From 08096e8ccf005b7bec460f5247f097aa1b997077 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 14 Jun 2020 14:18:30 +0200
Subject: [PATCH 01/26] systemd: 245.5 -> 245.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

changes:

 - aa0cb635f1 (tag: v245.6) network: L2TP fix crash
 - 9774347b57 Fix typo.
 - 2cac801f0f stat-util: trivial empty_or_null() tweaks
 - b054e69bf9 Check ambient set against bounding set prior to applying ambient set
 - bed695375a udev: when the BSD lock on a block device is taken, don't complain
 - 66fcfdfde7 core: add forgotten return in error path
 - 05dd19fad3 shared/efi-loader: remove check that uses absolute tick value
 - 753a71ad1d gpt: include homed GPT partition type in well-known partition table
 - 3668722049 units: don't set PrivateNetwork= in systemd-homed.service
 - 2bca2d77d3 resolved-dns-query: remove dns_query_candidate_is_routable
 - a3f6020432 sd-network: fix inverted error message
 - a7a9fe3c93 network: allow empty assignment to PreferredLifetime=
 - 8df6fc1241 Update resolvectl zsh completion
 - c1a83277d0 shared: treat generator units as vendor units
 - 1f382d818d tree-wide: fix bad errno checks
 - 667c207683 bus-message: immediately reject messages with invalid type
 - 116a8eadb6 bus-message: fix negative offset with ~empty message
 - 4d5779d886 load-fragment: fix a typo
 - c8b6de003a NEWS: retroactively document Family=
 - cf6b8e6ec5 man: fix dir name in sysctl.d(5)
 - 6d009b7a25 journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable
 - cf786ef164 makefs: log about OOM condition
 - 0b1839822f blockdev: propagate one more unexpected error
 - d78ce949d0 repart: don't insist on coming up on partition label ourselves
 - 9e1363fcc6 journal: fix dropping first record during upload to remote journal
 - 50cb4e418d meson: initialize time-epoch to reproducible builds compatible value
 - 76abe079b7 limit-util: quieten a very common debug message that is misleading
 - b3e484a3b1 shared: fix integer overflow in calendarspec
 - 0c29eea969 repart: suppress complaints about lack of BLKRRPART when operating on regular file
 - 3db52f5ed8 repart: explain when we exit early and don't do a thing
 - d99cba3aaa mount: introduce mount_is_nofail() helper
 - 7bc4bcea15 mount: default startup dependencies and default network ones are orthogonal
 - 7fe617fa53 mount: introduce mount_add_default_ordering_dependencies()
 - e1c091b6d4 automount: fix handling of default dependencies for automount units
 - ae05a137c9 mount: let pid1 alone handle the default dependencies for mount units
 - f1fb197176 mount: mount unit activated by automount unit should be only ordered against the automount unit
 - c9bcc69703 generator: don't generate device dependencies for extrinsic mounts
 - ebac09ea0a fstab-util: introduce fstab_is_extrinsic()
 - a20e4ea0ed device: drop refuse_after
 - 2799fffac1 man: drop some left-over mentions of StandardOutput=syslog
 - 144aff9c3b sd-netlink: remove unused RTNL_WQUEUE_MAX define
 - 34ca8df8e1 test: Add return 0 to main() function (even it is not strictly necessary)
 - 6e03f328a9 network: 'cur' variable cannot be null, so simplify code
 - 8d0c97f6ca tree-wide: Initialize _cleanup_ variables if needed
 - 4f174e49ae netlink: Fix assert condition on n_containers
 - 3905ce532c journald: Increase stdout buffer size sooner, when almost full
 - 5a37eb7c61 core: don't bind varlink socket if running in test mode
 - 33fff72ce6 pam_systemd: also print debug lines when ending a session
 - ba9af79ccb pam_systemd_home: use correct macro for converting ptr to fd
 - 6199235489 Fix misuse of PAM_PROMPT_ECHO_OFF in systemd-homed
 - c180a2c452 shared/ethtool-util: hush gcc warnings about array bounds
 - 1addba4aac core: fix compilation with gcc -O3
 - 9c46b97161 random-util: use ERRNO_IS_NOT_SUPPORTED() macro
 - d85f9093d2 tmpfiles: clarify that "!" lines are filtered before collisions are checked
 - 2fac966a5c man: mention the exclamation mark and minus sign literally, to make things searchable
 - 4f61be3373 man: clarify that exit status name mappings are unaffected by SuccessExitStatus=
 - b747d74a41 seccomp-util: add new syscalls from kernel 5.6 to syscall filter table
 - c30d8caf8b tree-wide: Replace assert() by assert_se() when there is side effect
 - b6e8e3be7e networkctl: use uint64_t for link speed throughout
 - be66ce6089 tree-wide: use CMSG_SPACE() (and not CMSG_LEN()) to allocate control buffers
 - 1cb197798a man: suffix pam options with "=" where arg is required too
 - a5fe01d3da test: Use assert_se() where variables are only checked by assert
 - 6960efd198 tree-wide: Fix, replace assert() by assert_se() when there is side effect
 - 93c1b03074 tree-wide: Mark as _unused_ variables that are only used in assert()
 - c7679d7a9f tree-wide: Workaround -Wnonnull GCC bug
 - 073b257fd7 man: bring example PAM snippet of pam_systemd and pam_systemd_home back in sync
 - 855291a81c man: highlight relevant lines in pam_systemd_home.so example PAM snippet
 - f89ad7c0fd login: include pam_systemd_home.so in the default PAM snippet we ship for user@.service
 - 9357f9466f test: Skip test-boot-timestamps on permission denied
 - cad4ebe14e sysusers: be extra careful when locking accounts
 - 551e6f233a shared/install: print name of offending file in error
 - c6a2e51232 systemctl: fix --root support in querying presets
 - 6f1eedbfdd systemctl: fix hint when 'systemctl help' is given
 - 925521df7c shared/unit-file: fix resolution of absoulute symlinks with --root
 - 756ba362e8 man: mention that ProtectSystem= also takes care of /efi
 - 4f77cf43b5 man: systemd.service: systemd-analyze exit-codes -> exit-status
 - 7c6ea7a053 man: expand on the star…end/repetition time expressions
 - e06b940792 calendarspec: be more graceful with two kinds of calendar expressions
 - f3dd0b476d calendarspec: minor simplification
 - 3581c16d56 shutdown: fix spacing in shutdown error message
 - 9556255349 nspawn: mount custom paths before writing to /etc
 - 37447b7e78 repart: fix partition maximum size segfault
 - 7f231ba503 link: Add units and fix typo in (Rx|Tx)BufferSize= manpage. Clean up the implementation slightly
 - e75d2cdb0b main: bump RLIMIT_MEMLOCK by physical RAM size
 - e16b9a1e31 nspawn: be more careful with creating/chowning directories to overmount
 - 765d184a69 homectl: say "home area" in more places
 - c11bff4fa7 userdbctl: make --help fit in 80 columns
 - 0e56c2ef3f shell-completion/zsh: update systemd-analyze completions
 - 2bb580f994 zsh: fix disable/enable completion
 - 607a19a309 cgroup-util: check for SYSFS_MAGIC when detecting cgroup format
 - ddb3c38efc stat-util: no need to open a file to check fs type
 - bd8842304c sysusers,tmpfiles: always mention error when failing to replace specifiers
 - bdea9b65d2 sysusers: add accidentally forgotten 'return'
 - 17b059774d man: document binfmt's new --unregister switch
 - 560380d8ec binfmt: also unregister binfmt entries from unit
 - 80835d9c51 binfmt: modernize code a bit
 - a1745741b8 shutdown: unregister all binfmt_misc entries before entering shutdown loop
 - b637445950 shared: add common helper for unregistering all binfmt entries
 - 0215625e99 home: fix strv NUL termination
 - 038988baa1 networkd: don't do lldp rx nor tx on bond devices
 - 9512d576d9 sd-bus: Fix typo in sd_bus_message_append_array docs
 - 63cef71dd0 shared: add NULL callback check in one more place
 - 6b91ca22a2 core: fix unused variable warning when !HAVE_SECCOMP
 - f7c1c79c57 udev: prepare memory for extra NUL termination for NULSTR
 - 69e0ef0d99 tree-wide: use recvmsg_safe() at various places
 - cd0a84d4e9 socket-util: add recvmsg_safe() wrapper that handles MSG_CTRUNC
 - 2bb48c704b sd-bus: work around ubsan warning
 - c147bba1fb shared: Don't try calling NULL callback in bus_wait_for_units_clear
 - f907491463 run: don't wait for start job to complete when running interactively anyway
 - d3d1550a5d man: Fix typo "multiplied with" -> "multiplied by"
 - ae5a9f27c5 core: make sure we don't get confused when setting TERM for a tty fd
 - a07d3eaf76 man: document that VirtualEthernetExtra= has nothing to do with Bridge=
 - 35fe81078e core: add debug log when a job in the activation queue is not runnable
 - a0cd882be8 core: add log_get_max_level check optimization in log_unit_full
 - 2a6ad1093c util: return the correct correct wd from inotify helpers
 - 9ec244c5c1 core: minor error code handling fixes
 - a799283c91 man: document how to get the boot menu with zero time-out
 - 7263e86c8d resolved: return org.freedesktop.resolve1.DnsError.NXDOMAIN on LLMNR resolution failure
 - 6eab4c2b3e man: use manpages.ubuntu.com for resolvconf(8) link
 - 75ccec5cde man: add a note that resolvconf updates /etc/resolv.conf in specific circumstances
 - 3e3a31743a resolvectl: fix indentation of hexdump'ed packets
 - 6576058fab journald: add configuration option for enabling/disabling audit during journald startup
 - 52c5909f15 man/systemd-service: clarify env variable expansion
 - ac08df59c0 resolved: fix typo in an unused function and add comment
---
 ...ts-for-uninitialised-encrypted-devic.patch |  2 +-
 ...on-t-try-to-unmount-nix-or-nix-store.patch | 22 +++++++++----------
 .../systemd/0003-Fix-NixOS-containers.patch   |  8 +++----
 ...004-Look-for-fsck-in-the-right-place.patch |  2 +-
 ...some-NixOS-specific-unit-directories.patch |  2 +-
 ...f-a-useless-message-in-user-sessions.patch |  4 ++--
 ...d-timedated-disable-methods-that-cha.patch |  2 +-
 .../linux/systemd/0008-Fix-hwdb-paths.patch   |  2 +-
 ...e-usr-share-zoneinfo-to-etc-zoneinfo.patch |  4 ++--
 ...calectl-use-etc-X11-xkb-for-list-x11.patch |  2 +-
 ...te-statedir-and-don-t-touch-prefixdi.patch |  6 ++---
 ...configuration-into-out-share-factory.patch | 12 +++++-----
 ...-environment-when-calling-generators.patch |  6 ++---
 ...4-add-rootprefix-to-lookup-dir-paths.patch |  2 +-
 ...-execute-scripts-in-etc-systemd-syst.patch |  6 ++---
 ...ecute-scripts-in-etc-systemd-system-.patch |  2 +-
 ...s.service-Update-ConditionFileNotEmp.patch |  2 +-
 ...-placeholder-for-DEFAULT_PATH_NORMAL.patch |  2 +-
 pkgs/os-specific/linux/systemd/default.nix    |  6 ++---
 19 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch
index c88d0eeeff2b..ab04ea91644e 100644
--- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch
+++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch
@@ -1,4 +1,4 @@
-From b873e4c0de3e24f2ec9370e5a217247217e90587 Mon Sep 17 00:00:00 2001
+From 22f46f55c81d84e83a4614856d84e63c8400165c Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Tue, 8 Jan 2013 15:46:30 +0100
 Subject: [PATCH 01/18] Start device units for uninitialised encrypted devices
diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch
index 4f94cb465d4e..c52a13c9a41c 100644
--- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch
+++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch
@@ -1,4 +1,4 @@
-From bdd3ff777dd8253ff5732118dd6de0fa9a9b95fe Mon Sep 17 00:00:00 2001
+From e5b2b1e90d055068936336f6f01639bcde251b96 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Fri, 12 Apr 2013 13:16:57 +0200
 Subject: [PATCH 02/18] Don't try to unmount /nix or /nix/store
@@ -7,18 +7,18 @@ They'll still be remounted read-only.
 
