Merge commit 'e3474e1d1e53'

28 files changed, 160 insertions, 117 deletions

diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix b/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix
index 7be670425d7a..b661da75febe 100644
--- a/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix
+++ b/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix
@@ -40,6 +40,7 @@ stdenvNoCC.mkDerivation {
     cp -d \
       ${MacOSX-SDK}/usr/include/*.h \
       ${MacOSX-SDK}/usr/include/*.modulemap \
+      ${MacOSX-SDK}/usr/include/*.apinotes \
       $out/include
 
     rm $out/include/tk*.h $out/include/tcl*.h
diff --git a/nixpkgs/pkgs/os-specific/darwin/karabiner-elements/default.nix b/nixpkgs/pkgs/os-specific/darwin/karabiner-elements/default.nix
index 03a9938bb205..f42ce5b5be2f 100644
--- a/nixpkgs/pkgs/os-specific/darwin/karabiner-elements/default.nix
+++ b/nixpkgs/pkgs/os-specific/darwin/karabiner-elements/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "karabiner-elements";
-  version = "14.11.0";
+  version = "14.13.0";
 
   src = fetchurl {
     url = "https://github.com/pqrs-org/Karabiner-Elements/releases/download/v${version}/Karabiner-Elements-${version}.dmg";
-    sha256 = "sha256-InuSfXbaSYsncq8jVO15LbQmDTguRHlOiE/Pj5EfX5c=";
+    sha256 = "sha256-gmJwoht/Tfm5qMecmq1N6PSAIfWOqsvuHU8VDJY8bLw=";
   };
 
   outputs = [ "out" "driver" ];
diff --git a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix
index 4366e0aedebf..0ada82d0e758 100644
--- a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix
+++ b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix
@@ -7,11 +7,11 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "rectangle";
-  version = "0.75";
+  version = "0.76";
 
   src = fetchurl {
     url = "https://github.com/rxhanson/Rectangle/releases/download/v${version}/Rectangle${version}.dmg";
-    hash = "sha256-IjEqT1PHGohuQqgS+IzZKyLoIs0P0V7z42JzNUuzh84=";
+    hash = "sha256-oHq5mLMWloi6Tf81rjcmUFGwIggtMdyLPqbD/gOzNHU=";
   };
 
   sourceRoot = ".";
diff --git a/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix b/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix
index 7cb63d6ef16d..cdae949ba982 100644
--- a/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix
+++ b/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix
@@ -17,7 +17,7 @@
 
 let
   pname = "yabai";
-  version = "6.0.13";
+  version = "6.0.15";
 
   test-version = testers.testVersion {
     package = yabai;
@@ -53,7 +53,7 @@ in
 
     src = fetchzip {
       url = "https://github.com/koekeishiya/yabai/releases/download/v${version}/yabai-v${version}.tar.gz";
-      hash = "sha256-71Dw/5wqoHE6HEhGA/CJA2WVgN3EifdyBO0gLFOwfJA=";
+      hash = "sha256-L82N0IaC2OAZVhmu9NALencK78FeCZI2cWJyNkGH2vQ=";
     };
 
     nativeBuildInputs = [
@@ -89,7 +89,7 @@ in
       owner = "koekeishiya";
       repo = "yabai";
       rev = "v${version}";
-      hash = "sha256-jt1PwMkhWBWAFYXJ1HxVLwJY9OmNDzlohB5krIsvWfg=";
+      hash = "sha256-buX6FRIXdM5VmYpA80eESDMPf+xeMfJJj0ulyx2g94M=";
     };
 
