From 9a711ccb8cc8d82c7a035e0109a769dac1ce6c42 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Tue, 23 Apr 2019 20:24:08 -0500
Subject: [PATCH 01/48] qemu: 3.1.0 -> 4.0.0

---
 pkgs/applications/virtualization/qemu/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 908e888503e..7c508e7ab85 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -35,7 +35,7 @@ let
 in
 
 stdenv.mkDerivation rec {
-  version = "3.1.0";
+  version = "4.0.0";
   name = "qemu-"
     + stdenv.lib.optionalString xenSupport "xen-"
     + stdenv.lib.optionalString hostCpuOnly "host-cpu-only-"
@@ -44,7 +44,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2";
-    sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq";
+    sha256 = "085g6f75si8hbn94mnnjn1r7ysixn5bqj4bhqwvadj00fhzp2zvd";
   };
 
   buildInputs =

From b6f020fe51618c9f5c04842d5908cc0a34510467 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Tue, 23 Apr 2019 21:34:31 -0500
Subject: [PATCH 02/48] qemu: fix patch, drop CVE patch included

---
 .../virtualization/qemu/default.nix           |  5 -----
 .../virtualization/qemu/no-etc-install.patch  | 19 +++++++++++++++++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 7c508e7ab85..3034953f4b4 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -77,11 +77,6 @@ stdenv.mkDerivation rec {
     ./no-etc-install.patch
     ./fix-qemu-ga.patch
     ./9p-ignore-noatime.patch
-    (fetchpatch {
-      name = "CVE-2019-3812.patch";
-      url = "https://git.qemu.org/?p=qemu.git;a=patch;h=b05b267840515730dbf6753495d5b7bd8b04ad1c";
-      sha256 = "03a5vc5wvirbyi5r8kb2r4m2w6f1zmh9bqsr2psh4pblwar0nf55";
-    })
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
     ++ optional pulseSupport ./fix-hda-recording.patch
     ++ optionals stdenv.hostPlatform.isMusl [
diff --git a/pkgs/applications/virtualization/qemu/no-etc-install.patch b/pkgs/applications/virtualization/qemu/no-etc-install.patch
index 47b4b3176dc..37c12ddbfeb 100644
--- a/pkgs/applications/virtualization/qemu/no-etc-install.patch
+++ b/pkgs/applications/virtualization/qemu/no-etc-install.patch
@@ -1,10 +1,25 @@
+From 98b3e5993bbdb0013b6cc1814e0ad9555290c3af Mon Sep 17 00:00:00 2001
+From: Will Dietz <w@wdtz.org>
+Date: Tue, 23 Apr 2019 21:31:45 -0500
+Subject: [PATCH] no install localstatedir
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 04a0d45050..5dc82d0eb7 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -597,7 +597,7 @@
+@@ -786,7 +786,7 @@ endif
  
+ ICON_SIZES=16x16 24x24 32x32 48x48 64x64 128x128 256x256 512x512
  
 -install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
 +install: all $(if $(BUILD_DOCS),install-doc) install-datadir
  ifneq ($(TOOLS),)
-	$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
+ 	$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
  endif
+-- 
+2.21.GIT
+

From bf35e8f0ba169b1df5ac0f4201c253fe53aabc49 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Tue, 23 Apr 2019 21:38:30 -0500
Subject: [PATCH 03/48] qemu: drop fix-hda-recording.patch, appears applied
 upstream

(across multiple commits, maybe?)
---
 .../virtualization/qemu/default.nix           |  1 -
 .../qemu/fix-hda-recording.patch              | 34 -------------------
 2 files changed, 35 deletions(-)
 delete mode 100644 pkgs/applications/virtualization/qemu/fix-hda-recording.patch

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 3034953f4b4..818f99b806e 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -78,7 +78,6 @@ stdenv.mkDerivation rec {
     ./fix-qemu-ga.patch
     ./9p-ignore-noatime.patch
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
-    ++ optional pulseSupport ./fix-hda-recording.patch
     ++ optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {
       url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch;
diff --git a/pkgs/applications/virtualization/qemu/fix-hda-recording.patch b/pkgs/applications/virtualization/qemu/fix-hda-recording.patch
deleted file mode 100644
index b4e21f4f347..00000000000
--- a/pkgs/applications/virtualization/qemu/fix-hda-recording.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-diff --git a/audio/paaudio.c b/audio/paaudio.c
-index fea6071..c1169d4 100644
---- a/audio/paaudio.c
-+++ b/audio/paaudio.c
-@@ -608,6 +608,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque)
- {
-     int error;
-     pa_sample_spec ss;
-+    pa_buffer_attr ba;
-     struct audsettings obt_as = *as;
-     PAVoiceIn *pa = (PAVoiceIn *) hw;
-     paaudio *g = pa->g = drv_opaque;
-@@ -616,6 +617,12 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque)
-     ss.channels = as->nchannels;
-     ss.rate = as->freq;
-
-+    ba.fragsize = pa_frame_size (&ss) * g->conf.samples;
-+    ba.maxlength = 5 * ba.fragsize;
-+    ba.tlength = -1;
-+    ba.prebuf = -1;
-+    ba.minreq = -1;
-+
-     obt_as.fmt = pa_to_audfmt (ss.format, &obt_as.endianness);
-
-     pa->stream = qpa_simple_new (
-@@ -625,7 +632,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque)
-         g->conf.source,
-         &ss,
-         NULL,                   /* channel map */
--        NULL,                   /* buffering attributes */
-+        &ba,                    /* buffering attributes */
-         &error
-         );
-     if (!pa->stream) {

From fdada4a45fcf8905b61448094f4de388a89fb444 Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Fri, 3 May 2019 12:56:44 -0400
Subject: [PATCH 04/48] nukeReferences: fix for store paths with special
 characters (like '+' or '.')

This introduces extra escaping for $NIX_STORE that gets interpolated
into a PCRE. The escaping is performed using a standard Perl function
"quotemeta" (see "perldoc -f quotemeta" for reference). The same value
is also used in sed regex which uses POSIX basic regular expressions
instead of PCRE, so it needs fewer characters to be escaped. It should
not cause much problem to not change sed invocation, but I replace it
with equivalent Perl expression (actually the behavior is changed to not
output a newline character after the matched output).
---
 pkgs/build-support/nuke-references/builder.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/build-support/nuke-references/builder.sh b/pkgs/build-support/nuke-references/builder.sh
index 02eac664d43..7da32203218 100644
--- a/pkgs/build-support/nuke-references/builder.sh
+++ b/pkgs/build-support/nuke-references/builder.sh
@@ -7,7 +7,7 @@ cat > $out/bin/nuke-refs <<EOF
 excludes=""
 while getopts e: o; do
     case "\$o" in
-        e) storeId=\$(echo "\$OPTARG" | sed -n "s|^$NIX_STORE/\\([a-z0-9]\{32\}\\)-.*|\1|p")
+        e) storeId=\$(echo "\$OPTARG" | $perl/bin/perl -ne "print \"\\\$1\" if m|^\Q$NIX_STORE\E/([a-z0-9]{32})-.*|")
            if [ -z "\$storeId" ]; then
                echo "-e argument must be a Nix store path"
                exit 1
@@ -20,7 +20,7 @@ shift \$((\$OPTIND-1))
 
 for i in "\$@"; do
     if test ! -L "\$i" -a -f "\$i"; then
-        cat "\$i" | $perl/bin/perl -pe "s|$NIX_STORE/\$excludes[a-z0-9]{32}-|$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-|g" > "\$i.tmp"
+        cat "\$i" | $perl/bin/perl -pe "s|\Q$NIX_STORE\E/\$excludes[a-z0-9]{32}-|$NIX_STORE/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-|g" > "\$i.tmp"
         if test -x "\$i"; then chmod +x "\$i.tmp"; fi
         mv "\$i.tmp" "\$i"
     fi

From 01d805a432048c8f7da870e971c7993781761c9d Mon Sep 17 00:00:00 2001
From: Daniel Schaefer <git@danielschaefer.me>
Date: Wed, 24 Apr 2019 21:29:04 +0200
Subject: [PATCH 05/48] icu64: init at 64.2

