilityfoundation";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1k56izgkla9mrjrkp1saavajdx9x1wkqpwmbpvxv9rw5k80m5a4a";
+    sha256 = "141n09cdc17pfdhs01aw8l4cvsqpcz8ji5l4gi7r88cyf4ix2lnz";
   };
 
   propagatedBuildInputs = with python3.pkgs; [

pkgs/top-level/aliases.nix

@@ -413,6 +413,7 @@ mapAliases ({
   inotifyTools = inotify-tools;
   inter-ui = inter; # added 2021-03-27
   iproute = iproute2; # moved from top-level 2021-03-14
+  ipsecTools = throw "ipsecTools has benn removed, because it was no longer maintained upstream"; # added 2021-12-15
   i-score = throw "i-score has been removed: abandoned upstream."; # added 2020-11-21
   jack2Full = jack2; # moved from top-level 2021-03-14
   jamomacore = throw "jamomacore has been removed: abandoned upstream."; # added 2020-11-21

pkgs/top-level/all-packages.nix

@@ -8641,11 +8641,6 @@ with pkgs;
 
   pngout = callPackage ../tools/graphics/pngout { };
 
-  ipsecTools = callPackage ../os-specific/linux/ipsec-tools {
-    flex = flex_2_5_35;
-    openssl = openssl_1_0_2;
-  };
-
   patch = gnupatch;
 
   patchage = callPackage ../applications/audio/patchage { };
@@ -14495,8 +14490,6 @@ with pkgs;
 
   ctmg = callPackage ../tools/security/ctmg { };
 
-  cmake_2_8 = callPackage ../development/tools/build-managers/cmake/2.8.nix { };
-
   cmake = libsForQt5.callPackage ../development/tools/build-managers/cmake {
     inherit (darwin.apple_sdk.frameworks) SystemConfiguration;
   };
@@ -32633,9 +32626,7 @@ with pkgs;
 
   astrolabe-generator = callPackage ../applications/science/astronomy/astrolabe-generator { };
 
-  tulip = callPackage ../applications/science/misc/tulip {
+  tulip = libsForQt5.callPackage ../applications/science/misc/tulip { };
-    cmake = cmake_2_8;
-  };
 
   vite = callPackage ../applications/science/misc/vite { };