     nativeBuildInputs = [
diff --git a/nixpkgs/pkgs/os-specific/linux/anbox/0002-NixOS-Build-android-emugl-with-cpp-14.patch b/nixpkgs/pkgs/os-specific/linux/anbox/0002-NixOS-Build-android-emugl-with-cpp-14.patch
new file mode 100644
index 000000000000..bf8750282684
--- /dev/null
+++ b/nixpkgs/pkgs/os-specific/linux/anbox/0002-NixOS-Build-android-emugl-with-cpp-14.patch
@@ -0,0 +1,11 @@
+--- a/external/android-emugl/CMakeLists.txt
++++ b/external/android-emugl/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ # Don't treat any warnings as error as we take the source directly from
+ # upstream and just compile it.
+ set(CMAKE_C_FLAGS "-Wall")
+-set(CMAKE_CXX_FLAGS "-std=c++11 -Wall")
++set(CMAKE_CXX_FLAGS "-std=c++14 -Wall")
+ 
+ # Ensure -fPIC
+ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
diff --git a/nixpkgs/pkgs/os-specific/linux/anbox/default.nix b/nixpkgs/pkgs/os-specific/linux/anbox/default.nix
index ad03ba1aefb2..a3724c792482 100644
--- a/nixpkgs/pkgs/os-specific/linux/anbox/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/anbox/default.nix
@@ -130,6 +130,8 @@ stdenv.mkDerivation rec {
     })
     # Ensures generated desktop files work on store path change
     ./0001-NixOS-Use-anbox-from-PATH-in-desktop-files.patch
+    # Allows android-emugl to build with gtest 1.13+
+    ./0002-NixOS-Build-android-emugl-with-cpp-14.patch
     # Provide window icons
     (fetchpatch {
       url = "https://github.com/samueldr/anbox/commit/2387f4fcffc0e19e52e58fb6f8264fbe87aafe4d.patch";
diff --git a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix
index a99100ad8f4e..5e3768447e28 100644
--- a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "android-udev-rules";
-  version = "20240114";
+  version = "20240221";
 
   src = fetchFromGitHub {
     owner = "M0Rf30";
     repo = "android-udev-rules";
     rev = version;
-    hash = "sha256-qf+KcEcWOsgLMifUOqNbi5t4s62p1gUfna45MyD01U0=";
+    hash = "sha256-Zbztl8ZFLS2UME8LtbahINKk6OUG5jo0O07awMXCPWY=";
   };
 
   installPhase = ''
diff --git a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
index 99c1000f0e4c..97fb7f0a6190 100644
--- a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
@@ -22,7 +22,7 @@
 }:
 
 let
-  apparmor-version = "3.1.6";
+  apparmor-version = "3.1.7";
 
   apparmor-meta = component: with lib; {
     homepage = "https://apparmor.net/";
@@ -36,7 +36,7 @@ let
     owner = "apparmor";
     repo = "apparmor";
     rev = "v${apparmor-version}";
-    hash = "sha256-VPgRmmQv+kgLduc6RTu9gotyjT6OImUXsPeatgG7m9E=";
+    hash = "sha256-AzY05bcpNYXix2GL4Rhc9d3RBA1pd2fwOa7yoiwc2nQ=";
   };
 
   aa-teardown = writeShellScript "aa-teardown" ''
diff --git a/nixpkgs/pkgs/os-specific/linux/ell/default.nix b/nixpkgs/pkgs/os-specific/linux/ell/default.nix
index 4cbf950cdce4..59f2a6965daf 100644
--- a/nixpkgs/pkgs/os-specific/linux/ell/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/ell/default.nix
@@ -9,14 +9,14 @@
 
 stdenv.mkDerivation rec {
   pname = "ell";
-  version = "0.61";
+  version = "0.62";
 
   outputs = [ "out" "dev" ];
 
   src = fetchgit {
     url = "https://git.kernel.org/pub/scm/libs/ell/ell.git";
     rev = version;
-    hash = "sha256-spoZRT/gBCk/e/pn1AujCpCPdEM7hn/ImRyQq4hwctI=";
+    hash = "sha256-HgYwyE0jejEzg9LorjDz7F0GbiXUfYpKNJ+tFIBbYWA=";
   };
 
   nativeBuildInputs = [
diff --git a/nixpkgs/pkgs/os-specific/linux/facetimehd/default.nix b/nixpkgs/pkgs/os-specific/linux/facetimehd/default.nix
index 3bb656e8cb09..30d232f6eb88 100644
--- a/nixpkgs/pkgs/os-specific/linux/facetimehd/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/facetimehd/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   name = "facetimehd-${version}-${kernel.version}";
-  version = "0.5.18";
+  version = "0.6.8";
 
   # Note: When updating this revision:
   # 1. Also update pkgs/os-specific/linux/firmware/facetimehd-firmware/
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
     owner = "patjak";
     repo = "facetimehd";
     rev = version;
-    sha256 = "sha256-UO8t2zrfdJlu4uzhhyWOuHIjJNVezIq3nUPGZeW/KJU=";
+    sha256 = "sha256-Tze85Hx1YmStAKenmF/S1JuMDq5eVjBcs3LSWXjyE7w=";
   };
 