---
 pkgs/development/libraries/icu/64.nix | 4 ++++
 pkgs/top-level/all-packages.nix       | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 pkgs/development/libraries/icu/64.nix

diff --git a/pkgs/development/libraries/icu/64.nix b/pkgs/development/libraries/icu/64.nix
new file mode 100644
index 00000000000..c7bdd22c179
--- /dev/null
+++ b/pkgs/development/libraries/icu/64.nix
@@ -0,0 +1,4 @@
+import ./base.nix {
+  version = "64.2";
+  sha256 = "0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2";
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 29733e3887c..206ba8d8857 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10764,6 +10764,11 @@ in
   } // (stdenv.lib.optionalAttrs (stdenv.cc.isGNU && stdenv.hostPlatform.isi686) {
       stdenv = overrideCC stdenv gcc6; # with gcc-7: undefined reference to `__divmoddi4'
     }));
+  icu64 = callPackage ../development/libraries/icu/64.nix ({
+    nativeBuildRoot = buildPackages.icu64.override { buildRootOnly = true; };
+  } // (stdenv.lib.optionalAttrs (stdenv.cc.isGNU && stdenv.hostPlatform.isi686) {
+      stdenv = overrideCC stdenv gcc6; # with gcc-7: undefined reference to `__divmoddi4'
+    }));
 
   icu = icu59;
 

From 2fe63c8faf9f4db4cee1fed0ea1aa82da4a7bfd2 Mon Sep 17 00:00:00 2001
From: Daniel Schaefer <git@danielschaefer.me>
Date: Fri, 26 Apr 2019 09:15:13 +0200
Subject: [PATCH 06/48] icu: 59 -> 64

---
 pkgs/top-level/all-packages.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 206ba8d8857..406edbb6449 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10770,7 +10770,7 @@ in
       stdenv = overrideCC stdenv gcc6; # with gcc-7: undefined reference to `__divmoddi4'
     }));
 
-  icu = icu59;
+  icu = icu64;
 
   id3lib = callPackage ../development/libraries/id3lib { };
 

From fea2422398c9b1c6a9bddf0d0544bd9aad783f84 Mon Sep 17 00:00:00 2001
From: Matthew Bauer <mjbauer95@gmail.com>
Date: Wed, 8 May 2019 21:52:59 -0400
Subject: [PATCH 07/48] static: set default_library flag for meson in
 makeStaticLibrary

Adds support for building static libraries with meson.
---
 pkgs/stdenv/adapters.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/stdenv/adapters.nix b/pkgs/stdenv/adapters.nix
index 7823d641344..2b1f166f8c3 100644
--- a/pkgs/stdenv/adapters.nix
+++ b/pkgs/stdenv/adapters.nix
@@ -60,6 +60,7 @@ rec {
           "--enable-static"
           "--disable-shared"
         ];
+        mesonFlags = (args.mesonFlags or []) ++ [ "-Ddefault_library=static" ];
       });
     };
 

From 79bd4ad5794163b8a65acc86809a6603ee7c7ce7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 9 May 2019 08:42:07 +0200
Subject: [PATCH 08/48] stdenv, cacert: consider $NIX_SSL_CERT_FILE in hooks

Some SSL libs don't react to $SSL_CERT_FILE.
That actually makes sense to me, as we add this behavior
as nixpkgs-specific, so it seems "safer" to use $NIX_*.
---
 pkgs/data/misc/cacert/setup-hook.sh              | 2 ++
 pkgs/development/interpreters/gauche/default.nix | 2 +-
 pkgs/stdenv/generic/setup.sh                     | 7 +++++--
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/pkgs/data/misc/cacert/setup-hook.sh b/pkgs/data/misc/cacert/setup-hook.sh
index b704a6a919e..e969596752f 100644
--- a/pkgs/data/misc/cacert/setup-hook.sh
+++ b/pkgs/data/misc/cacert/setup-hook.sh
@@ -1,4 +1,6 @@
 cacertHook() {
+    export NIX_SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
+    # left for compatibility
     export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
 }
 
diff --git a/pkgs/development/interpreters/gauche/default.nix b/pkgs/development/interpreters/gauche/default.nix
index 5481c4e7d05..bb3294e2097 100644
--- a/pkgs/development/interpreters/gauche/default.nix
+++ b/pkgs/development/interpreters/gauche/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
     "--with-iconv=${libiconv}"
     "--with-dbm=gdbm"
     "--with-zlib=${zlib}"
-    "--with-ca-bundle=$SSL_CERT_FILE"
+    "--with-ca-bundle=$NIX_SSL_CERT_FILE"
     # TODO: Enable slib
     #       Current slib in nixpkgs is specialized to Guile
     # "--with-slib=${slibGuile}/lib/slib"
diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index 6f1a654a38a..9cc5cd89f3b 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -646,9 +646,12 @@ fi
 export NIX_BUILD_CORES
 
 
-# Prevent OpenSSL-based applications from using certificates in
-# /etc/ssl.
+# Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly.
 # Leave it in shells for convenience.
+if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then
+  export NIX_SSL_CERT_FILE=/no-cert-file.crt
+fi
+# Another variant left for compatibility.
 if [ -z "${SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then
   export SSL_CERT_FILE=/no-cert-file.crt
 fi

From b27cc3767115bb8d93cc30b41be04621e4efb85f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 9 May 2019 09:49:42 +0200
Subject: [PATCH 09/48] stdenv: also override cert files in pure nix-shell

That's very much consistent with the spirit of nix-shell --pure

BTW, nix 1.x shells will be always treated as pure;
in that version detection isn't possible.
https://github.com/NixOS/nix/commit/1bffd83e1a9c
---
 pkgs/stdenv/generic/setup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index 9cc5cd89f3b..dcccdaa50ae 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -647,12 +647,12 @@ export NIX_BUILD_CORES
 
 
 # Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly.
-# Leave it in shells for convenience.
-if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then
+# Leave it in impure shells for convenience.
+if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ "${IN_NIX_SHELL:-}" != "impure" ]; then
   export NIX_SSL_CERT_FILE=/no-cert-file.crt
 fi
 # Another variant left for compatibility.
-if [ -z "${SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then
+if [ -z "${SSL_CERT_FILE:-}" ] && [ "${IN_NIX_SHELL:-}" != "impure" ]; then
   export SSL_CERT_FILE=/no-cert-file.crt
 fi
 

From 99760ed95bc2e31cadeda9d0911a8d38d6077df8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 9 May 2019 09:58:35 +0200
Subject: [PATCH 10/48] pypi2nix: fix $IN_NIX_SHELL test

In nix 2.0 this changed: https://github.com/NixOS/nix/commit/1bffd83
I only kept the original intention and did no kind of verification.
---
 pkgs/development/tools/pypi2nix/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/tools/pypi2nix/default.nix b/pkgs/development/tools/pypi2nix/default.nix
index 70c292365ab..e3d458fc648 100644
--- a/pkgs/development/tools/pypi2nix/default.nix
+++ b/pkgs/development/tools/pypi2nix/default.nix
@@ -43,7 +43,7 @@ in stdenv.mkDerivation rec {
     mv click-*/click                    $out/pkgs/click
     mv requests-*/requests              $out/pkgs/
 
-    if [ "$IN_NIX_SHELL" != "1" ]; then
+    if [ -z "$IN_NIX_SHELL" ]; then
       if [ -e git-export ]; then
         mv git-export/src/pypi2nix      $out/pkgs/pypi2nix
       else

From 78bd2e82cc7b1a06cd965ee0b5f2ce8c59d45eb3 Mon Sep 17 00:00:00 2001
From: jhaasdijk <j.haasdijk@student.ru.nl>
Date: Wed, 15 May 2019 17:06:32 +0200
Subject: [PATCH 11/48] gdb: 8.2.1 -> 8.3

---
 pkgs/development/tools/misc/gdb/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix
index 722490a56a9..10028365678 100644
--- a/pkgs/development/tools/misc/gdb/default.nix
+++ b/pkgs/development/tools/misc/gdb/default.nix
@@ -13,7 +13,7 @@
 
 let
   basename = "gdb-${version}";
-  version = "8.2.1";
+  version = "8.3";
 in
 
 assert pythonSupport -> python3 != null;
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://gnu/gdb/${basename}.tar.xz";
-    sha256 = "00i27xqawjv282a07i73lp1l02n0a3ywzhykma75qg500wll6sha";
+    sha256 = "0bnpzz0rl672xg5547q5qck2sxi6cnyixmk8bbb4gifw17ipwbw0";
   };
 
   patches = [

From fa7c6b83cb5735d0c08356ee4c240211457b71cf Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Mon, 13 May 2019 19:53:35 -0500
Subject: [PATCH 12/48] librsvg: 2.44.13 -> 2.44.14