 https://github.com/NixOS/nixos/issues/126
 ---
- src/core/mount.c      | 2 ++
- src/shutdown/umount.c | 2 ++
+ src/shared/fstab-util.c | 2 ++
+ src/shutdown/umount.c   | 2 ++
  2 files changed, 4 insertions(+)
 
-diff --git a/src/core/mount.c b/src/core/mount.c
-index 1c4aefd734..a5553226f8 100644
---- a/src/core/mount.c
-+++ b/src/core/mount.c
-@@ -412,6 +412,8 @@ static bool mount_is_extrinsic(Mount *m) {
- 
-         if (PATH_IN_SET(m->where,  /* Don't bother with the OS data itself */
-                         "/",       /* (strictly speaking redundant: should already be covered by the perpetual flag check above) */
+diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c
+index b19127be09..f9adca1100 100644
+--- a/src/shared/fstab-util.c
++++ b/src/shared/fstab-util.c
+@@ -40,6 +40,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) {
+         /* Don't bother with the OS data itself */
+         if (PATH_IN_SET(mount,
+                         "/",
 +                        "/nix",
 +                        "/nix/store",
                          "/usr",
diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch
index 73aab8dd91ca..e96593a59387 100644
--- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch
+++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch
@@ -1,4 +1,4 @@
-From c28b3b2e254433e93549ee6fe8c93b43ce455776 Mon Sep 17 00:00:00 2001
+From ca7f6286c518d7ef3877458bbdf8e01f5518ab0e Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Wed, 16 Apr 2014 10:59:28 +0200
 Subject: [PATCH 03/18] Fix NixOS containers
@@ -10,10 +10,10 @@ container, so checking early whether it exists will fail.
  1 file changed, 2 insertions(+)
 
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 734dee1130..a97b1a4bc9 100644
+index 51d0c2a75b..4d3451ff3b 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
-@@ -5018,6 +5018,7 @@ static int run(int argc, char *argv[]) {
+@@ -5017,6 +5017,7 @@ static int run(int argc, char *argv[]) {
                                  goto finish;
                          }
                  } else {
@@ -21,7 +21,7 @@ index 734dee1130..a97b1a4bc9 100644
                          const char *p, *q;
  