   preConfigure = ''
diff --git a/nixpkgs/pkgs/os-specific/linux/ffado/default.nix b/nixpkgs/pkgs/os-specific/linux/ffado/default.nix
index d1e78a312e05..dfa974e3e683 100644
--- a/nixpkgs/pkgs/os-specific/linux/ffado/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/ffado/default.nix
@@ -1,9 +1,12 @@
 { lib
+, stdenv
 , mkDerivation
+, argp-standalone
 , dbus
 , dbus_cplusplus
 , desktop-file-utils
 , fetchurl
+, fetchpatch
 , glibmm
 , kernel
 , libavc1394
@@ -41,6 +44,13 @@ mkDerivation rec {
   patches = [
     # fix installing metainfo file
     ./fix-build.patch
+
+    (fetchpatch {
+      name = "musl.patch";
+      url = "http://subversion.ffado.org/changeset?format=diff&new=2846&old=2845";
+      stripLen = 2;
+      hash = "sha256-iWeYnb5J69Uvo1lftc7MWg7WrLa+CGZyOwJPOe8/PKg=";
+    })
   ];
 
   outputs = [ "out" "bin" "dev" ];
@@ -79,8 +89,12 @@ mkDerivation rec {
     libraw1394
     libxmlxx3
     python
+  ] ++ lib.optionals (!stdenv.hostPlatform.isGnu) [
+    argp-standalone
   ];
 
+  NIX_LDFLAGS = lib.optionalString (!stdenv.hostPlatform.isGnu) "-largp";
+
   enableParallelBuilding = true;
   dontWrapQtApps = true;
 
diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix
index e3a85f250cb6..86dbbd11d92e 100644
--- a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix
+++ b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix
@@ -1,7 +1,7 @@
 # This file is autogenerated! Run ./update.sh to regenerate.
 {
-  version = "20240115";
-  revision = "20240115";
-  sourceHash = "sha256-aiEYBqjUs48GaDKQ/0DRLm9cmfoWiaUKVGhdtfVlgjk=";
-  outputHash = "sha256-iOQGK1vE05Wcx17hbFJVEW8PcmkHGPcCmO5xZaVQRog=";
+  version = "20240220";
+  revision = "20240220";
+  sourceHash = "sha256-IU2ak8L9kiVt/2hExSfhHJMqtD9QlYEuzW2qz3pP8aU=";
+  outputHash = "sha256-C5vt+tAQxVIMMht/QNQRMjD/9HQuLtL9bMvAwrLKXuo=";
 }
diff --git a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix
index a705a9fb5d38..7aeea8a8b59a 100644
--- a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hwdata";
-  version = "0.378";
+  version = "0.379";
 
   src = fetchFromGitHub {
     owner = "vcrhonek";
     repo = "hwdata";
     rev = "v${version}";
-    hash = "sha256-YCx0b4crg8A7mGXwqk1XQZKsm/3TUE8C2bOYKnb/FSA=";
+    hash = "sha256-6IMvnXP9uy8kAKRyzV/raZzUnpVCzp7SHnGt8qDUDXY=";
   };
 
   configureFlags = [ "--datadir=${placeholder "out"}/share" ];
diff --git a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix
index 762678141bde..ccaf54759d85 100644
--- a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix
@@ -13,12 +13,12 @@
 
 stdenv.mkDerivation rec {
   pname = "iwd";
-  version = "2.13";
+  version = "2.14";
 
   src = fetchgit {
     url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
     rev = version;
-    hash = "sha256-Nyp7Gm3JK6bLzAZxuEjxKnzAK/eAYUO5owMbG90WQ8E=";
+    hash = "sha256-35hKb8IVL8jQG80y48a5CcozUEWxLCdTqAHhZlPFCYE=";
   };
 