---
 pkgs/development/libraries/librsvg/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix
index d46c7f7367a..0cbd60409b4 100644
--- a/pkgs/development/libraries/librsvg/default.nix
+++ b/pkgs/development/libraries/librsvg/default.nix
@@ -5,14 +5,14 @@
 
 let
   pname = "librsvg";
-  version = "2.44.13";
+  version = "2.44.14";
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
-    sha256 = "13ybdfx1agp0is81hy699nqvzb4zg1msjyvsmqcx0hb41jzn1mnj";
+    sha256 = "00z3qimpk909pcqq0jlsis5sskc6kn7cqia20smd9k9rhs3ag1ba";
   };
 
   outputs = [ "out" "dev" "installedTests" ];

From b97f53ec90c025ff147ebcd24670f5ffd17e9830 Mon Sep 17 00:00:00 2001
From: worldofpeace <worldofpeace@protonmail.ch>
Date: Wed, 15 May 2019 21:37:27 -0400
Subject: [PATCH 13/48] libsoup: 2.66.1 -> 2.66.2

https://gitlab.gnome.org/GNOME/libsoup/blob/2.66.2/NEWS
---
 pkgs/development/libraries/libsoup/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libsoup/default.nix b/pkgs/development/libraries/libsoup/default.nix
index 61cad10c190..52a52e7e732 100644
--- a/pkgs/development/libraries/libsoup/default.nix
+++ b/pkgs/development/libraries/libsoup/default.nix
@@ -5,11 +5,11 @@
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
   pname = "libsoup";
-  version = "2.66.1";
+  version = "2.66.2";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
-    sha256 = "1zs3bhspwg7fggxd7x1rrggpkcf2j9ch6dhncq9syh252z0vcb2a";
+    sha256 = "0amfw1yvy1kjrg41rfh2vvrw5gkwnyckqbw1fab50hm6xc1acbmx";
   };
 
   postPatch = ''

From ee4fc39aa7bdfd2eebf88c76cb782210efaf9e12 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 02:59:53 -0500
Subject: [PATCH 14/48] bind: 9.12.4-P1 -> 9.14.2

9.12 is EOL as of May 2019.

9.14.2 release notes (which appear to extend those for 9.14.1):

https://ftp.isc.org/isc/bind9/9.14.2/RELEASE-NOTES-bind-9.14.2.html

Please check the security fixes and prioritize this as appropriate.
---
 pkgs/servers/dns/bind/default.nix             | 20 +++++---------
 .../dns/bind/dont-keep-configure-flags.patch  | 26 +++++++++----------
 2 files changed, 19 insertions(+), 27 deletions(-)

diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix
index 06883414004..9ce85032c8d 100644
--- a/pkgs/servers/dns/bind/default.nix
+++ b/pkgs/servers/dns/bind/default.nix
@@ -8,30 +8,22 @@
 assert enableSeccomp -> libseccomp != null;
 assert enablePython -> python3 != null;
 
-let version = "9.12.4-P1"; in
+let version = "9.14.2"; in
 
 stdenv.mkDerivation rec {
   name = "bind-${version}";
 
   src = fetchurl {
     url = "https://ftp.isc.org/isc/bind9/${version}/${name}.tar.gz";
-    sha256 = "1if7zc5gzrfd28csc63v9bjwrc0rgvm1x9yx058946hc5gp5lyp2";
+    sha256 = "033zqajnj5ys45g899132xkhh9f0hsh76ffv7302wl166xbjfh0f";
   };
 
   outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];
 
-  patches = [ ./dont-keep-configure-flags.patch ./remove-mkdir-var.patch ] ++
-    [
-      # Workaround for missing atomic operations on aarch64. Upstream added the
-      # below patch after the release. Can probably be dropped with the next
-      # version.
-      (fetchpatch {
-        name = "client-atomics-as-refcount.patch";
-        url = https://gitlab.isc.org/isc-projects/bind9/commit/d72f436b7d7c697b262968c48c2d7643069ab17f.diff;
-        sha256 = "0sidlab9wcv21751fbq3h9m4wy6hk7frag9ar2jndw8rn3axr2qy";
-      })
-    ] ++
-    stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
+  patches = [
+    ./dont-keep-configure-flags.patch
+    ./remove-mkdir-var.patch
+  ] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
 
   nativeBuildInputs = [ perl ];
   buildInputs = [ libtool libxml2 openssl ]
diff --git a/pkgs/servers/dns/bind/dont-keep-configure-flags.patch b/pkgs/servers/dns/bind/dont-keep-configure-flags.patch
index 5a934056d13..17fdb15ad46 100644
--- a/pkgs/servers/dns/bind/dont-keep-configure-flags.patch
+++ b/pkgs/servers/dns/bind/dont-keep-configure-flags.patch
@@ -1,8 +1,8 @@
 diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
-index 388dc97..3c6135c 100644
+index b8e356b..cbe6c94 100644
 --- a/bin/named/include/named/globals.h
 +++ b/bin/named/include/named/globals.h
-@@ -65,7 +65,9 @@ EXTERN const char *		named_g_version		INIT(VERSION);
+@@ -68,7 +68,9 @@ EXTERN const char *		named_g_version		INIT(VERSION);
  EXTERN const char *		named_g_product		INIT(PRODUCT);
  EXTERN const char *		named_g_description	INIT(DESCRIPTION);
  EXTERN const char *		named_g_srcid		INIT(SRCID);
@@ -13,21 +13,21 @@ index 388dc97..3c6135c 100644
  EXTERN in_port_t		named_g_port		INIT(0);
  EXTERN isc_dscp_t		named_g_dscp		INIT(-1);
 diff --git a/bin/named/main.c b/bin/named/main.c
-index 4fb0566..60d56cd 100644
+index 62d9ce3..342abdc 100644
 --- a/bin/named/main.c
 +++ b/bin/named/main.c
-@@ -672,8 +672,10 @@ parse_command_line(int argc, char *argv[]) {
- 			       (*named_g_description != '\0') ? " " : "",
- 			       named_g_description, named_g_srcid);
- 			printf("running on %s\n", named_os_uname());
-+			#if 0
- 			printf("built by %s with %s\n",
- 			       named_g_builder, named_g_configargs);
-+			#endif
+@@ -459,8 +459,10 @@ printversion(bool verbose) {
+ 	}
+ 
+ 	printf("running on %s\n", named_os_uname());
++#if 0
+ 	printf("built by %s with %s\n",
+ 	       named_g_builder, named_g_configargs);
++#endif
  #ifdef __clang__
- 			printf("compiled by CLANG %s\n", __VERSION__);
+ 	printf("compiled by CLANG %s\n", __VERSION__);
  #else
-@@ -1075,9 +1077,11 @@ setup(void) {
+@@ -1001,9 +1003,11 @@ setup(void) {
  		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
  		      "running on %s", named_os_uname());
  

From 75bca7c163c1590e82bbc40165366066321bfb3c Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 13:44:25 -0500
Subject: [PATCH 15/48] ethtool: 5.0 -> 5.1

https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?id=cabc523cd2c398f63cd6198deb35039b2f08484f
---
 pkgs/tools/misc/ethtool/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/ethtool/default.nix b/pkgs/tools/misc/ethtool/default.nix
index 43682d9c847..963086b717a 100644
--- a/pkgs/tools/misc/ethtool/default.nix
+++ b/pkgs/tools/misc/ethtool/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "ethtool-${version}";
-  version = "5.0";
+  version = "5.1";
 
   src = fetchurl {
     url = "mirror://kernel/software/network/ethtool/${name}.tar.xz";
-    sha256 = "16gfkf001mdid1vjrxwri7fs4iwiy6d4lkrssljr2n13y0xj7m7c";
+    sha256 = "11rkvb1nga9hdiycw0hjn6lh1sfy4p4yzcl4fw5jjrb5xhgsrzk5";
   };
 
   meta = with stdenv.lib; {

From 764c298111a1e683a8cf79e865f6342d0685fe9a Mon Sep 17 00:00:00 2001
From: worldofpeace <worldofpeace@protonmail.ch>
Date: Fri, 17 May 2019 00:12:24 -0400
Subject: [PATCH 16/48] perl: get perl in HOST_PATH for patch-shebangs

---
 pkgs/development/perl-modules/generic/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/perl-modules/generic/default.nix b/pkgs/development/perl-modules/generic/default.nix
index d32755db990..3a28c50be39 100644
--- a/pkgs/development/perl-modules/generic/default.nix
+++ b/pkgs/development/perl-modules/generic/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, perl, buildPerl, toPerlModule }:
 