                          if (arg_pivot_root_new)
-@@ -5032,6 +5033,7 @@ static int run(int argc, char *argv[]) {
+@@ -5031,6 +5032,7 @@ static int run(int argc, char *argv[]) {
                                  r = -EINVAL;
                                  goto finish;
                          }
diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch
index e10726a2cb1f..4b2c059afd59 100644
--- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch
+++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch
@@ -1,4 +1,4 @@
-From baf52609ad18785aa1d2cd043185ae9438d59411 Mon Sep 17 00:00:00 2001
+From c87cc5b1cf9c37f195e6b362352279e14289554e Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Thu, 1 May 2014 14:10:10 +0200
 Subject: [PATCH 04/18] Look for fsck in the right place
diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch
index 23aa893362b5..d12a6c828600 100644
--- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch
+++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch
@@ -1,4 +1,4 @@
-From 45f80155b7c2edb1e73c233283f1ab1582e1cfbe Mon Sep 17 00:00:00 2001
+From 450c133c1815b473136b2a5540f9213fef5506ee Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Fri, 19 Dec 2014 14:46:17 +0100
 Subject: [PATCH 05/18] Add some NixOS-specific unit directories
diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch
index 0b57dc1f9c89..ac3d3b0bd6fe 100644
--- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch
+++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch
@@ -1,4 +1,4 @@
-From d52058070c0c12bb05f82460f0b4b55678b724e9 Mon Sep 17 00:00:00 2001
+From f88a9bb1e6080b539ed0116caa9781e7f6755f54 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Mon, 11 May 2015 15:39:38 +0200
 Subject: [PATCH 06/18] Get rid of a useless message in user sessions
@@ -13,7 +13,7 @@ in containers.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/src/core/unit.c b/src/core/unit.c
-index 97e1b0004c..d3cc2ba9ec 100644
+index c306183555..3db39fa435 100644
 --- a/src/core/unit.c
 +++ b/src/core/unit.c
 @@ -2043,7 +2043,8 @@ static void unit_check_binds_to(Unit *u) {
diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch
index 5703c4f43fd4..70fc147232b7 100644
--- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch
+++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch
@@ -1,4 +1,4 @@
-From 409fc808794942ad1736c2cc74853d9792e4ad02 Mon Sep 17 00:00:00 2001
+From e2b25ce3606d05ff8a387185c41ab32fb2a36161 Mon Sep 17 00:00:00 2001
 From: Gabriel Ebner <gebner@gebner.org>
 Date: Sun, 6 Dec 2015 14:26:36 +0100
 Subject: [PATCH 07/18] hostnamed, localed, timedated: disable methods that
diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch
index a9bf9abee520..36d82e22f8c7 100644
--- a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch
+++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch
@@ -1,4 +1,4 @@
-From b56fc7b6ae8014eb2f71924c89498f395a1a81bd Mon Sep 17 00:00:00 2001
+From 5a6aad633a7ceffd62b009ce0c4ab6673129f7ff Mon Sep 17 00:00:00 2001
 From: Nikolay Amiantov <ab@fmap.me>
 Date: Thu, 7 Jul 2016 02:47:13 +0300
 Subject: [PATCH 08/18] Fix hwdb paths
diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
index 12a9dd5a77f6..8b5c807e4a89 100644
--- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
+++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
@@ -1,4 +1,4 @@
-From 4d304a321796db4de827aa39a149bea23d039214 Mon Sep 17 00:00:00 2001
+From b509dbd302a7933ae0002f44b99aac6a1fd5775b Mon Sep 17 00:00:00 2001
 From: Nikolay Amiantov <ab@fmap.me>
 Date: Tue, 11 Oct 2016 13:12:08 +0300
 Subject: [PATCH 09/18] Change /usr/share/zoneinfo to /etc/zoneinfo
@@ -79,7 +79,7 @@ index 901fbf0815..b57bdd8fbe 100644
          (void) mkdir_parents(etc_localtime, 0755);
          if (symlink(e, etc_localtime) < 0)
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index a97b1a4bc9..aed60439e3 100644
+index 4d3451ff3b..1adb91335c 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
 @@ -1657,8 +1657,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u
diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch
index 7e6453f2ddd3..b18ffb401664 100644
--- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch
+++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch
@@ -1,4 +1,4 @@
-From cb3f1ec1793cbf74c4b5663e038bd49ff4576192 Mon Sep 17 00:00:00 2001
+From b5665ef8b9266c662c3a137df1ef1721cdff346e Mon Sep 17 00:00:00 2001
 From: Imuli <i@imu.li>
 Date: Wed, 19 Oct 2016 08:46:47 -0400
 Subject: [PATCH 10/18] localectl: use /etc/X11/xkb for list-x11-*
diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch
index 080cd4670e6f..bc9efaed23ee 100644
--- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch
+++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch
@@ -1,4 +1,4 @@
-From 0ffb786d0e12a61899af448b1e4dd32a53ea5a8e Mon Sep 17 00:00:00 2001
+From be6b5c37779302384079b22b7fd767daad878fa9 Mon Sep 17 00:00:00 2001
 From: Franz Pletz <fpletz@fnordicwalking.de>
 Date: Sun, 11 Feb 2018 04:37:44 +0100
 Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir
@@ -8,10 +8,10 @@ Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir
  1 file changed, 3 deletions(-)
 
 diff --git a/meson.build b/meson.build
-index fc216d22da..078db3bb5d 100644
+index c09115e06a..62eba4186c 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -3176,9 +3176,6 @@ install_data('LICENSE.GPL2',
+@@ -3184,9 +3184,6 @@ install_data('LICENSE.GPL2',
               'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION',
               install_dir : docdir)
  
diff --git a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch
index 2961a2ebe56f..5d67ce0ca31e 100644
--- a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch
+++ b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch
@@ -1,4 +1,4 @@
-From 3dbcdab1ba22c4eeca6d61718c09bcb9b5551764 Mon Sep 17 00:00:00 2001
+From 9262f52b0e30cf8c39d9f7684a8c0e8fd4887cd5 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
 Date: Mon, 26 Feb 2018 14:25:57 +0000
 Subject: [PATCH 12/18] Install default configuration into $out/share/factory
@@ -44,7 +44,7 @@ index 4df6dabf89..02d8d69095 100644
          meson.add_install_script('sh', '-c',
                                   'test -n "$DESTDIR" || @0@/systemd-hwdb update'
 diff --git a/meson.build b/meson.build
-index 078db3bb5d..6e1a6483fc 100644
+index 62eba4186c..b0b2edbb5a 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -154,6 +154,9 @@ udevhwdbdir = join_paths(udevlibexecdir, 'hwdb.d')
@@ -57,7 +57,7 @@ index 078db3bb5d..6e1a6483fc 100644
  bootlibdir = join_paths(prefixdir, 'lib/systemd/boot/efi')
  testsdir = join_paths(prefixdir, 'lib/systemd/tests')
  systemdstatedir = join_paths(localstatedir, 'lib/systemd')
-@@ -2503,7 +2506,7 @@ if conf.get('ENABLE_BINFMT') == 1
+@@ -2511,7 +2514,7 @@ if conf.get('ENABLE_BINFMT') == 1
          meson.add_install_script('sh', '-c',
                                   mkdir_p.format(binfmtdir))
          meson.add_install_script('sh', '-c',
@@ -66,7 +66,7 @@ index 078db3bb5d..6e1a6483fc 100644
  endif
  
  if conf.get('ENABLE_REPART') == 1
-@@ -2604,7 +2607,7 @@ executable('systemd-sleep',
+@@ -2612,7 +2615,7 @@ executable('systemd-sleep',
             install_dir : rootlibexecdir)
  
  install_data('src/sleep/sleep.conf',
@@ -75,7 +75,7 @@ index 078db3bb5d..6e1a6483fc 100644
  
  exe = executable('systemd-sysctl',
                   'src/sysctl/sysctl.c',
-@@ -2916,7 +2919,7 @@ if conf.get('HAVE_KMOD') == 1
+@@ -2924,7 +2927,7 @@ if conf.get('HAVE_KMOD') == 1
          meson.add_install_script('sh', '-c',
                                   mkdir_p.format(modulesloaddir))
          meson.add_install_script('sh', '-c',
@@ -84,7 +84,7 @@ index 078db3bb5d..6e1a6483fc 100644
  endif
  
  exe = executable('systemd-nspawn',
-@@ -3159,7 +3162,7 @@ install_subdir('factory/etc',
+@@ -3167,7 +3170,7 @@ install_subdir('factory/etc',
                 install_dir : factorydir)
  
  install_data('xorg/50-systemd-user.sh',
diff --git a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch
index 5aa397afe8e6..11d2dc26e38d 100644
--- a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch
+++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch
@@ -1,4 +1,4 @@
-From 0b0510aa72cf8026f34f300efa3f150f45971404 Mon Sep 17 00:00:00 2001
+From 05c2761f6a981c8576fc47a3dd8beb5a2af3ef09 Mon Sep 17 00:00:00 2001
 From: Andreas Rammhold <andreas@rammhold.de>
 Date: Fri, 2 Nov 2018 21:15:42 +0100
 Subject: [PATCH 13/18] inherit systemd environment when calling generators.
@@ -16,10 +16,10 @@ executables that are being called from managers.
  1 file changed, 8 insertions(+), 3 deletions(-)
 
 diff --git a/src/core/manager.c b/src/core/manager.c
-index 25afdbea04..7afd5e5a37 100644
+index 4412e7a849..b799eeca95 100644
 --- a/src/core/manager.c
 +++ b/src/core/manager.c
-@@ -3896,9 +3896,14 @@ static int manager_run_generators(Manager *m) {
+@@ -3901,9 +3901,14 @@ static int manager_run_generators(Manager *m) {
          argv[4] = NULL;
  