   outputs = [ "out" "man" "doc" ]
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix
index a66996b6c143..4b9259d396b3 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix
@@ -290,6 +290,7 @@ let
       IPW2200_MONITOR             = option yes; # support promiscuous mode
       HOSTAP_FIRMWARE             = option yes; # Support downloading firmware images with Host AP driver
       HOSTAP_FIRMWARE_NVRAM       = option yes;
+      MAC80211_MESH               = option yes; # Enable 802.11s (mesh networking) support
       ATH9K_PCI                   = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus
       ATH9K_AHB                   = option yes; # Ditto, AHB bus
       # The description of this option makes it sound dangerous or even illegal
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json
index be230f2462d9..f082e0cd4776 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -42,12 +42,12 @@
     "6.1": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.1.77-hardened1.patch",
-            "sha256": "0gi7sahy24158hsfx6yhlzxg152ipn918nzg6nv4633b7vg6g90f",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.77-hardened1/linux-hardened-6.1.77-hardened1.patch"
+            "name": "linux-hardened-6.1.78-hardened1.patch",
+            "sha256": "1qgjm0j8h08qrsx79gj16dmdylfpmqq80mvlq6nipq0gvbdmcfsb",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.78-hardened1/linux-hardened-6.1.78-hardened1.patch"
         },
-        "sha256": "07grng6rrgpy6c3465hwqhn3gcdam1c8rwya30vgpk8nfxbfqm1v",
-        "version": "6.1.77"
+        "sha256": "12fn23m2xwdlv6gr1s8872lk8mvigqkblvlhr54nh8rik2b6n835",
+        "version": "6.1.78"
     },
     "6.5": {
         "patch": {
@@ -62,21 +62,21 @@
     "6.6": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.6.16-hardened1.patch",
-            "sha256": "04k340nilrlarsh47gpdj5qzcy2h8z4nkr5945j40qa7nkj58ncd",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.16-hardened1/linux-hardened-6.6.16-hardened1.patch"
+            "name": "linux-hardened-6.6.17-hardened1.patch",
+            "sha256": "1j3xgavbi24hpvg932rs095mpf8s6dzng9g17qm3gdfclq4xk41i",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.17-hardened1/linux-hardened-6.6.17-hardened1.patch"
         },
-        "sha256": "0c5a9agdr27bwd1z6790whczb858z8i34hhn548lzbdylfamf7dj",
-        "version": "6.6.16"
+        "sha256": "0si20m9ckir826jg40bh7sh4kwlp610rnc3gwsgs4nm7dfcm0xpf",
+        "version": "6.6.17"
     },
     "6.7": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.7.4-hardened1.patch",
-            "sha256": "1g3waasdsba65rgb6f58drj5qd61b0072hfmzl783jphj8iq045x",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.4-hardened1/linux-hardened-6.7.4-hardened1.patch"
+            "name": "linux-hardened-6.7.5-hardened1.patch",
+            "sha256": "0z5m37712rnnd2hy1qfgrzr09falgy1l0vx607660pblbmh8a4m1",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.5-hardened1/linux-hardened-6.7.5-hardened1.patch"
         },
-        "sha256": "036nk3h7vqzd7gnxan2173kpss5qm2pci1lvd58gh90azigrz3gn",
-        "version": "6.7.4"
+        "sha256": "1zrralagnv9yr8qdg7lc05735691dbh92mgwfyxrq5xqc504dxi9",
+        "version": "6.7.5"
     }
 }
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json
index 89df53ca2a27..13fa601a8e28 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json
@@ -8,31 +8,31 @@
         "hash": "sha256:1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq"
     },
     "6.1": {
-        "version": "6.1.78",
-        "hash": "sha256:12fn23m2xwdlv6gr1s8872lk8mvigqkblvlhr54nh8rik2b6n835"
+        "version": "6.1.79",
+        "hash": "sha256:16xkd0hcslqlcf55d4ivzhf1fkhfs5yy0m9arbax8pmm5yi9r97s"
     },
     "5.15": {
-        "version": "5.15.148",
-        "hash": "sha256:1n75lrck581mppx84cds1a1l5vj05cdkp8ahpry7dx6rgz4pb1f4"
+        "version": "5.15.149",
+        "hash": "sha256:1c01fnaghj55mkgsgddznq1zq4mswsa05rz00kmh1d3y6sd8115x"
     },
     "5.10": {
-        "version": "5.10.209",
-        "hash": "sha256:1mc8rssk5aypgb58jz6i2bbflfr6qh1kgqpam0k8fqvwcjnjzqj4"
+        "version": "5.10.210",
+        "hash": "sha256:0vggj3a71awc1w803cdzrnkn88rxr7l1xh9mmdcw9hzxj1d3r9jf"
     },
     "5.4": {
-        "version": "5.4.268",
-        "hash": "sha256:081695lgkdwlrp6gpp6pyflgh76zax1w52shys4s9zjnrfkarj5g"
+        "version": "5.4.269",
+        "hash": "sha256:1kqqm4hpif3jy2ycnb0dfjgzyn18vqhm1i5q7d7rkisks33bwm7z"
     },
     "4.19": {
-        "version": "4.19.306",
-        "hash": "sha256:06dy270xw4frnrc9p2qjh8chgp02fr5ll5g2b0lx9xqzlq7y86xr"
+        "version": "4.19.307",
+        "hash": "sha256:0lp3fc7sqy48vpcl2g0n1bz7i1hp9k0nlz3i1xfh9l056ihzzvl3"
     },
     "6.6": {
-        "version": "6.6.17",
-        "hash": "sha256:0si20m9ckir826jg40bh7sh4kwlp610rnc3gwsgs4nm7dfcm0xpf"
+        "version": "6.6.18",
+        "hash": "sha256:07cv97l5jiakmmv35n0ganvqfr0590b02f3qb617qkx1zg2xhhsf"
     },
     "6.7": {
-        "version": "6.7.5",
-        "hash": "sha256:1zrralagnv9yr8qdg7lc05735691dbh92mgwfyxrq5xqc504dxi9"
+        "version": "6.7.6",
+        "hash": "sha256:1lrp7pwnxnqyy8c2l4n4nz997039gbnssrfm8ss8kl3h2c7fr2g4"
     }
 }
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix
index ee6516045470..f1449998984b 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildPackages, fetchFromGitHub, perl, buildLinux, rpiVersion, ... } @ args:
+{ stdenv, lib, buildPackages, fetchFromGitHub, fetchpatch, perl, buildLinux, rpiVersion, ... } @ args:
 