-{ nativeBuildInputs ? [], name, ... } @ attrs:
+{ buildInputs ? [], nativeBuildInputs ? [], name, ... } @ attrs:
 
 toPerlModule(stdenv.mkDerivation (
   (
@@ -36,6 +36,7 @@ toPerlModule(stdenv.mkDerivation (
   {
     name = "perl${perl.version}-${name}";
     builder = ./builder.sh;
+    buildInputs = buildInputs ++ [ perl ];
     nativeBuildInputs = nativeBuildInputs ++ [ (perl.dev or perl) ];
     fullperl = buildPerl;
   }

From 7822281b680a40c3867b3bbc59125d64b7a12045 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 05:24:19 -0500
Subject: [PATCH 17/48] file: 5.36 -> 5.37

https://github.com/file/file/blob/FILE5_37/ChangeLog
---
 pkgs/tools/misc/file/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index ed31d01f09d..14858428ee9 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   name = "file-${version}";
-  version = "5.36";
+  version = "5.37";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.astron.com/pub/file/${name}.tar.gz"
       "https://distfiles.macports.org/file/${name}.tar.gz"
     ];
-    sha256 = "0ya330cdkvfi2d28h8gvhghj4gnhysmifmryysl0a97xq2884q7v";
+    sha256 = "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9";
   };
 
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;

From 888dba6a1d7c15eb6463abb991306105617671d8 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 09:47:44 -0500
Subject: [PATCH 18/48] webkitgtk: 2.24.2

https://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
---
 pkgs/development/libraries/webkitgtk/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/webkitgtk/default.nix b/pkgs/development/libraries/webkitgtk/default.nix
index 2ccc9b7c2b4..91848ce1fb6 100644
--- a/pkgs/development/libraries/webkitgtk/default.nix
+++ b/pkgs/development/libraries/webkitgtk/default.nix
@@ -15,7 +15,7 @@ assert stdenv.isDarwin -> !enableGtk2Plugins;
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "webkitgtk-${version}";
-  version = "2.24.1";
+  version = "2.24.2";
 
   meta = {
     description = "Web content rendering engine, GTK+ port";
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://webkitgtk.org/releases/${name}.tar.xz";
-    sha256 = "0v9riwrmwi9wxbb8hlvcbyyxa9zxhcdk6s1xcspalk6asam8xjsk";
+    sha256 = "071jnjvjq6wsxx1jh4ql3j53h1nhphs5ga67fa5i9xjvs3qb3701";
   };
 
   patches = optionals stdenv.isDarwin [

From 19dd115588667b1f4cff178ded84642b6a14f45a Mon Sep 17 00:00:00 2001
From: Andrew Childs <lorne@cons.org.nz>
Date: Sat, 18 May 2019 17:08:59 +0900
Subject: [PATCH 19/48] jackaudio: restrict aften dependency to Darwin

---
 pkgs/misc/jackaudio/default.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pkgs/misc/jackaudio/default.nix b/pkgs/misc/jackaudio/default.nix
index a7b3e5f0fde..fb7c26a6d7a 100644
--- a/pkgs/misc/jackaudio/default.nix
+++ b/pkgs/misc/jackaudio/default.nix
@@ -1,9 +1,9 @@
 { stdenv, fetchFromGitHub, pkgconfig, python2Packages, makeWrapper
 , fetchpatch
 , bash, libsamplerate, libsndfile, readline, eigen, celt
-, wafHook, aften
+, wafHook
 # Darwin Dependencies
-, AudioUnit, CoreAudio, cf-private, libobjc, Accelerate
+, aften, AudioUnit, CoreAudio, cf-private, libobjc, Accelerate
 
 # Optional Dependencies
 , dbus ? null, libffado ? null, alsaLib ? null
@@ -40,9 +40,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig python makeWrapper wafHook ];
   buildInputs = [ libsamplerate libsndfile readline eigen celt
     optDbus optPythonDBus optLibffado optAlsaLib optLibopus
-    aften
   ] ++ optionals stdenv.isDarwin [
-    AudioUnit CoreAudio Accelerate cf-private libobjc
+    aften AudioUnit CoreAudio Accelerate cf-private libobjc
   ];
 
   prePatch = ''

From 347cd8add792c0e7dde1a64ae2dd6ac265b94259 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Sun, 19 May 2019 14:45:52 +0200
Subject: [PATCH 20/48] gnutls: fix tests after 79bd4ad57 (PR #61179)

It's one of the places that would reach out to /etc/ otherwise,
so I expect we have to pay this price to get the effect.
Hopefully there won't be too many places to patch.
---
 pkgs/development/libraries/gnutls/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 8a92390ca30..381ac2b59ad 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -1,6 +1,6 @@
 { config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkgconfig, lzip
 , perl, gmp, autoconf, autogen, automake, libidn, p11-kit, libiconv
-, unbound, dns-root-data, gettext
+, unbound, dns-root-data, gettext, cacert
 , guileBindings ? config.gnutls.guile or false, guile
 , tpmSupport ? false, trousers, which, nettools, libunistring
 , withSecurity ? false, Security  # darwin Security.framework
@@ -72,6 +72,9 @@ stdenv.mkDerivation {
   propagatedBuildInputs = [ nettle ];
 
   inherit doCheck;
+  # stdenv's `NIX_SSL_CERT_FILE=/no-cert-file.crt` broke tests with:
+  #   Error setting the x509 trust file: Error while reading file.
+  checkInputs = [ cacert ];
 
   # Fixup broken libtool and pkgconfig files
   preFixup = lib.optionalString (!isDarwin) ''

From fe7ee2976b3c4d0c74272b00e6a4491837508b4b Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Wed, 8 May 2019 02:01:37 -0500
Subject: [PATCH 21/48] go_1_12: 1.12.1 -> 1.12.5

https://groups.google.com/forum/#!topic/golang-dev/QwUlynmpl8A
---
 pkgs/development/compilers/go/1.12.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/compilers/go/1.12.nix b/pkgs/development/compilers/go/1.12.nix
index 68f9d1d531f..7fee3b23408 100644
--- a/pkgs/development/compilers/go/1.12.nix
+++ b/pkgs/development/compilers/go/1.12.nix
@@ -29,12 +29,12 @@ let
 in
 
 stdenv.mkDerivation rec {
-  name = "go-${version}";
-  version = "1.12.1";
+  pname = "go";
+  version = "1.12.5";
 
   src = fetchurl {
     url = "https://dl.google.com/go/go${version}.src.tar.gz";
-    sha256 = "12l12mmgqvy3nbscy7sz83qj4m6iz5a322aq9sk45f7l9ml2gq8b";
+    sha256 = "1s034pr60h20lsw171vbzqxqvcqn0s04dxfyqczyfcmkrf4g199a";
   };
 
   # perl is used for testing go vet

From 4a2fad0cf7283a0976143ac9f4cf6b14e24d4cc4 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Wed, 8 May 2019 02:19:29 -0500
Subject: [PATCH 22/48] go_1_11: 1.11.{6 -> 10}

---
 pkgs/development/compilers/go/1.11.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/compilers/go/1.11.nix b/pkgs/development/compilers/go/1.11.nix
index eec472fb88e..b545e25d801 100644
--- a/pkgs/development/compilers/go/1.11.nix
+++ b/pkgs/development/compilers/go/1.11.nix
@@ -29,12 +29,12 @@ let
 in
 
 stdenv.mkDerivation rec {
-  name = "go-${version}";
-  version = "1.11.6";
+  pname = "go";
+  version = "1.11.10";
 
   src = fetchurl {
     url = "https://dl.google.com/go/go${version}.src.tar.gz";
-    sha256 = "0cz1sdhxf9283p1p4jxb020pym0ncd0qlfh36r3hkv6bbm1a2vd9";
+    sha256 = "06rw962xigbrxblp942jbh7k133blpxg2xfrxi32qdhxkmmfj9yz";
   };
 
   # perl is used for testing go vet

From aae4c114a4f8e722ed221d47ecbb6a391682bca9 Mon Sep 17 00:00:00 2001
From: Tom Bereknyei <tom@dds.mil>
Date: Tue, 21 May 2019 14:31:46 -0400
Subject: [PATCH 23/48] openssl: fix CVE-2019-1543