          RUN_WITH_UMASK(0022)
diff --git a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch
index 91c091baa9e7..06b00b82cb96 100644
--- a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch
+++ b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch
@@ -1,4 +1,4 @@
-From 4bd20cf0450455e2f9831b09ba91811ba3d58961 Mon Sep 17 00:00:00 2001
+From c70029539d0aec5df0c1e4203359335a3841a1e5 Mon Sep 17 00:00:00 2001
 From: Andreas Rammhold <andreas@rammhold.de>
 Date: Thu, 9 May 2019 11:15:22 +0200
 Subject: [PATCH 14/18] add rootprefix to lookup dir paths
diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
index 2bc75e279282..6431b56ea3e3 100644
--- a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
+++ b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
@@ -1,4 +1,4 @@
-From f23a1e00de028048a2a21d322493039cce7ee214 Mon Sep 17 00:00:00 2001
+From 98580b4aa34f3d2e7401f54d6561c5af27ea3437 Mon Sep 17 00:00:00 2001
 From: Nikolay Amiantov <ab@fmap.me>
 Date: Thu, 25 Jul 2019 20:45:55 +0300
 Subject: [PATCH 15/18] systemd-shutdown: execute scripts in
@@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
-index 15e6c1799e..412bdefe74 100644
+index 523040b57c..561d91c94c 100644
 --- a/src/shutdown/shutdown.c
 +++ b/src/shutdown/shutdown.c
-@@ -298,7 +298,7 @@ int main(int argc, char *argv[]) {
+@@ -299,7 +299,7 @@ int main(int argc, char *argv[]) {
          _cleanup_free_ char *cgroup = NULL;
          char *arguments[3], *watchdog_device;
          int cmd, r, umount_log_level = LOG_INFO;
diff --git a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
index 97f63c02c380..c27d1a10d588 100644
--- a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
+++ b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
@@ -1,4 +1,4 @@
-From 758b8211e6e76524d62a2e0ffcf37dcf55e3be87 Mon Sep 17 00:00:00 2001
+From 3821e20966ee20f74986041f33c4934ad20385b2 Mon Sep 17 00:00:00 2001
 From: Nikolay Amiantov <ab@fmap.me>
 Date: Thu, 25 Jul 2019 20:46:58 +0300
 Subject: [PATCH 16/18] systemd-sleep: execute scripts in
diff --git a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch
index 2a0bb0103f54..9fae2d5767cd 100644
--- a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch
+++ b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch
@@ -1,4 +1,4 @@
-From ce9fe2249c91fdfb224eaffce63e3dbdb4a5c25d Mon Sep 17 00:00:00 2001
+From b07defe819e0f66d08563690b3a5abea5da08620 Mon Sep 17 00:00:00 2001
 From: Florian Klink <flokli@flokli.de>
 Date: Sat, 7 Mar 2020 22:40:27 +0100
 Subject: [PATCH 17/18] kmod-static-nodes.service: Update ConditionFileNotEmpty
diff --git a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
index 08b2fa056f8b..321817dad6ff 100644
--- a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
+++ b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
@@ -1,4 +1,4 @@
-From 55b69fc1b5441e3aff8f1ab684ba8eed3718a32d Mon Sep 17 00:00:00 2001
+From 9c1ac48a7d95c09bef5a924bb5db6908596403b4 Mon Sep 17 00:00:00 2001
 From: Florian Klink <flokli@flokli.de>
 Date: Sun, 8 Mar 2020 01:05:54 +0100
 Subject: [PATCH 18/18] path-util.h: add placeholder for DEFAULT_PATH_NORMAL
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 722b4db9a80a..8f8e44354702 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -31,7 +31,7 @@ let gnupg-minimal = gnupg.override {
   bzip2 = null;
 };
 in stdenv.mkDerivation {
-  version = "245.5";
+  version = "245.6";
   pname = "systemd";
 
   # When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
@@ -39,8 +39,8 @@ in stdenv.mkDerivation {
   src = fetchFromGitHub {
     owner = "systemd";
     repo = "systemd-stable";
-    rev = "9a506b7e9291d997a920af9ac299e7b834368119";
-    sha256 = "19qd92hjlsljr6x5mbw1l2vdzz5y9hy7y7g0dwgpfifb0lwkxqbr";
+    rev = "aa0cb635f1f6a4d9b50ed2cca7782f3f751be933";
+    sha256 = "191f0r1g946bsqxky00z78wygsxi9pld11y2q4374bshnpsff2ll";
   };
 
   patches = [

From 621ef1c238f2452f455cc2309d879e115e9357fc Mon Sep 17 00:00:00 2001
From: Konstantin Alekseev <mail@kalekseev.com>
Date: Sun, 14 Jun 2020 18:51:51 +0300
Subject: [PATCH 02/26] pythonPackages.flake8: fix dependencies

---
 pkgs/development/python-modules/flake8/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/flake8/default.nix b/pkgs/development/python-modules/flake8/default.nix
index b5ef6686a461..761690ba9c0a 100644
--- a/pkgs/development/python-modules/flake8/default.nix
+++ b/pkgs/development/python-modules/flake8/default.nix
@@ -1,6 +1,6 @@
 { stdenv, buildPythonPackage, fetchPypi, pythonOlder
 , mock, pytest, pytestrunner
-, configparser, enum34, mccabe, pycodestyle, pyflakes, entrypoints, functools32, typing
+, configparser, enum34, mccabe, pycodestyle, pyflakes, functools32, typing, importlib-metadata
 }:
 
 buildPythonPackage rec {
@@ -13,10 +13,11 @@ buildPythonPackage rec {
   };
 
   checkInputs = [ pytest mock pytestrunner ];
-  propagatedBuildInputs = [ entrypoints pyflakes pycodestyle mccabe ]
+  propagatedBuildInputs = [ pyflakes pycodestyle mccabe ]
     ++ stdenv.lib.optionals (pythonOlder "3.2") [ configparser functools32 ]
     ++ stdenv.lib.optionals (pythonOlder "3.4") [ enum34 ]
-    ++ stdenv.lib.optionals (pythonOlder "3.5") [ typing ];
+    ++ stdenv.lib.optionals (pythonOlder "3.5") [ typing ]
+    ++ stdenv.lib.optionals (pythonOlder "3.8") [ importlib-metadata ];
 
   checkPhase = ''
     py.test tests

From 407a3d4c5e5c2685040a402c96c3228b4403c296 Mon Sep 17 00:00:00 2001
From: Rouven Czerwinski <rouven@czerwinskis.de>
Date: Fri, 17 Apr 2020 08:43:49 +0200
Subject: [PATCH 03/26] linux config: SND_HDA_CODEC_CA0132_DSP for <5.7

The default enable for SND_HDA_CODEC_CA0132_DSP was already merged into
5.7-rc1 [1], which means we can adjust the whenOlder to 5.7.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=652bb5d8df4b3a79ed350db35cda12637e63efa7
---
 pkgs/os-specific/linux/kernel/common-config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 1cec678d1534..03477a7f887c 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -255,7 +255,7 @@ let
       SND_HDA_RECONFIG    = yes; # Support reconfiguration of jack functions
       # Support configuring jack functions via fw mechanism at boot
       SND_HDA_PATCH_LOADER = yes;
-      SND_HDA_CODEC_CA0132_DSP = whenOlder "5.8" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
+      SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
       SND_OSSEMUL         = yes;
       SND_USB_CAIAQ_INPUT = yes;
       # Enable PSS mixer (Beethoven ADSP-16 and other compatible)