 let
   # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this
@@ -27,6 +27,32 @@ lib.overrideDerivation (buildLinux (args // {
     efiBootStub = false;
   } // (args.features or {});
 
+  kernelPatches = (args.kernelPatches or []) ++ [
+    # Fix "WARNING: unmet direct dependencies detected for MFD_RP1", and
+    # subsequent build failure.
+    # https://github.com/NixOS/nixpkgs/pull/268280#issuecomment-1911839809
+    # https://github.com/raspberrypi/linux/pull/5900
+    {
+      name = "drm-rp1-depends-on-instead-of-select-MFD_RP1.patch";
+      patch = fetchpatch {
+        url = "https://github.com/peat-psuwit/rpi-linux/commit/6de0bb51929cd3ad4fa27b2a421a2af12e6468f5.patch";
+        hash = "sha256-9pHcbgWTiztu48SBaLPVroUnxnXMKeCGt5vEo9V8WGw=";
+      };
+    }
+
+    # Fix `ERROR: modpost: missing MODULE_LICENSE() in <...>/bcm2712-iommu.o`
+    # by preventing such code from being built as module.
+    # https://github.com/NixOS/nixpkgs/pull/284035#issuecomment-1913015802
+    # https://github.com/raspberrypi/linux/pull/5910
+    {
+      name = "iommu-bcm2712-don-t-allow-building-as-module.patch";
+      patch = fetchpatch {
+        url = "https://github.com/peat-psuwit/rpi-linux/commit/693a5e69bddbcbe1d1b796ebc7581c3597685b1b.patch";
+        hash = "sha256-8BYYQDM5By8cTk48ASYKJhGVQnZBIK4PXtV70UtfS+A=";
+      };
+    }
+  ];
+
   extraMeta = if (rpiVersion < 3) then {
     platforms = with lib.platforms; arm;
     hydraPlatforms = [];
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
index 3d4af98494a7..b321e0bcd649 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
@@ -6,14 +6,14 @@ let
   # NOTE: When updating these, please also take a look at the changes done to
   # kernel config in the xanmod version commit
   ltsVariant = {
-    version = "6.1.76";
-    hash = "sha256-0nBdUFRGMWM3IL/q8CYiDEUA/sIrYPMkzsBQen30o2E=";
+    version = "6.6.17";
+    hash = "sha256-WSWI3UByuD2SrcFC6El3ao0DINeG0IgtrvazDiHaIR0=";
     variant = "lts";
   };
 
   mainVariant = {
-    version = "6.6.15";
-    hash = "sha256-KHn4Ntm1QStgJRWzwmPYXEbEcuZcF4pWJ964wc6J2Wk=";
+    version = "6.7.5";
+    hash = "sha256-achx+rElMOdPUD0qU2TStrlJXZU71E89HVlM4tKf7WE=";
     variant = "main";
   };
 
diff --git a/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix b/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix
index 62db42e13aa0..b42bffdc057d 100644
--- a/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix
@@ -1,5 +1,6 @@
-{ lib, stdenv, fetchurl, fetchpatch, buildPackages, pcre, pkg-config, libsepol
-, enablePython ? !stdenv.hostPlatform.isStatic, swig ? null, python3 ? null
+{ lib, stdenv, fetchurl, fetchpatch, buildPackages, pcre2, pkg-config, libsepol
+, enablePython ? !stdenv.hostPlatform.isStatic
+, swig ? null, python3 ? null, python3Packages
 , fts
 }:
 