Closes https://github.com/NixOS/nixpkgs/pull/61827.
Fixes https://github.com/NixOS/nixpkgs/issues/60107.
---
 pkgs/development/libraries/openssl/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 133e9ae8cb8..1c0d124b5c0 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -136,6 +136,11 @@ in {
     sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw";
     patches = [
       ./1.1/nix-ssl-cert-file.patch
+      (fetchurl {
+        name = "long-chacha-nonce.patch";
+        url = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f426625b6ae9a7831010750490a5f0ad689c5ba3";
+        sha256= "02ghqg3vzmzx3s1dwwwbm1p1l4asaiampyg4k9vfrjwficvgpdgp";
+      })
 
       (if stdenv.hostPlatform.isDarwin
        then ./1.1/use-etc-ssl-certs-darwin.patch

From 55bcfed30c23c06429b05665a29929a97febe942 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Wed, 22 May 2019 18:23:38 -0500
Subject: [PATCH 24/48] curl: 7.64.0 -> 7.65.0

https://curl.haxx.se/changes.html#7_65_0
---
 pkgs/tools/networking/curl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 29e64205a2b..bd502ee34c6 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -24,14 +24,14 @@ assert brotliSupport -> brotli != null;
 assert gssSupport -> libkrb5 != null;
 
 stdenv.mkDerivation rec {
-  name = "curl-7.64.1";
+  name = "curl-7.65.0";
 
   src = fetchurl {
     urls = [
       "https://curl.haxx.se/download/${name}.tar.bz2"
       "https://github.com/curl/curl/releases/download/${lib.replaceStrings ["."] ["_"] name}/${name}.tar.bz2"
     ];
-    sha256 = "0pd484nk4q4dxjilwla3bw1l1jy44043xs991xld0l2jncwcgisc";
+    sha256 = "0p6z77iv6wlxq7skbnxn61rn8rangrp4g4spr09y920fcf7w0iza";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];

From c404cfd8013f0631fbffa4e59955b78936250e67 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:04:34 +0200
Subject: [PATCH 25/48] pythonPackages.certifi: 2018.11.29 -> 2019.3.9

---
 pkgs/development/python-modules/certifi/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/certifi/default.nix b/pkgs/development/python-modules/certifi/default.nix
index 8ccfd2e9efb..07dc701f3b1 100644
--- a/pkgs/development/python-modules/certifi/default.nix
+++ b/pkgs/development/python-modules/certifi/default.nix
@@ -5,11 +5,11 @@
 
 buildPythonPackage rec {
   pname = "certifi";
-  version = "2018.11.29";
+  version = "2019.3.9";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1dvccavd2fzq4j37w0sznylp92ps14zi6gvlxzm23in0yhzciya7";
+    sha256 = "1bnpw7hrf9i1l9gfxjnzi45hkrvzz0pyn9ia8m4mw7sxhgb08qdj";
   };
 
   meta = {

From 6efa24ee077ab9fe5cf1d5b3d63b1c3210263e50 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:05:13 +0200
Subject: [PATCH 26/48] pythonPackages.botocore: 1.12.96 -> 1.12.150

---
 pkgs/development/python-modules/botocore/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix
index 801977a9620..c90c17d4173 100644
--- a/pkgs/development/python-modules/botocore/default.nix
+++ b/pkgs/development/python-modules/botocore/default.nix
@@ -12,11 +12,11 @@
 
 buildPythonPackage rec {
   pname = "botocore";
-  version = "1.12.96"; # N.B: if you change this, change boto3 and awscli to a matching version
+  version = "1.12.150"; # N.B: if you change this, change boto3 and awscli to a matching version
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "55c1594041e6716847d5a8b38181e3cc44e245edbf4598ae2b99e3040073b2cf";
+    sha256 = "1xrbl9dfb65wpz7rq5n4j2qvb591z1ny5d1s6rn813ws96pl8bpq";
   };
 
   propagatedBuildInputs = [

From adef5b9c974379b8f15f158e87c6a0e899396a58 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:05:43 +0200
Subject: [PATCH 27/48] pythonPackages.boto3: 1.9.96 -> 1.9.150

---
 pkgs/development/python-modules/boto3/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix
index e62936a9288..ff718014631 100644
--- a/pkgs/development/python-modules/boto3/default.nix
+++ b/pkgs/development/python-modules/boto3/default.nix
@@ -13,11 +13,11 @@
 
 buildPythonPackage rec {
   pname =  "boto3";
-  version = "1.9.96"; # N.B: if you change this, change botocore too
+  version = "1.9.150"; # N.B: if you change this, change botocore too
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "c103241394d396ee08548b03d5d1f0f89a7ad1dfa7ccca88a47131f329cca093";
+    sha256 = "1j0dldqn2yxykzrib4yiir28vk45mn4d43smvpg55dnz9lr1lap3";
   };
 
   propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];

From f12f9afa2a6a5337595e7d45d934f0525ce3267a Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:06:12 +0200
Subject: [PATCH 28/48] awscli: 1.16.106 -> 1.16.160

---
 pkgs/tools/admin/awscli/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix
index e09833869d6..7dbdedb423a 100644
--- a/pkgs/tools/admin/awscli/default.nix
+++ b/pkgs/tools/admin/awscli/default.nix
@@ -33,11 +33,11 @@ let
 
 in py.pkgs.buildPythonApplication rec {
   pname = "awscli";
-  version = "1.16.106"; # N.B: if you change this, change botocore to a matching version too
+  version = "1.16.160"; # N.B: if you change this, change botocore to a matching version too
 
   src = py.pkgs.fetchPypi {
     inherit pname version;
-    sha256 = "169810cb895ac8608747e81480aebd2712f654ad2e49e1f1315f34d6052d5e2d";
+    sha256 = "0w6frr2d4b5cas9kgd0fpn97mrx6ki9amqc0qr876cwnmgn2631x";
   };
 
   # No tests included

From 481254761819c268e32a9669be2dcbe426c9490d Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:06:42 +0200
Subject: [PATCH 29/48] pythonPackages.elasticsearch: 6.3.1 -> 7.0.1

---
 pkgs/development/python-modules/elasticsearch/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/elasticsearch/default.nix b/pkgs/development/python-modules/elasticsearch/default.nix
index 6c5ab07db19..a909d258942 100644
--- a/pkgs/development/python-modules/elasticsearch/default.nix
+++ b/pkgs/development/python-modules/elasticsearch/default.nix
@@ -7,11 +7,11 @@
 
 buildPythonPackage (rec {
   pname = "elasticsearch";
-  version = "6.3.1";
+  version = "7.0.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "aada5cfdc4a543c47098eb3aca6663848ef5d04b4324935ced441debc11ec98b";
+    sha256 = "0ax00k6xi7g419azjdn8g19zad304xmxw62pcfp3njawqnlnwp24";
   };
 
   # Check is disabled because running them destroy the content of the local cluster!

From e5f4e17ad4171e61d3ef639f3c13c90d6fcc5f66 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 17 May 2019 15:07:09 +0200
Subject: [PATCH 30/48] elasticsearch-curator: 5.6.0 -> 5.7.6

---
 .../python-modules/elasticsearch-curator/default.nix       | 4 ++--
 pkgs/top-level/all-packages.nix                            | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/elasticsearch-curator/default.nix b/pkgs/development/python-modules/elasticsearch-curator/default.nix
index b65e524346f..d517af949d4 100644
--- a/pkgs/development/python-modules/elasticsearch-curator/default.nix
+++ b/pkgs/development/python-modules/elasticsearch-curator/default.nix
@@ -17,11 +17,11 @@
 
 buildPythonPackage rec {
   pname   = "elasticsearch-curator";
-  version = "5.6.0";
+  version = "5.7.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0r4p229233ivprxnvp33hilkgczijmyvi33wivxhhj6q3kkywpyq";
+    sha256 = "0a6q7jcqwcqf8cv76lzldf90hnj2x8gha754x515dq10zsi9sjms";
   };
 
   # The test hangs so we disable it.
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 23021c99d1d..bae2f747cc9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2706,6 +2706,13 @@ in
           sha256 = "f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b";
         };
       });
+      pyyaml = super.pyyaml.overridePythonAttrs (oldAttrs: rec {
+        version = "3.12";
+        src = oldAttrs.src.override {
+          inherit version;
+          sha256 = "1aqjl8dk9amd4zr99n8v2qxzgmr2hdvqfma4zh7a41rj6336c9sr";
+        };
+      });
     };
   }).pkgs; toPythonApplication elasticsearch-curator;
 