From adff8a2ee9cc23314759fbe2a289a5f7c45ab60b Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Tue, 16 Jun 2020 13:52:30 +0000
Subject: [PATCH 04/26] libqmi: 1.24.12 -> 1.25.900

---
 pkgs/development/libraries/libqmi/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libqmi/default.nix b/pkgs/development/libraries/libqmi/default.nix
index ec72578ba278..c3dc1e9996f1 100644
--- a/pkgs/development/libraries/libqmi/default.nix
+++ b/pkgs/development/libraries/libqmi/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "libqmi";
-  version = "1.24.12";
+  version = "1.25.900";
 
   src = fetchurl {
     url = "https://www.freedesktop.org/software/libqmi/${pname}-${version}.tar.xz";
-    sha256 = "0scb8a2kh0vnzx6kxanfy2s2slnfppvrwg202rxv30m8p2i92frd";
+    sha256 = "0a96f4ab7qy4szwzqs8ir2mvsnpqzk7zsiv6zahlhpf0jhp1vxf7";
   };
 
   outputs = [ "out" "dev" "devdoc" ];

From 385cfde32f080466652955af127f46c701fa6bd7 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Mon, 15 Jun 2020 17:38:57 -0700
Subject: [PATCH 05/26] python3Packages.invoke: don't recompile bytecode

Has vendored code, a given .py might not be compatible
---
 pkgs/development/python-modules/invoke/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/python-modules/invoke/default.nix b/pkgs/development/python-modules/invoke/default.nix
index 45f3ee7a04db..7189727cf3a8 100644
--- a/pkgs/development/python-modules/invoke/default.nix
+++ b/pkgs/development/python-modules/invoke/default.nix
@@ -20,6 +20,9 @@ buildPythonPackage rec {
   # errors with vendored libs
   doCheck = false;
 
+  # has vendored python2 code
+  dontUsePythonRecompileBytecode = true;
+
   meta = {
     description = "Pythonic task execution";
     license = lib.licenses.bsd2;

From 0d51c0c9b0db3d84f4e0b2004b4e48ec8de2d5ac Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Tue, 16 Jun 2020 18:21:58 +0000
Subject: [PATCH 06/26] numix-icon-theme: 20.03.20 -> 20.06.07

---
 pkgs/data/icons/numix-icon-theme/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/data/icons/numix-icon-theme/default.nix b/pkgs/data/icons/numix-icon-theme/default.nix
index 56bb2f3808fb..30e212629e86 100644
--- a/pkgs/data/icons/numix-icon-theme/default.nix
+++ b/pkgs/data/icons/numix-icon-theme/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "numix-icon-theme";
-  version = "20.03.20";
+  version = "20.06.07";
 
   src = fetchFromGitHub {
     owner = "numixproject";
     repo = pname;
     rev = version;
-    sha256 = "092f8k38xf9yz898nrangm0ia211d41z8kx0v6njfqfgpiad1s7q";
+    sha256 = "1yp9parc8ihmai8pswf4qzrqd88qpls87ipq8ylx38yqns7wsn4h";
   };
 
   nativeBuildInputs = [ gtk3 ];

From 24e93ca4a65a2ce406c076834e405c0a193e09a8 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Tue, 16 Jun 2020 13:52:18 -0700
Subject: [PATCH 07/26] gnome3.nautilus: 3.36.2 -> 3.36.3 (#90632)

---
 pkgs/desktops/gnome-3/core/nautilus/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/desktops/gnome-3/core/nautilus/default.nix b/pkgs/desktops/gnome-3/core/nautilus/default.nix
index b926f9b627f1..6145178de1e0 100644
--- a/pkgs/desktops/gnome-3/core/nautilus/default.nix
+++ b/pkgs/desktops/gnome-3/core/nautilus/default.nix
@@ -32,11 +32,11 @@
 
 stdenv.mkDerivation rec {
   pname = "nautilus";
-  version = "3.36.2";
+  version = "3.36.3";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "1yknaz8n0l949sr8j3b7kdm0cm5mx2dp4n4k577m492hk6akqrr6";
+    sha256 = "1y0fsd7j48v4qkc051cg41mz7jycgw4vd4g37lw682p7n5xgrjmn";
   };
 
   nativeBuildInputs = [

From a978b1151680a00ce7528782073f6402520f51b4 Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Wed, 17 Jun 2020 16:34:59 +0200
Subject: [PATCH 08/26] libqmi: enable introspection

Also stop using pkg-config alias
---
 pkgs/development/libraries/libqmi/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libqmi/default.nix b/pkgs/development/libraries/libqmi/default.nix
index c3dc1e9996f1..15a2a1db18fa 100644
--- a/pkgs/development/libraries/libqmi/default.nix
+++ b/pkgs/development/libraries/libqmi/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, glib, python3, libgudev, libmbim }:
+{ stdenv, fetchurl, pkg-config, gobject-introspection, glib, python3, libgudev, libmbim }:
 
 stdenv.mkDerivation rec {
   pname = "libqmi";
@@ -13,10 +13,12 @@ stdenv.mkDerivation rec {
 
   configureFlags = [
     "--with-udev-base-dir=${placeholder "out"}/lib/udev"
+    "--enable-introspection"
   ];
 
   nativeBuildInputs = [
-    pkgconfig
+    pkg-config
+    gobject-introspection
     python3
   ];
 

From d3e1b77ac3d3dcf7686108c489c1c2c615790232 Mon Sep 17 00:00:00 2001
From: Martin Milata <martin@martinmilata.cz>
Date: Wed, 17 Jun 2020 22:06:05 +0200
Subject: [PATCH 09/26] json_c: add patch for CVE-2020-12762

Fixes: https://nvd.nist.gov/vuln/detail/CVE-2020-12762
---
 pkgs/development/libraries/json-c/default.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/json-c/default.nix b/pkgs/development/libraries/json-c/default.nix
index 81ebc7baeb06..a3ddfe4c63c5 100644
--- a/pkgs/development/libraries/json-c/default.nix
+++ b/pkgs/development/libraries/json-c/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoconf }:
+{ stdenv, fetchurl, fetchpatch, autoconf }:
 
 stdenv.mkDerivation rec {
   name = "json-c-0.13.1";
@@ -7,6 +7,15 @@ stdenv.mkDerivation rec {
     sha256 = "0ch1v18wk703bpbyzj7h1mkwvsw4rw4qdwvgykscypvqq10678ll";
   };
 
+  patches = [
+    # https://nvd.nist.gov/vuln/detail/CVE-2020-12762
+    (fetchpatch {
+      name = "CVE-2020-12762.patch";
+      url = "https://github.com/json-c/json-c/commit/865b5a65199973bb63dff8e47a2f57e04fec9736.patch";
+      sha256 = "1g5afk4khhm1sb70xrva1pyznshcw3ipzp1g5z60dpzxy303pp6h";
+    })
+  ];
+
   outputs = [ "out" "dev" ];
 
   nativeBuildInputs = [ autoconf ];  # for autoheader

From f9e5ca8e58d6cddb182cb155be079829898d1a2d Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Tue, 16 Jun 2020 08:18:35 +1000
Subject: [PATCH 10/26] ffmpeg: 4.2.3 -> 4.3

---
 pkgs/development/libraries/ffmpeg/4.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/ffmpeg/4.nix b/pkgs/development/libraries/ffmpeg/4.nix
index 1a7c619a122c..de1bfff6f910 100644
--- a/pkgs/development/libraries/ffmpeg/4.nix
+++ b/pkgs/development/libraries/ffmpeg/4.nix
@@ -5,8 +5,8 @@
 }@args:
 
 callPackage ./generic.nix (rec {
-  version = "4.2.3";
-  branch = "4.2";
-  sha256 = "0pkrariwjv25k7inwshch7b5820ly3hsp991amyb60rkqc8v4zi1";
+  version = "4.3";
+  branch = "4.3";
+  sha256 = "1qnnhd2b0g5sg72pclxs3i8sxzz0raky69k7w9cmpba9zh973s57";
   darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ];
 } // args)

