From 81f39ee22f40af86a3b8ec155be63f9b641769ab Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Wed, 31 Oct 2018 10:14:06 -0500
Subject: [PATCH 1/5] slack-term: init at 0.4.1

---
 .../instant-messengers/slack-term/default.nix | 23 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 2 files changed, 25 insertions(+)
 create mode 100644 pkgs/applications/networking/instant-messengers/slack-term/default.nix

diff --git a/pkgs/applications/networking/instant-messengers/slack-term/default.nix b/pkgs/applications/networking/instant-messengers/slack-term/default.nix
new file mode 100644
index 00000000000..79464f54232
--- /dev/null
+++ b/pkgs/applications/networking/instant-messengers/slack-term/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+  # https://github.com/erroneousboat/slack-term
+  name = "slack-term-${version}";
+  version = "0.4.1";
+
+  goPackagePath = "github.com/erroneousboat/slack-term";
+
+  src = fetchFromGitHub {
+    owner = "erroneousboat";
+    repo = "slack-term";
+    rev = "v${version}";
+    sha256 = "1340bq7h31fxykxbxpn6hv7n2hmjf20f8vg5gan9pjf5jaa6kfza";
+  };
+
+  meta = with stdenv.lib; {
+    description = "Slack client for your terminal";
+    homepage = https://github.com/erroneousboat/slack-term;
+    license = licenses.mit;
+    maintainers = with maintainers; [ dtzWill ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 89b32ec3bfa..531753c19b4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -17240,6 +17240,8 @@ with pkgs;
 
   slack-cli = callPackage ../tools/networking/slack-cli { };
 
+  slack-term = callPackage ../applications/networking/instant-messengers/slack-term { };
+
   singularity = callPackage ../applications/virtualization/singularity { };
 
   spectmorph = callPackage ../applications/audio/spectmorph { };

From abea6f461ae886544917e32634e5612b0fc73c13 Mon Sep 17 00:00:00 2001
From: Frederik Rietdijk <fridh@fridh.nl>
Date: Sun, 4 Nov 2018 11:01:09 +0100
Subject: [PATCH 2/5] Revert "Merge pull request #49398 from
 Synthetica9/implement-rfc0035" to fix eval

This reverts commit 3fc7d5eb83804e10ae55b1ae9b102f88b1ea2b08, reversing
changes made to 1fddf2b68996b56804a24b67191e4d883943057d.

The idea is good, however, before enforcing, make sure all occurences
are fixed.
---
 pkgs/stdenv/generic/make-derivation.nix | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index cb3731da193..e06faed30a1 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -12,9 +12,7 @@ rec {
   # * https://nixos.org/nix/manual/#ssec-derivation
   #   Explanation about derivations in general
   mkDerivation =
-    { name ? if attrs ? pname && attrs ? version
-        then "${attrs.pname}-${attrs.version}"
-        else ""
+    { name ? ""
 
     # These types of dependencies are all exhaustively documented in
     # the "Specifying Dependencies" section of the "Standard
@@ -67,8 +65,6 @@ rec {
     , pos ? # position used in error messages and for meta.position
         (if attrs.meta.description or null != null
           then builtins.unsafeGetAttrPos "description" attrs.meta
-          else if attrs.version or null != null
-          then builtins.unsafeGetAttrPos "version" attrs
           else builtins.unsafeGetAttrPos "name" attrs)
     , separateDebugInfo ? false
     , outputs ? [ "out" ]
@@ -82,13 +78,6 @@ rec {
 
     , ... } @ attrs:
 
-    # Check that the name is consistent with pname and version:
-    assert lib.assertMsg
-      (lib.lists.all (name: builtins.hasAttr name attrs) ["name" "pname" "version"]
-        -> lib.strings.hasSuffix "${attrs.pname}-${attrs.version}" attrs.name)
-      ("mkDerivation: `name` (\"${attrs.name}\") must be consistent " +
-       "with `pname-version` \"${attrs.pname}-${attrs.version}\"");
-
     let
       # TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when
       # no package has `doCheck = true`.