From 3df8bed953cbd815c9fca9fc932368f13e4fbf30 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Thu, 23 May 2019 16:16:54 +0200
Subject: [PATCH 31/48] pythonPackages.elasticsearch-dsl: 6.3.1 -> 7.0.0

---
 pkgs/development/python-modules/elasticsearch-dsl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/elasticsearch-dsl/default.nix b/pkgs/development/python-modules/elasticsearch-dsl/default.nix
index 805bacbd716..1ca8c9b55ff 100644
--- a/pkgs/development/python-modules/elasticsearch-dsl/default.nix
+++ b/pkgs/development/python-modules/elasticsearch-dsl/default.nix
@@ -11,11 +11,11 @@
 
 buildPythonPackage rec {
   pname = "elasticsearch-dsl";
-  version = "6.3.1";
+  version = "7.0.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1gh8a0shqi105k325hgwb9avrpdjh0mc6mxwfg9ba7g6lssb702z";
+    sha256 = "08kgpcf6lp8gjan6dvdx35340i4yqa77klapk8j7165svfjc5v9a";
   };
 
   propagatedBuildInputs = [ elasticsearch python-dateutil six ]

From 72fc6f7e5ce3d281e9803cd5df37591c63755e50 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 24 May 2019 13:59:21 +0200
Subject: [PATCH 32/48] libbytesize: 1.4 -> 2.0

---
 pkgs/development/libraries/libbytesize/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/libbytesize/default.nix b/pkgs/development/libraries/libbytesize/default.nix
index 724e9f1b74a..97f8e17a5f6 100644
--- a/pkgs/development/libraries/libbytesize/default.nix
+++ b/pkgs/development/libraries/libbytesize/default.nix
@@ -1,10 +1,10 @@
 { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, gettext
 , gtk-doc, libxslt, docbook_xml_dtd_43, docbook_xsl
-, python3, pcre, gmp, mpfr
+, python3, pcre2, gmp, mpfr
 }:
 
 let
-  version = "1.4";
+  version = "2.0";
 in stdenv.mkDerivation rec {
   name = "libbytesize-${version}";
 
@@ -12,14 +12,14 @@ in stdenv.mkDerivation rec {
     owner = "storaged-project";
     repo = "libbytesize";
     rev = version;
-    sha256 = "1yxlc0f960rhqmh3fs3p0hvw0y2cikplgc27zsz6rn4h5dlrfmi2";
+    sha256 = "0m950idlyv6mbkhr8ngnda5l5wwb5lzs4wn4kxl73cvdlcvklmwj";
   };
 
   outputs = [ "out" "dev" "devdoc" ];
 
   nativeBuildInputs = [ autoreconfHook pkgconfig gettext gtk-doc libxslt docbook_xml_dtd_43 docbook_xsl python3 ];
 
-  buildInputs = [ pcre gmp mpfr ];
+  buildInputs = [ pcre2 gmp mpfr ];
 
   meta = with stdenv.lib; {
     description = "A tiny library providing a C “class” for working with arbitrary big sizes in bytes";

From 2982e92f441e825fd4ae94467300bbbe6ca9cb4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Luis=20Lafuente?= <jl@lafuente.me>
Date: Fri, 24 May 2019 20:40:18 +0200
Subject: [PATCH 33/48] x265: 2.9 -> 3.0

---
 pkgs/development/libraries/x265/default.nix | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix
index 7ea28f6b61e..398c309d938 100644
--- a/pkgs/development/libraries/x265/default.nix
+++ b/pkgs/development/libraries/x265/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, fetchpatch, cmake, yasm
+{ stdenv, fetchurl, fetchpatch, cmake, nasm, numactl
+, numaSupport ? stdenv.hostPlatform.isLinux && (stdenv.hostPlatform.isx86 || stdenv.hostPlatform.isAarch64)  # Enabled by default on NUMA platforms
 , debugSupport ? false # Run-time sanity checks (debugging)
 , highbitdepthSupport ? false # false=8bits per channel, true=10/12bits per channel
 , werrorSupport ? false # Warnings as errors
@@ -16,26 +17,20 @@ in
 
 stdenv.mkDerivation rec {
   name = "x265-${version}";
-  version = "2.9";
+  version = "3.0";
 
   src = fetchurl {
     urls = [
       "https://get.videolan.org/x265/x265_${version}.tar.gz"
       "ftp://ftp.videolan.org/pub/videolan/x265/x265_${version}.tar.gz"
     ];
-    sha256 = "090hp4216isis8q5gb7bwzia8rfyzni54z21jnwm97x3hiy6ibpb";
+    sha256 = "0qh65wdpasrspkm1y0dlfa123myax568yi0sas0lmg5b1hkgrff5";
   };
 
   enableParallelBuilding = true;
 
   patches = [
-    # Fix issue #442 (linking issue on non-x86 platforms)
-    # Applies on v2.9 only, this should be removed at next update
-    (fetchpatch {
-      url = "https://bitbucket.org/multicoreware/x265/commits/471726d3a0462739ff8e3518eb1a1e8a01de4e8d/raw";
-      sha256 = "0mj8lb8ng8lrhzjavap06vjhqf6j0r3sn76c6rhs3012f86lv928";
-    })
-    # Fix build on ARM (#406) 
+    # Fix build on ARM (#406)
     (fetchpatch {
       url = "https://bitbucket.org/multicoreware/x265/issues/attachments/406/multicoreware/x265/1527562952.26/406/X265-2.8-asm-primitives.patch";
       sha256 = "1vf8bpl37gbd9dcbassgkq9i0rp24qm3bl6hx9zv325174bn402v";
@@ -67,7 +62,7 @@ stdenv.mkDerivation rec {
     rm $out/lib/*.a
   '';
 
-  nativeBuildInputs = [ cmake yasm ];
+  nativeBuildInputs = [ cmake nasm ] ++ stdenv.lib.optional numaSupport numactl;
 
   meta = with stdenv.lib; {
     description = "Library for encoding h.265/HEVC video streams";

From 93982349c8ed4ddc88e62cb970ac6fdd331ee766 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Fri, 24 May 2019 16:54:27 -0400
Subject: [PATCH 34/48] sqlite: enable parallel builds

---
 pkgs/development/libraries/sqlite/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix
index ea1c38ea476..b2351a32fa6 100644
--- a/pkgs/development/libraries/sqlite/default.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -9,7 +9,7 @@ let
 in
 
 stdenv.mkDerivation rec {
-  name = "sqlite-${version}";
+  pname = "sqlite";
   version = "3.28.0";
 
   # NB! Make sure to update analyzer.nix src (in the same directory).
@@ -71,6 +71,7 @@ stdenv.mkDerivation rec {
     sed -i $out/lib/libsqlite3.la -e "s/dependency_libs=.*/dependency_libs='''/"
   '';
 
+  enableParallelBuilding = true;
   doCheck = false; # fails to link against tcl
 
   meta = {

From 3232cadf962a0757c4b6313c8b01781f6ed9f2b0 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Fri, 24 May 2019 17:40:37 -0400
Subject: [PATCH 35/48] boost: run build and install hooks

Users who want to patch boost may put a postInstall hook in an overlay, which
requires that that expression runs them on the buildPhase and installPhase.
---
 pkgs/development/libraries/boost/generic.nix | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix
index c0c69b0fe70..90dd8ff1744 100644
--- a/pkgs/development/libraries/boost/generic.nix
+++ b/pkgs/development/libraries/boost/generic.nix
@@ -97,9 +97,9 @@ let
 in
 
 stdenv.mkDerivation {
-  name = "boost-${version}";
+  pname = "boost";
 
-  inherit src;
+  inherit src version;
 
   patchFlags = "";
 
@@ -112,11 +112,10 @@ stdenv.mkDerivation {
   meta = {
     homepage = http://boost.org/;
     description = "Collection of C++ libraries";
-    license = stdenv.lib.licenses.boost;
-
+    license = licenses.boost;
     platforms = platforms.unix ++ platforms.windows;
-    badPlatforms = stdenv.lib.optional (versionOlder version "1.59") "aarch64-linux"
-                 ++ stdenv.lib.optional ((versionOlder version "1.57") || version == "1.58") "x86_64-darwin";
+    badPlatforms = optional (versionOlder version "1.59") "aarch64-linux"
+                 ++ optional ((versionOlder version "1.57") || version == "1.58") "x86_64-darwin";
     maintainers = with maintainers; [ peti ];
   };
 