From 05c4c9e72931e25ba8615c6377f718680c470b87 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Tue, 16 Jun 2020 09:07:06 +1000
Subject: [PATCH 11/26] ffmpeg-full: drop unneeded patch

---
 .../libraries/ffmpeg-full/default.nix         |  2 --
 .../prefer-libdav1d-over-libaom.patch         | 19 -------------------
 2 files changed, 21 deletions(-)
 delete mode 100644 pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch

diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix
index 95be159b2e19..666aafef7f44 100644
--- a/pkgs/development/libraries/ffmpeg-full/default.nix
+++ b/pkgs/development/libraries/ffmpeg-full/default.nix
@@ -242,8 +242,6 @@ stdenv.mkDerivation rec {
   pname = "ffmpeg-full";
   inherit (ffmpeg) src version;
 
-  patches = [ ./prefer-libdav1d-over-libaom.patch ];
-
   prePatch = ''
     patchShebangs .
   '' + stdenv.lib.optionalString stdenv.isDarwin ''
diff --git a/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch b/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch
deleted file mode 100644
index 789bfc2674fa..000000000000
--- a/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
-index d2f9a39ce5..2342399a8e 100644
---- a/libavcodec/allcodecs.c
-+++ b/libavcodec/allcodecs.c
-@@ -679,13 +679,13 @@ extern AVCodec ff_pcm_mulaw_at_encoder;
- extern AVCodec ff_pcm_mulaw_at_decoder;
- extern AVCodec ff_qdmc_at_decoder;
- extern AVCodec ff_qdm2_at_decoder;
-+extern AVCodec ff_libdav1d_decoder;
- extern AVCodec ff_libaom_av1_decoder;
- extern AVCodec ff_libaom_av1_encoder;
- extern AVCodec ff_libaribb24_decoder;
- extern AVCodec ff_libcelt_decoder;
- extern AVCodec ff_libcodec2_encoder;
- extern AVCodec ff_libcodec2_decoder;
--extern AVCodec ff_libdav1d_decoder;
- extern AVCodec ff_libdavs2_decoder;
- extern AVCodec ff_libfdk_aac_encoder;
- extern AVCodec ff_libfdk_aac_decoder;

From 2b075f7310b544cac529e98d2c6f0a7fb2817550 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Tue, 16 Jun 2020 13:54:31 +1000
Subject: [PATCH 12/26] nv-codec-headers: 9.0.18.1 -> 9.1.23.1

---
 pkgs/development/libraries/nv-codec-headers/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/nv-codec-headers/default.nix b/pkgs/development/libraries/nv-codec-headers/default.nix
index f74030a02df8..8d3c2179bff9 100644
--- a/pkgs/development/libraries/nv-codec-headers/default.nix
+++ b/pkgs/development/libraries/nv-codec-headers/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "nv-codec-headers";
-  version = "9.0.18.1";
+  version = "9.1.23.1";
 
   src = fetchgit {
     url = "https://git.videolan.org/git/ffmpeg/nv-codec-headers.git";
     rev = "n${version}";
-    sha256 = "0354fivb92ix341jds7a7qn3mgwimrnxbganhlhr4vayj25c3hw5";
+    sha256 = "1xfvb3mhz6wfx9c732888xa82ivaig903lhvvrqqzs31qfznsplh";
   };
 
   makeFlags = [ "PREFIX=$(out)" ];

From 986079275b4e64c1c429a3939cbce85576e30b3b Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Mon, 11 May 2020 11:08:29 +0200
Subject: [PATCH 13/26] lib/attrsets: add getMan function

---
 lib/attrsets.nix | 1 +
 lib/default.nix  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/attrsets.nix b/lib/attrsets.nix
index 82bea7af31fc..d91d7a0cd47e 100644
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -469,6 +469,7 @@ rec {
   getBin = getOutput "bin";
   getLib = getOutput "lib";
   getDev = getOutput "dev";
+  getMan = getOutput "man";
 
   /* Pick the outputs of packages to place in buildInputs */
   chooseDevOutputs = drvs: builtins.map getDev drvs;
diff --git a/lib/default.nix b/lib/default.nix
index e7f59a67abbd..7387e9d9f1ff 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -77,7 +77,7 @@ let
       genAttrs isDerivation toDerivation optionalAttrs
       zipAttrsWithNames zipAttrsWith zipAttrs recursiveUpdateUntil
       recursiveUpdate matchAttrs overrideExisting getOutput getBin
-      getLib getDev chooseDevOutputs zipWithNames zip
+      getLib getDev getMan chooseDevOutputs zipWithNames zip
       recurseIntoAttrs dontRecurseIntoAttrs;
     inherit (lists) singleton forEach foldr fold foldl foldl' imap0 imap1
       concatMap flatten remove findSingle findFirst any all count

From dfff485819775fd6ddbf922351ea381bb4b657d2 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Fri, 1 May 2020 18:34:18 +0200
Subject: [PATCH 14/26] man-db: remove NixOS-specific configuration

When using --with-config-file, all man-db programs completely ignore the
systemwide configuration in /etc/man_db.conf: it means on NixOS there is
no way to change the configuration without rebuilding man-db, which in
turn causes a mass-rebuild.

To solve this problem this commit removes the NixOS-specific
configuration in man-db, which wasn't the appropriate place to begin
with: the package is expected to work on non-NixOS systems as well. Also
a small patch now ensure /etc/man_db.conf is used, if available, before
the bundled configuration.
---
 pkgs/tools/misc/man-db/default.nix            |  8 ++--
 .../misc/man-db/systemwide-man-db-conf.patch  | 39 +++++++++++++++++++
 2 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 pkgs/tools/misc/man-db/systemwide-man-db-conf.patch

diff --git a/pkgs/tools/misc/man-db/default.nix b/pkgs/tools/misc/man-db/default.nix
index 7b8835622c8d..f5cbef8b0226 100644
--- a/pkgs/tools/misc/man-db/default.nix
+++ b/pkgs/tools/misc/man-db/default.nix
@@ -15,18 +15,17 @@ stdenv.mkDerivation rec {
   buildInputs = [ libpipeline db groff ]; # (Yes, 'groff' is both native and build input)
   checkInputs = [ libiconv /* for 'iconv' binary */ ];
 
+  patches = [ ./systemwide-man-db-conf.patch ];
+
   postPatch = ''
     # Remove all mandatory manpaths. Nixpkgs makes no requirements on
     # these directories existing.
     sed -i 's/^MANDATORY_MANPATH/# &/' src/man_db.conf.in
 
-    # Add Nixpkgs and NixOS-related manpaths
-    echo "MANPATH_MAP	/run/current-system/sw/bin		/run/current-system/sw/share/man" >> src/man_db.conf.in
-    echo "MANPATH_MAP	/run/wrappers/bin			/run/current-system/sw/share/man" >> src/man_db.conf.in
+    # Add Nix-related manpaths
     echo "MANPATH_MAP	/nix/var/nix/profiles/default/bin	/nix/var/nix/profiles/default/share/man" >> src/man_db.conf.in
 
     # Add mandb locations for the above
-    echo "MANDB_MAP	/run/current-system/sw/share/man	/var/cache/man/nixos" >> src/man_db.conf.in
     echo "MANDB_MAP	/nix/var/nix/profiles/default/share/man	/var/cache/man/nixpkgs" >> src/man_db.conf.in
   '';
 