@@ -9,14 +10,14 @@ with lib;
 
 stdenv.mkDerivation rec {
   pname = "libselinux";
-  version = "3.3";
+  version = "3.6";
   inherit (libsepol) se_url;
 
   outputs = [ "bin" "out" "dev" "man" ] ++ optional enablePython "py";
 
   src = fetchurl {
     url = "${se_url}/${version}/libselinux-${version}.tar.gz";
-    sha256 = "0mvh793g7fg6wb6zqhkdyrv80x6k84ypqwi8ii89c91xcckyxzdc";
+    hash = "sha256-uk4O80snDnZypeXxtSP+K+qzpAuzPZOJ9K06hyjyG1I=";
   };
 
   patches = [
@@ -40,8 +41,13 @@ stdenv.mkDerivation rec {
     })
   ];
 
-  nativeBuildInputs = [ pkg-config python3 ] ++ optionals enablePython [ swig ];
-  buildInputs = [ libsepol pcre fts ] ++ optionals enablePython [ python3 ];
+  nativeBuildInputs = [ pkg-config python3 ] ++ optionals enablePython [
+    python3Packages.pip
+    python3Packages.setuptools
+    python3Packages.wheel
+    swig
+  ];
+  buildInputs = [ libsepol pcre2 fts ] ++ optionals enablePython [ python3 ];
 
   # drop fortify here since package uses it by default, leading to compile error:
   # command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
@@ -68,6 +74,7 @@ stdenv.mkDerivation rec {
   ] ++ optionals enablePython [
     "PYTHON=${python3.pythonOnBuildForHost.interpreter}"
     "PYTHONLIBDIR=$(py)/${python3.sitePackages}"
+    "PYTHON_SETUP_ARGS=--no-build-isolation"
   ];
 
   postPatch = lib.optionalString stdenv.hostPlatform.isMusl ''
diff --git a/nixpkgs/pkgs/os-specific/linux/numactl/default.nix b/nixpkgs/pkgs/os-specific/linux/numactl/default.nix
index a65d4ed041b4..16e2ae51f957 100644
--- a/nixpkgs/pkgs/os-specific/linux/numactl/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/numactl/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "numactl";
-  version = "2.0.16";
+  version = "2.0.18";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-aDKzkmvrPDzQl4n0KgeiU5LOLhQA0tmwzGiXvJDp7ZI=";
+    hash = "sha256-ry29RUNa0Hv5gIhy2RTVT94mHhgfdIwb5aqjBycxxj0=";
   };
 
   outputs = [ "out" "dev" "man" ];
diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix
index b8fcffd35f37..9a7d8ffbecf6 100644
--- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix
@@ -99,11 +99,11 @@ rec {
   };
 
   dc_535 = generic rec {
-    version = "535.129.03";
+    version = "535.154.05";
     url = "https://us.download.nvidia.com/tesla/${version}/NVIDIA-Linux-x86_64-${version}.run";
-    sha256_64bit = "sha256-5tylYmomCMa7KgRs/LfBrzOLnpYafdkKwJu4oSb/AC4=";
-    persistencedSha256 = "sha256-FRMqY5uAJzq3o+YdM2Mdjj8Df6/cuUUAnh52Ne4koME=";
-    fabricmanagerSha256 = "sha256-5KRYS+JLVAhDkBn8Z7e0uJvULQy6dSpwnYsbBxw7Mxg=";
+    sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg=";
+    persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE=";
+    fabricmanagerSha256 = "sha256-/HQfV7YA3MYVmre/sz897PF6tc6MaMiS/h7Q10m2p/o=";
     useSettings = false;
     usePersistenced = true;
     useFabricmanager = true;
@@ -117,13 +117,11 @@ rec {
 
   # Last one supporting Kepler architecture
   legacy_470 = generic {
-    version = "470.223.02";
-    sha256_64bit = "sha256-s2hi1TNsw+br6Ow6tPiFsYPaJY8d+x4FrkBrP2xNRPg=";
-    sha256_aarch64 = "sha256-CFkg2ARlGWqlFQKm8SlbwMH6eLidHKA/q5QGVOpPGuU=";
-    settingsSha256 = "sha256-r6DuIH/rnsCm/y51iRgPNi5/kz+EFMVABREdTjBneZ0=";
-    persistencedSha256 = "sha256-e71fpPBBv8S/aoeXxBXkzKy5bsMMbv8y024cSLc8DYc=";
-
-    patches = [ rcu_patch ];
+    version = "470.239.06";
+    sha256_64bit = "sha256-fXTKrBQKBDLXnr6OQzDceW85un3UCz/NYd92AYG/nMw=";
+    sha256_aarch64 = "sha256-NZj8OLQ0N7y3V7UBamLyJE8AbI3alZJD1weNjnssuNs=";
+    settingsSha256 = "sha256-2YTk6DaoB8Qvob9/ohtHXuDhxGO9O/SUwlXXbLSgJP0=";
+    persistencedSha256 = "sha256-wLrkfD8MQ8sMODE+yEnWg/1ETxYVWOqNsIj1dY+5yjc=";
   };
 