@@ -158,16 +157,22 @@ stdenv.mkDerivation {
     ++ optional (toolset != null) "--with-toolset=${toolset}";
 
   buildPhase = ''
+    runHook preBuild
     ./b2 ${b2Args}
+    runHook postBuild
   '';
 
   installPhase = ''
+    runHook preInstall
+
     # boostbook is needed by some applications
     mkdir -p $dev/share/boostbook
     cp -a tools/boostbook/{xsl,dtd} $dev/share/boostbook/
 
     # Let boost install everything else
     ./b2 ${b2Args} install
+
+    runHook postInstall
   '';
 
   postFixup = ''

From 62f9685a609a158007e76c0fb26cebf22aaed23c Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Fri, 24 May 2019 17:06:17 -0400
Subject: [PATCH 36/48] gdbm: enable parallel building and use pname

---
 pkgs/development/libraries/gdbm/default.nix | 40 +++++++++++----------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/pkgs/development/libraries/gdbm/default.nix b/pkgs/development/libraries/gdbm/default.nix
index 9b1fc2b4ac5..972e9022235 100644
--- a/pkgs/development/libraries/gdbm/default.nix
+++ b/pkgs/development/libraries/gdbm/default.nix
@@ -1,12 +1,14 @@
 { stdenv, lib, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "gdbm-1.18.1";
+  pname = "gdbm";
+  version = "1.18.1";
+
   # FIXME: remove on update to > 1.18.1
   NIX_CFLAGS_COMPILE = if stdenv.cc.isClang then "-Wno-error=return-type" else null;
 
   src = fetchurl {
-    url = "mirror://gnu/gdbm/${name}.tar.gz";
+    url = "mirror://gnu/gdbm/${pname}-${version}.tar.gz";
     sha256 = "1p4ibds6z3ccy65lkmd6lm7js0kwifvl53r0fd759fjxgr917rl6";
   };
 
@@ -25,10 +27,12 @@ stdenv.mkDerivation rec {
       substituteInPlace tests/testsuite.at --replace \
         'm4_include([dbmfetch03.at])' ""
   '';
+
+  enableParallelBuilding = true;
   configureFlags = [ "--enable-libgdbm-compat" ];
 
+  # create symlinks for compatibility
   postInstall = ''
-    # create symlinks for compatibility
     install -dm755 $out/include/gdbm
     (
       cd $out/include/gdbm
@@ -40,26 +44,24 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     description = "GNU dbm key/value database library";
+    longDescription = ''
+       GNU dbm (or GDBM, for short) is a library of database functions that
+       use extensible hashing and work similar to the standard UNIX dbm.
+       These routines are provided to a programmer needing to create and
+       manipulate a hashed database.
 
-    longDescription =
-      '' GNU dbm (or GDBM, for short) is a library of database functions that
-         use extensible hashing and work similar to the standard UNIX dbm.
-         These routines are provided to a programmer needing to create and
-         manipulate a hashed database.
+       The basic use of GDBM is to store key/data pairs in a data file.
+       Each key must be unique and each key is paired with only one data
+       item.
 
-         The basic use of GDBM is to store key/data pairs in a data file.
-         Each key must be unique and each key is paired with only one data
-         item.
+       The library provides primitives for storing key/data pairs,
+       searching and retrieving the data by its key and deleting a key
+       along with its data.  It also support sequential iteration over all
+       key/data pairs in a database.
 
-         The library provides primitives for storing key/data pairs,
-         searching and retrieving the data by its key and deleting a key
-         along with its data.  It also support sequential iteration over all
-         key/data pairs in a database.
-
-         For compatibility with programs using old UNIX dbm function, the
-         package also provides traditional dbm and ndbm interfaces.
+       For compatibility with programs using old UNIX dbm function, the
+       package also provides traditional dbm and ndbm interfaces.
       '';
-
     homepage = https://www.gnu.org/software/gdbm/;
     license = licenses.gpl3Plus;
     platforms = platforms.all;

From 7409ec7e1ed6528c1727bb8c2764e73204ea9ebe Mon Sep 17 00:00:00 2001
From: Yegor Timoshenko <yegortimoshenko@riseup.net>
Date: Wed, 22 May 2019 13:22:36 +0300
Subject: [PATCH 37/48] e2fsprogs: fix cross compilation

---
 pkgs/tools/filesystems/e2fsprogs/default.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index 11f107e994f..787d6e10a57 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -27,9 +27,15 @@ stdenv.mkDerivation rec {
 
   configureFlags =
     if stdenv.isLinux then [
-      "--enable-elf-shlibs" "--enable-symlink-install" "--enable-relative-symlinks"
-      # libuuid, libblkid, uuidd and fsck are in util-linux-ng (the "libuuid" dependency).
-      "--disable-libuuid" "--disable-uuidd" "--disable-libblkid" "--disable-fsck"
+      "--enable-elf-shlibs"
+      "--enable-symlink-install"
+      "--enable-relative-symlinks"
+      "--with-crond-dir=no"
+      # fsck, libblkid, libuuid and uuidd are in util-linux-ng (the "libuuid" dependency)
+      "--disable-fsck"
+      "--disable-libblkid"
+      "--disable-libuuid"
+      "--disable-uuidd"
     ] else [
       "--enable-libuuid --disable-e2initrd-helper"
     ];

From fe154889d7a6881d0b6c7b10d95247c3b6a26176 Mon Sep 17 00:00:00 2001
From: c0bw3b <c0bw3b@users.noreply.github.com>
Date: Sun, 26 May 2019 00:00:47 +0200
Subject: [PATCH 38/48] publicsuffix-list: init at 2019-05-24

Push #62070 to staging
---
 pkgs/data/misc/publicsuffix-list/default.nix | 25 ++++++++++++++++++++
 pkgs/top-level/all-packages.nix              |  2 ++
 2 files changed, 27 insertions(+)
 create mode 100644 pkgs/data/misc/publicsuffix-list/default.nix

diff --git a/pkgs/data/misc/publicsuffix-list/default.nix b/pkgs/data/misc/publicsuffix-list/default.nix
new file mode 100644
index 00000000000..b5414ab18b4
--- /dev/null
+++ b/pkgs/data/misc/publicsuffix-list/default.nix
@@ -0,0 +1,25 @@
+{ lib, fetchFromGitHub }:
+
+let
+  pname = "publicsuffix-list";
+  version = "2019-05-24";
+in fetchFromGitHub rec {
+  name = "${pname}-${version}";
+  owner = "publicsuffix";
+  repo = "list";
+  rev = "a1db0e898956e126de65be1a5e977fbbbbeebe33";
+  sha256 = "092153w2jr7nx28p9wc9k6b5azi9c39ghnqfnfiwfzv1j8jm3znq";
+
+  postFetch = ''
+    tar xf $downloadedFile --strip=1
+    install -Dm0444 public_suffix_list.dat tests/test_psl.txt -t $out/share/publicsuffix
+  '';
+
+  meta = with lib; {
+    homepage = "https://publicsuffix.org/";
+    description = "Cross-vendor public domain suffix database";
+    platforms = platforms.all;
+    license = licenses.mpl20;
+    maintainers = [ maintainers.c0bw3b ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index ac67a5d4028..ab34ac1e8dd 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -16466,6 +16466,8 @@ in
 
   public-sans  = callPackage ../data/fonts/public-sans { };
 
+  publicsuffix-list = callPackage ../data/misc/publicsuffix-list { };
+
   qogir-theme = callPackage ../data/themes/qogir { };
 
   redhat-official-fonts = callPackage ../data/fonts/redhat-official { };

From 846b12b772b28fbe4cabd5c6b18a04eefa5a91f5 Mon Sep 17 00:00:00 2001
From: c0bw3b <c0bw3b@users.noreply.github.com>
Date: Sun, 26 May 2019 00:06:42 +0200
Subject: [PATCH 39/48] libpsl: 0.20.2 -> 0.21.0

Push #62070 to staging
---
 pkgs/development/libraries/libpsl/default.nix | 53 ++++++++-----------
 1 file changed, 21 insertions(+), 32 deletions(-)

diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix
index 65da1f8e9d1..ac00920d054 100644
--- a/pkgs/development/libraries/libpsl/default.nix
+++ b/pkgs/development/libraries/libpsl/default.nix
@@ -1,34 +1,22 @@
-{ stdenv, fetchFromGitHub, autoreconfHook, docbook_xsl, docbook_xml_dtd_43, gtk-doc, icu
-, libxslt, pkgconfig, python3 }:
+{ stdenv, fetchurl, autoreconfHook, docbook_xsl, docbook_xml_dtd_43, gtk-doc, lzip
+, libidn2, libunistring, libxslt, pkgconfig, python3, valgrind
+, publicsuffix-list
+}:
 