@@ -34,7 +33,6 @@ stdenv.mkDerivation rec {
     "--disable-setuid"
     "--disable-cache-owner"
     "--localstatedir=/var"
-    # Don't try /etc/man_db.conf by default, so we avoid error messages.
     "--with-config-file=${placeholder "out"}/etc/man_db.conf"
     "--with-systemdtmpfilesdir=${placeholder "out"}/lib/tmpfiles.d"
     "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
diff --git a/pkgs/tools/misc/man-db/systemwide-man-db-conf.patch b/pkgs/tools/misc/man-db/systemwide-man-db-conf.patch
new file mode 100644
index 000000000000..2d4477776bb1
--- /dev/null
+++ b/pkgs/tools/misc/man-db/systemwide-man-db-conf.patch
@@ -0,0 +1,39 @@
+commit 9089291006a4258c39c75a920ad536b61504251a
+Author: rnhmjoj <rnhmjoj@inventati.org>
+Date:   Fri May 1 19:32:15 2020 +0200
+
+    check for systemwide man_db.conf before the bundled one
+
+diff --git a/src/manp.c b/src/manp.c
+index 5441339..0bbf566 100644
+--- a/src/manp.c
++++ b/src/manp.c
+@@ -841,18 +841,24 @@ void read_config_file (bool optional)
+ 	}
+ 
+ 	if (getenv ("MAN_TEST_DISABLE_SYSTEM_CONFIG") == NULL) {
+-		config_file = fopen (CONFIG_FILE, "r");
++		const char *config_filepath;
++		if (access ("/etc/man_db.conf", F_OK) != -1) {
++			config_filepath = "/etc/man_db.conf";
++		} else {
++			config_filepath = CONFIG_FILE;
++		}
++		config_file = fopen (config_filepath, "r");
+ 		if (config_file == NULL) {
+ 			if (optional)
+ 				debug ("can't open %s; continuing anyway\n",
+-				       CONFIG_FILE);
++				       config_filepath);
+ 			else
+ 				error (FAIL, 0,
+ 				       _("can't open the manpath "
+ 					 "configuration file %s"),
+-				       CONFIG_FILE);
++				       config_filepath);
+ 		} else {
+-			debug ("From the config file %s:\n", CONFIG_FILE);
++			debug ("From the config file %s:\n", config_filepath);
+ 
+ 			add_to_dirlist (config_file, 0);
+ 			fclose (config_file);

From edc6a76cc025ef972979dad6692e0fd5d5cfcbbb Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Fri, 1 May 2020 18:48:39 +0200
Subject: [PATCH 15/26] nixos/documentation: add option to generate caches

Previously the NixOS-specific configuration for man-db was in the
package itself and /etc/man.conf was completely ignored.
This change moves it to /etc/man_db.conf, making declarative
configuration practical again.

It's now possible to generate the mandb caches for all packages
installed through NixOS `environment.systemPackages` at build-time.
The standard location for the stateful cache (/var/cache/man) is also
configured to allow users to run `mandb` manually if they wish.

Since generating the cache can be expensive the option is off by
default.
---
 nixos/modules/misc/documentation.nix | 38 +++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix
index 7ad4be9a02e6..71a40b4f4d6e 100644
--- a/nixos/modules/misc/documentation.nix
+++ b/nixos/modules/misc/documentation.nix
@@ -102,6 +102,16 @@ in
         '';
       };
 
+      man.generateCaches = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to generate the manual page index caches using
+          <literal>mandb(8)</literal>. This allows searching for a page or
+          keyword using utilities like <literal>apropos(1)</literal>.
+        '';
+      };
+
       info.enable = mkOption {
         type = types.bool;
         default = true;
@@ -187,7 +197,33 @@ in
       environment.systemPackages = [ pkgs.man-db ];
       environment.pathsToLink = [ "/share/man" ];
       environment.extraOutputsToInstall = [ "man" ] ++ optional cfg.dev.enable "devman";
-      environment.etc."man.conf".source = "${pkgs.man-db}/etc/man_db.conf";
+      environment.etc."man_db.conf".text =
+        let
+          manualPages = pkgs.buildEnv {
+            name = "man-paths";
+            paths = config.environment.systemPackages;
+            pathsToLink = [ "/share/man" ];
+            extraOutputsToInstall = ["man"];
+            ignoreCollisions = true;
+          };
+          manualCache = pkgs.runCommandLocal "man-cache" { }
+          ''
+            echo "MANDB_MAP ${manualPages}/share/man $out" > man.conf
+            ${pkgs.man-db}/bin/mandb -C man.conf -psc
+          '';
+        in
+        ''
+          # Manual pages paths for NixOS
+          MANPATH_MAP /run/current-system/sw/bin /run/current-system/sw/share/man
+          MANPATH_MAP /run/wrappers/bin          /run/current-system/sw/share/man
+
+          ${optionalString cfg.man.generateCaches ''
+          # Generated manual pages cache for NixOS (immutable)
+          MANDB_MAP /run/current-system/sw/share/man ${manualCache}
+          ''}
+          # Manual pages caches for NixOS
+          MANDB_MAP /run/current-system/sw/share/man /var/cache/man/nixos
+        '';
     })
 
     (mkIf cfg.info.enable {

From 4dd95c0cfc19bf7c4b9e5b5f3098d6b28d503037 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Thu, 18 Jun 2020 10:36:24 +0200
Subject: [PATCH 16/26] nixos/release-notes: mention new man.generateCaches
 option

---
 nixos/doc/manual/release-notes/rl-2009.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index 9bbbecc05692..31cabce1d536 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -110,6 +110,15 @@ systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
 </programlisting>
     </para>
    </listitem>
+   <listitem>
+    <para>
+      Two new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
+      has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
+      like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
+      the NixOS configuration: since this can be expensive when a large number of packages are installed, the
+      feature is disabled by default.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 

From d5fd2edb1fbd8daec107c4d820b54cdee8777c41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 18 Jun 2020 15:42:20 +0200
Subject: [PATCH 17/26] libjpeg(-turbo): patch CVE-2020-13790

Fixes #90864 (roundup issue).  Release is said to be expected soon,
but we can patch now anyway.
---
 pkgs/development/libraries/libjpeg-turbo/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix
index 72d8b9677499..9bd909d3f6e8 100644
--- a/pkgs/development/libraries/libjpeg-turbo/default.nix
+++ b/pkgs/development/libraries/libjpeg-turbo/default.nix
@@ -18,6 +18,12 @@ stdenv.mkDerivation rec {
         url = "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/a2291b252de1413a13db61b21863ae7aea0946f3.patch";
         sha256 = "0nc5vcch5h52gpi07h08zf8br58q8x81q2hv871hrn0dinb53vym";
       })
+
+      (fetchpatch {
+        name = "cve-2020-13790.patch";
+        url = "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d.diff";
+        sha256 = "0hm5i6qir5w3zxb0xvqdh4jyvbfg7xnd28arhyfsaclfz9wdb0pb";
+      })
     ] ++
     stdenv.lib.optional (stdenv.hostPlatform.libc or null == "msvcrt")
       ./mingw-boolean.patch;

From 97571118254adb18c692d11cbfd20a69abb66e8a Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 15:15:15 +0000
Subject: [PATCH 18/26] cmake: 3.17.2 -> 3.17.3

---
 pkgs/development/tools/build-managers/cmake/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix
index 17362702e322..a9a3fd71a6bb 100644
--- a/pkgs/development/tools/build-managers/cmake/default.nix
+++ b/pkgs/development/tools/build-managers/cmake/default.nix
@@ -19,12 +19,12 @@ stdenv.mkDerivation rec {
           + lib.optionalString useNcurses "-cursesUI"
           + lib.optionalString withQt5 "-qt5UI"
           + lib.optionalString useQt4 "-qt4UI";
-  version = "3.17.2";
+  version = "3.17.3";
 
   src = fetchurl {
     url = "${meta.homepage}files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz";
     # compare with https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}-SHA-256.txt
-    sha256 = "199srp8yfai51pcbpmfyc4s8vzrmh2dm91bp582hj2l29x634xzw";
+    sha256 = "0h4c3nwk7wmzcmmlwyb16zmjqr44l4k591m2y9p9zp3m498hvmhb";
   };
 
   patches = [

From 0d60bd97b009962c521a72e7f014174c8d2c48fc Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 22:01:48 +0000
Subject: [PATCH 19/26] file: 5.38 -> 5.39