   # Last one supporting x86
diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
index 11122d58ac80..e70857ea356e 100644
--- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
+++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
@@ -18,12 +18,12 @@ stdenv.mkDerivation rec {
   };
 
   installPhase = ''
-    find .
     mkdir -p $out/{bin,share/nvidia-fabricmanager}
     for bin in nv{-fabricmanager,switch-audit};do
     ${patchelf}/bin/patchelf \
       --set-interpreter ${stdenv.cc.libc}/lib/ld-${bsys}.so.2 \
       --set-rpath ${lib.makeLibraryPath [ stdenv.cc.libc ]} \
+      --shrink-rpath \
       bin/$bin
     done
     mv bin/nv{-fabricmanager,switch-audit} $out/bin/.
diff --git a/nixpkgs/pkgs/os-specific/linux/power-profiles-daemon/default.nix b/nixpkgs/pkgs/os-specific/linux/power-profiles-daemon/default.nix
index e81f42b65a23..dcf146a01fa6 100644
--- a/nixpkgs/pkgs/os-specific/linux/power-profiles-daemon/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/power-profiles-daemon/default.nix
@@ -5,7 +5,6 @@
 , mesonEmulatorHook
 , ninja
 , fetchFromGitLab
-, fetchpatch
 , libgudev
 , glib
 , polkit
@@ -21,22 +20,21 @@
 , umockdev
 , systemd
 , python3
-, wrapGAppsNoGuiHook
 , nixosTests
 }:
 
 stdenv.mkDerivation rec {
   pname = "power-profiles-daemon";
-  version = "0.13";
+  version = "0.20";
 
   outputs = [ "out" "devdoc" ];
 
   src = fetchFromGitLab {
     domain = "gitlab.freedesktop.org";
-    owner = "hadess";
+    owner = "upower";
     repo = "power-profiles-daemon";
     rev = version;
-    sha256 = "sha256-ErHy+shxZQ/aCryGhovmJ6KmAMt9OZeQGDbHIkC0vUE=";
+    sha256 = "sha256-8wSRPR/1ELcsZ9K3LvSNlPcJvxRhb/LRjTIxKtdQlCA=";
   };
 
   nativeBuildInputs = [
@@ -50,8 +48,6 @@ stdenv.mkDerivation rec {
     libxml2 # for xmllint for stripping GResources
     libxslt # for xsltproc for building docs
     gobject-introspection
-    wrapGAppsNoGuiHook
-    python3.pkgs.wrapPython
     # checkInput but cheked for during the configuring
     (python3.pythonOnBuildForHost.withPackages (ps: with ps; [
       pygobject3
@@ -68,16 +64,16 @@ stdenv.mkDerivation rec {
     upower
     glib
     polkit
-    python3 # for cli tool
-    # Duplicate from nativeCheckInputs until https://github.com/NixOS/nixpkgs/issues/161570 is solved
-    umockdev
+    # for cli tool
+    (python3.withPackages (ps: [
+      ps.pygobject3
+    ]))
   ];
 
   strictDeps = true;
 
-  # for cli tool
-  pythonPath = [
-    python3.pkgs.pygobject3
+  checkInputs = [
+    umockdev
   ];
 
   nativeCheckInputs = [
@@ -95,26 +91,13 @@ stdenv.mkDerivation rec {
 
   PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
 
-  # Avoid double wrapping
-  dontWrapGApps = true;
-
   postPatch = ''
     patchShebangs --build \
       tests/integration-test.py \
       tests/unittest_inspector.py
-  '';
-
-  postCheck = ''
-    # Do not contaminate the wrapper with test dependencies.
-    unset GI_TYPELIB_PATH
-    unset XDG_DATA_DIRS
-  '';
 
-  postFixup = ''
-    # Avoid double wrapping
-    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
-    # Make Python libraries available
-    wrapPythonProgramsIn "$out/bin" "$pythonPath"
+    patchShebangs --host \
+      src/powerprofilesctl
   '';
 
   passthru = {
diff --git a/nixpkgs/pkgs/os-specific/linux/r8168/default.nix b/nixpkgs/pkgs/os-specific/linux/r8168/default.nix
index 69e779dfaa66..6eb53ca17f7a 100644
--- a/nixpkgs/pkgs/os-specific/linux/r8168/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/r8168/default.nix
@@ -6,18 +6,18 @@ let modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel/drivers/net/wi
 in stdenv.mkDerivation rec {
   name = "r8168-${kernel.version}-${version}";
   # on update please verify that the source matches the realtek version
-  version = "8.048.03";
+  version = "8.052.01";
 