From 058a3c0806e2148ae3d0519bcaa929b7c2486c17 Mon Sep 17 00:00:00 2001
From: Timon Stampfli <timon@timon.ch>
Date: Sat, 27 Oct 2018 15:25:52 +0200
Subject: [PATCH 3/5] openjpeg: adding patch for CVE-2018-7648

(cherry picked from commit 3dc0838450ad5ec8c25adcd1c7bfe3b8b630b7e5)
Forward-picking from staging-next.  The CVE is marked as critical,
and the amount of rebuilds isn't that high (~500 linux, ~100 darwin).
---
 pkgs/development/libraries/openjpeg/2.x.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkgs/development/libraries/openjpeg/2.x.nix b/pkgs/development/libraries/openjpeg/2.x.nix
index d18c971dc11..77d9e5829a1 100644
--- a/pkgs/development/libraries/openjpeg/2.x.nix
+++ b/pkgs/development/libraries/openjpeg/2.x.nix
@@ -5,4 +5,12 @@ callPackage ./generic.nix (args // rec {
   branch = "2.3";
   revision = "v${version}";
   sha256 = "08plxrnfl33sn2vh5nwbsngyv6b1sfpplvx881crm1v1ai10m2lz";
+
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-7648.patch";
+      url = "https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d.patch";
+      sha256 = "1j5nxmlgyfkxldk2f1ij6h850xw45q3b5brxqa04dxsfsv8cdj5j";
+    })
+  ];
 })

From 587c3774abc075f117eb73bf01ef4d582de03411 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 3 Nov 2018 15:07:45 +0100
Subject: [PATCH 4/5] Revert "systemd: 239 -> 239.20181031"

This reverts commit d1de23b8302d02d4699e884533906a3992f370b6.
The changes turned out to be too intrusive, so we'll patch instead.
Discussion: https://github.com/NixOS/systemd/pull/24
---
 pkgs/os-specific/linux/systemd/default.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 2a17a0a2875..db64b8e6f6d 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -18,7 +18,7 @@ let
   pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]);
 
 in stdenv.mkDerivation rec {
-  version = "239.20181031";
+  version = "239";
   name = "systemd-${version}";
 
   # When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
@@ -26,8 +26,8 @@ in stdenv.mkDerivation rec {
   src = fetchFromGitHub {
     owner = "NixOS";
     repo = "systemd";
-    rev = "nixos-v${version}";
-    sha256 = "1rzl0iqrpa4ajvama5k3cb3yc7893c55kzcxkl3cyavpdzsw5505";
+    rev = "31859ddd35fc3fa82a583744caa836d356c31d7f";
+    sha256 = "1xci0491j95vdjgs397n618zii3sgwnvanirkblqqw6bcvcjvir1";
   };
 
   outputs = [ "out" "lib" "man" "dev" ];
@@ -91,7 +91,6 @@ in stdenv.mkDerivation rec {
     "-Dsulogin-path=${utillinux}/bin/sulogin"
     "-Dmount-path=${utillinux}/bin/mount"
     "-Dumount-path=${utillinux}/bin/umount"
-    "-Ddns-over-tls=false"
   ];
 
   preConfigure = ''

From 179b8146e668636fe59ef7663a6c8cd15d00db7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 3 Nov 2018 15:47:44 +0100
Subject: [PATCH 5/5] systemd: apply patches from Debian

There are some security fixes among those.
---
 pkgs/os-specific/linux/systemd/default.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index db64b8e6f6d..1d45109ac85 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod
+{ stdenv, lib, fetchFromGitHub, fetchpatch, fetchurl, pkgconfig, intltool, gperf, libcap, kmod
 , xz, pam, acl, libuuid, m4, utillinux, libffi
 , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
 , audit, lz4, bzip2, libmicrohttpd, pcre2
@@ -30,6 +30,22 @@ in stdenv.mkDerivation rec {
     sha256 = "1xci0491j95vdjgs397n618zii3sgwnvanirkblqqw6bcvcjvir1";
   };
 
+  prePatch = let
+      # Upstream's maintenance branches are still too intrusive:
+      # https://github.com/systemd/systemd-stable/tree/v239-stable
+      patches-deb = fetchurl {
+        # When the URL disappears, it typically means that Debian has new patches
+        # (probably security) and updating to new tarball will apply them as well.
+        name = "systemd-debian-patches.tar.xz";
+        url = mirror://debian/pool/main/s/systemd/systemd_239-11~bpo9+1.debian.tar.xz;
+        sha256 = "136f6p4jbi4z94mf4g099dfcacwka8jwhza0wxxw2q5l5q3xiysh";
+      };
+      # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/*
+    in ''
+      tar xf ${patches-deb}
+      patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')"
+    '';
+
   outputs = [ "out" "lib" "man" "dev" ];
 
   nativeBuildInputs =