---
 pkgs/tools/misc/file/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index 71e547d84331..730234998ed4 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   pname = "file";
-  version = "5.38";
+  version = "5.39";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.astron.com/pub/file/${pname}-${version}.tar.gz"
       "https://distfiles.macports.org/file/${pname}-${version}.tar.gz"
     ];
-    sha256 = "0d7s376b4xqymnrsjxi3nsv3f5v89pzfspzml2pcajdk5by2yg2r";
+    sha256 = "1lgs2w2sgamzf27kz5h7pajz7v62554q21fbs11n4mfrfrm2hpgh";
   };
 
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;

From c81696a5d2d67af249c43ee7d858ec7d6cdcf800 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 08:49:10 +0000
Subject: [PATCH 20/26] alsa-topology-conf: 1.2.2 -> 1.2.3

---
 pkgs/os-specific/linux/alsa-topology-conf/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-topology-conf/default.nix b/pkgs/os-specific/linux/alsa-topology-conf/default.nix
index f73bbbdba357..54340d017ade 100644
--- a/pkgs/os-specific/linux/alsa-topology-conf/default.nix
+++ b/pkgs/os-specific/linux/alsa-topology-conf/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "alsa-topology-conf-${version}";
-  version = "1.2.2";
+  version = "1.2.3";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "09cls485ckdjsp4azhv3nw7chyg3r7zrqgald6yp70f7cysxcwml";
+    sha256 = "1zwxc9zhfcmyffjjbibzpdvf4kx7wv9g2zl6xz7y0d6srfr9jgw3";
   };
 
   dontBuild = true;

From fb4625e88a6875d142430f976ec3939f0e7e727c Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 08:31:12 +0000
Subject: [PATCH 21/26] alsaLib: 1.2.2 -> 1.2.3

---
 pkgs/os-specific/linux/alsa-lib/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix
index 335ae204833d..3c5427340baf 100644
--- a/pkgs/os-specific/linux/alsa-lib/default.nix
+++ b/pkgs/os-specific/linux/alsa-lib/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }:
 
 stdenv.mkDerivation rec {
-  name = "alsa-lib-1.2.2";
+  name = "alsa-lib-1.2.3";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "1v5kb8jyvrpkvvq7dq8hfbmcj68lml97i4s0prxpfx2mh3c57s6q";
+    sha256 = "13k7dx1g749z74rz71hs5j8z0pqdjgx7l69pn0vsy7jizhi0kw02";
   };
 
   patches = [

From 4dbf90217c6843152c42d7d3bc9a4b26bb4d5b66 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 12:16:35 +0000
Subject: [PATCH 22/26] alsa-ucm-conf: 1.2.2 -> 1.2.3

---
 pkgs/os-specific/linux/alsa-ucm-conf/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix
index 685ba3e2c3e5..2a9f28c855a5 100644
--- a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix
+++ b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "alsa-ucm-conf-${version}";
-  version = "1.2.2";
+  version = "1.2.3";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "0364fgzdm2qrsqvgqri25gzscbma7yqlv31wz8b1z9c5phlxkgvy";
+    sha256 = "000db5yla7dljidjbbwbiaxvc1a7wh1zpw694gipaymj9fh4vhhv";
   };
 
   dontBuild = true;

From f79c05b113bc5b78fe60d2bd217d06ea87329ce5 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Tue, 16 Jun 2020 23:03:53 +0000
Subject: [PATCH 23/26] openblas: 0.3.9 -> 0.3.10

---
 pkgs/development/libraries/science/math/openblas/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix
index 318922d7f25d..89d88bdf564a 100644
--- a/pkgs/development/libraries/science/math/openblas/default.nix
+++ b/pkgs/development/libraries/science/math/openblas/default.nix
@@ -99,12 +99,12 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "openblas";
-  version = "0.3.9";
+  version = "0.3.10";
   src = fetchFromGitHub {
     owner = "xianyi";
     repo = "OpenBLAS";
     rev = "v${version}";
-    sha256 = "0nq51j45shb32n6086xff3x374kx5qhr2cwjzvppx4s2z0ahflal";
+    sha256 = "174id98ga82bhz2v7sy9yj6pqy0h0088p3mkdikip69p9rh3d17b";
   };
 
   inherit blas64;

From 49d376b65cfb37bb6419c488baa415389205e872 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Fri, 22 May 2020 06:17:05 +0000
Subject: [PATCH 24/26] libksba: 1.3.5 -> 1.4.0

---
 pkgs/development/libraries/libksba/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libksba/default.nix b/pkgs/development/libraries/libksba/default.nix
index 2f0da5edf4e1..d627bf81cba2 100644
--- a/pkgs/development/libraries/libksba/default.nix
+++ b/pkgs/development/libraries/libksba/default.nix
@@ -1,11 +1,11 @@
 { buildPackages, stdenv, fetchurl, gettext, libgpgerror }:
 
 stdenv.mkDerivation rec {
-  name = "libksba-1.3.5";
+  name = "libksba-1.4.0";
 
   src = fetchurl {
     url = "mirror://gnupg/libksba/${name}.tar.bz2";
-    sha256 = "0h53q4sns1jz1pkmhcz5wp9qrfn9f5g9i3vjv6dafwzzlvblyi21";
+    sha256 = "1dj1razn35srkgadx3i30yr0q037cr0dn54m6a54vxgh3zlsirmz";
   };
 
   outputs = [ "out" "dev" "info" ];

From dc906cbe92099cf55b5687abe175ebc1b32f4110 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 15 Jun 2020 07:55:41 +0000
Subject: [PATCH 25/26] bison: 3.6.2 -> 3.6.3

---
 pkgs/development/tools/parsing/bison/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/parsing/bison/default.nix b/pkgs/development/tools/parsing/bison/default.nix
index 5302f7ca6441..0b6476998bf1 100644
--- a/pkgs/development/tools/parsing/bison/default.nix
+++ b/pkgs/development/tools/parsing/bison/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bison";
-  version = "3.6.2";
+  version = "3.6.3";
 
   src = fetchurl {
     url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz";
-    sha256 = "16h8panwpljwdq902v9x7inpnks51fn0kqlbyqfjvpilv6md73p2";
+    sha256 = "0qry9ar16dpg9nzrq7jh3fqh4ah2xvcf6v00fc81z08yjd1ljk2b";
   };
 
   nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man;

From d1790983906b8434c29800dddd4f2aa4b9d03c58 Mon Sep 17 00:00:00 2001
From: Gaelan Steele <gbs@canishe.com>
Date: Thu, 14 May 2020 14:12:06 -0700
Subject: [PATCH 26/26] libgcrypt: always pass build and host to configure

When building for aarch32 on aarch64 with extraPlatforms, libgcrypt
fails to build because it tries to guess the host platform from uname,
which returns the wrong result in this case. We fix this by always
telling libgcrpyt what platform to build for.
---
 pkgs/development/libraries/libgcrypt/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix
index a3d515c50472..49aaec66c29b 100644
--- a/pkgs/development/libraries/libgcrypt/default.nix
+++ b/pkgs/development/libraries/libgcrypt/default.nix
@@ -30,6 +30,10 @@ stdenv.mkDerivation rec {
   configureFlags = [ "--with-libgpg-error-prefix=${libgpgerror.dev}" ]
    ++ stdenv.lib.optional stdenv.hostPlatform.isMusl "--disable-asm";
 
+  # Necessary to generate correct assembly when compiling for aarch32 on
+  # aarch64
+  configurePlatforms = [ "host" "build" ];
+
   # Make sure libraries are correct for .pc and .la files
   # Also make sure includes are fixed for callers who don't use libgpgcrypt-config
   postFixup = ''