   # This is a mirror. The original website[1] doesn't allow non-interactive
   # downloads, instead emailing you a download link.
   # [1] https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software
-  # I've verified manually (`diff -r`) that the source code for version 8.046.00
+  # I've verified manually (`diff -r`) that the source code for version 8.052.01
   # is the same as the one available on the realtek website.
   src = fetchFromGitHub {
     owner = "mtorromeo";
     repo = "r8168";
     rev = version;
-    sha256 = "1l8llpcnapcaafxp7wlyny2ywh7k6q5zygwwjl9h0l6p04cghss4";
+    sha256 = "01mi7hh92nc7jaxkfrpz7j0ci78djrhgmq0im4k1270mwmvr0yzj";
   };
 
   hardeningDisable = [ "pic" ];
diff --git a/nixpkgs/pkgs/os-specific/linux/rtl8821ce/default.nix b/nixpkgs/pkgs/os-specific/linux/rtl8821ce/default.nix
index 87670105b10b..5f9e2e8cf10d 100644
--- a/nixpkgs/pkgs/os-specific/linux/rtl8821ce/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/rtl8821ce/default.nix
@@ -7,13 +7,13 @@
 
 stdenv.mkDerivation rec {
   pname = "rtl8821ce";
-  version = "${kernel.version}-unstable-2023-05-04";
+  version = "${kernel.version}-unstable-2024-01-20";
 
   src = fetchFromGitHub {
     owner = "tomaspinho";
     repo = "rtl8821ce";
-    rev = "a478095a45d8aa957b45be4f9173c414efcacc6f";
-    hash = "sha256-xqVxylKhL7vbC7m5Av6ven5i7OBkS2RHxrKzLOVBlgE=";
+    rev = "66983b69120a13699acf40a12979317f29012111";
+    hash = "sha256-Zxb9cOgP67QdCeTNEme0tAsBqd9j/2k+gcE1QKkUQU4=";
   };
 
   hardeningDisable = [ "pic" ];
diff --git a/nixpkgs/pkgs/os-specific/linux/virtio_vmmci/default.nix b/nixpkgs/pkgs/os-specific/linux/virtio_vmmci/default.nix
index 7c6d57273be9..cff2cbbeae8c 100644
--- a/nixpkgs/pkgs/os-specific/linux/virtio_vmmci/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/virtio_vmmci/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "virtio_vmmci";
-  version = "0.5.0";
+  version = "0.6.0";
 
   src = fetchFromGitHub {
     owner = "voutilad";
     repo = "virtio_vmmci";
     rev = version;
-    hash = "sha256-ZHslYYZFjM3wp0W5J3/WwCtQ2wDzT1jNc26Z/giTC8g=";
+    hash = "sha256-dMh6bqlhsp/cWKqiJ9xjVI9yJj2w1ap7agKSnRjadXA=";
   };
 
   hardeningDisable = [ "pic" "format" ];
diff --git a/nixpkgs/pkgs/os-specific/linux/zfs/stable.nix b/nixpkgs/pkgs/os-specific/linux/zfs/stable.nix
index 5f879320b4dc..df06ea9a3285 100644
--- a/nixpkgs/pkgs/os-specific/linux/zfs/stable.nix
+++ b/nixpkgs/pkgs/os-specific/linux/zfs/stable.nix
@@ -17,20 +17,20 @@ callPackage ./generic.nix args {
   # check the release notes for compatible kernels
   kernelCompatible =
     if stdenv'.isx86_64 || removeLinuxDRM
-    then kernel.kernelOlder "6.7"
+    then kernel.kernelOlder "6.8"
     else kernel.kernelOlder "6.2";
 
   latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
-    then linuxKernel.packages.linux_6_6
+    then linuxKernel.packages.linux_6_7
     else linuxKernel.packages.linux_6_1;
 
   # this package should point to the latest release.
-  version = "2.2.2";
+  version = "2.2.3";
 
   tests = [
     nixosTests.zfs.installer
     nixosTests.zfs.stable
   ];
 
-  hash = "sha256-CqhETAwhWMhbld5ib3Rz1dxms+GQbLwjEZw/V7U/2nE=";
+  hash = "sha256-Bzkow15OitUUQ+mTYhCXgTrQl+ao/B4feleHY/rSSjg=";
 }