-let
+stdenv.mkDerivation rec {
+  pname = "libpsl";
+  version = "0.21.0";
 
-  listVersion = "2017-02-03";
-  listSources = fetchFromGitHub {
-    sha256 = "0fhc86pjv50hxj3xf9r4mh0zzvdzqp5lac20caaxq1hlvdzavaa3";
-    rev = "37e30d13801eaad3383b122c11d8091c7ac21040";
-    repo = "list";
-    owner = "publicsuffix";
+  src = fetchurl {
+    url = "https://github.com/rockdaboot/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.lz";
+    sha256 = "183hadbira0d2zvv8272lspy31dgm9x26z35c61s5axcd5wd9g9i";
   };
 
-  libVersion = "0.20.2";
-
-in stdenv.mkDerivation rec {
-  name = "libpsl-${version}";
-  version = "${libVersion}-list-${listVersion}";
-
-  src = fetchFromGitHub {
-    sha256 = "0ijingxpnvl5xnna32j93ijagvjsvw2lhj71q39hz9xhzjzrda9b";
-    rev = "libpsl-${libVersion}";
-    repo = "libpsl";
-    owner = "rockdaboot";
-  };
-
-  buildInputs = [ icu libxslt ];
-  nativeBuildInputs = [ autoreconfHook docbook_xsl docbook_xml_dtd_43 gtk-doc pkgconfig python3 ];
+  nativeBuildInputs = [ autoreconfHook docbook_xsl docbook_xml_dtd_43 gtk-doc lzip pkgconfig python3 valgrind ];
+  buildInputs = [ libidn2 libunistring libxslt ];
+  propagatedBuildInputs = [ publicsuffix-list ];
 
   postPatch = ''
-    substituteInPlace src/psl.c --replace bits/stat.h sys/stat.h
     patchShebangs src/psl-make-dafsa
   '';
 
@@ -36,15 +24,14 @@ in stdenv.mkDerivation rec {
     gtkdocize
   '';
 
-  preConfigure = ''
-    # The libpsl check phase requires the list's test scripts (tests/) as well
-    cp -Rv "${listSources}"/* list
-  '';
   configureFlags = [
-    "--disable-builtin"
     "--disable-static"
     "--enable-gtk-doc"
     "--enable-man"
+    "--enable-valgrind-tests"
+    "--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
+    "--with-psl-file=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat"
+    "--with-psl-testfile=${publicsuffix-list}/share/publicsuffix/test_psl.txt"
   ];
 
   enableParallelBuilding = true;
@@ -60,8 +47,10 @@ in stdenv.mkDerivation rec {
       "supercookies" and "super domain" certificates, for highlighting parts of
       the domain in a user interface or sorting domain lists by site.
     '';
-    homepage = http://rockdaboot.github.io/libpsl/;
+    homepage = "https://rockdaboot.github.io/libpsl/";
+    changelog = "https://raw.githubusercontent.com/rockdaboot/${pname}/${pname}-${version}/NEWS";
     license = licenses.mit;
-    platforms = with platforms; linux ++ darwin;
+    platforms = platforms.unix;
+    maintainers = [ maintainers.c0bw3b ];
   };
 }

From 5c8b5fb4562b8b1f0a4a2926e9323e6646afd77c Mon Sep 17 00:00:00 2001
From: volth <volth@volth.com>
Date: Sat, 25 May 2019 05:13:52 +0000
Subject: [PATCH 40/48] perl530: init at 5.30.0

---
 pkgs/development/interpreters/perl/default.nix | 15 +++++++++++----
 pkgs/top-level/all-packages.nix                |  3 ++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix
index d514d017769..3bcedc47c4b 100644
--- a/pkgs/development/interpreters/perl/default.nix
+++ b/pkgs/development/interpreters/perl/default.nix
@@ -171,11 +171,11 @@ let
       priority = 6; # in `buildEnv' (including the one inside `perl.withPackages') the library files will have priority over files in `perl`
     };
   } // stdenv.lib.optionalAttrs (stdenv.buildPlatform != stdenv.hostPlatform) rec {
-    crossVersion = "9e4051cd28b7b3afb162776f5627c7abe4c7b9ea"; # Apr 21, 2019
+    crossVersion = "2152db1ea241f796206ab309036be1a7d127b370"; # May 25, 2019
 
     perl-cross-src = fetchurl {
       url = "https://github.com/arsv/perl-cross/archive/${crossVersion}.tar.gz";
-      sha256 = "0dj99w2dicbp3c3wn0k32785pc4c68iqnlyxswnza6mhw6wvl9v7";
+      sha256 = "1k08iqdkf9q00hbcq2b933w3vmds7xkfr90phhk0qf64l18wdrkf";
     };
 
     depsBuildBuild = [ buildPackages.stdenv.cc makeWrapper ];
@@ -199,11 +199,18 @@ in {
     sha256 = "1iynpsxdym4h76kgndmn3ykvwxhqz444xvaz8z2irsxkvmnlb5da";
   };
 
+  perl530 = common {
+    perl = pkgs.perl530;
+    buildPerl = buildPackages.perl530;
+    version = "5.30.0";
+    sha256 = "1wkmz6xn3fswpqhz29akiklcxclnlykhp96a8bqcz36rak3i64l5";
+  };
+
   # the latest Devel version
   perldevel = common {
     perl = pkgs.perldevel;
     buildPerl = buildPackages.perldevel;
-    version = "5.29.9";
-    sha256 = "017x3nghyc5m8q1yqnrdma96b3d5rlfx87vv5mi64jq0r8k6zppm";
+    version = "5.30.0";
+    sha256 = "1wkmz6xn3fswpqhz29akiklcxclnlykhp96a8bqcz36rak3i64l5";
   };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index df0d17948ab..d47ba5c13ad 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13959,9 +13959,10 @@ in
   ### DEVELOPMENT / PERL MODULES
 
   perlInterpreters = callPackages ../development/interpreters/perl {};
-  inherit (perlInterpreters) perl528 perldevel;
+  inherit (perlInterpreters) perl528 perl530 perldevel;
 
   perl528Packages = recurseIntoAttrs perl528.pkgs;
+  perl530Packages = recurseIntoAttrs perl530.pkgs;
   perldevelPackages = perldevel.pkgs;
 
   perl = perl528;

From ffa37749a1a5e094a7abd34799c23e4f71b3a4f5 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 15:04:27 -0500
Subject: [PATCH 41/48] e2fsprogs: 1.45.0 -> 1.45.1

---
 pkgs/tools/filesystems/e2fsprogs/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index 787d6e10a57..9746a687b54 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "e2fsprogs";
-  version = "1.45.0";
+  version = "1.45.1";
 
   src = fetchurl {
     url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
-    sha256 = "1sgcjarfksa8bkx81q5cd6rzqvhzgs28a0ljwyr4ggqpfx7d18vk";
+    sha256 = "0zi8jz28hs66vhjvrfxmkmr1via19aygcbzpnw3lp0crhizaasgf";
   };
 
   outputs = [ "bin" "dev" "out" "man" "info" ];

From deadc1473378e2db0f709ab37e14733fe4c705ec Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Fri, 17 May 2019 08:17:21 -0500
Subject: [PATCH 42/48] e2fsprogs: fix w/musl, tweak patch

---
 pkgs/tools/filesystems/e2fsprogs/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index 9746a687b54..c06b5eeff4b 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -20,7 +20,8 @@ stdenv.mkDerivation rec {
     else [
       (fetchpatch {
       url = "https://raw.githubusercontent.com/void-linux/void-packages/9583597eb3e6e6b33f61dbc615d511ce030bc443/srcpkgs/e2fsprogs/patches/fix-glibcism.patch";
-      sha256 = "1fyml1iwrs412xn2w36ra28am3sq4klrrj60lnf7rysyw069nxk3";
+      sha256 = "1gfcsr0i3q8q2f0lqza8na0iy4l4p3cbii51ds6zmj0y4hz2dwhb";
+      excludes = [ "lib/ext2fs/hashmap.h" ];
       extraPrefix = "";
       })
     ];

From 2a5923aa2e37d3e3cc4979879ce466942498f139 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Fri, 10 May 2019 21:04:32 -0700
Subject: [PATCH 43/48] alsaLib: 1.1.8 -> 1.1.9

Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/alsa-lib/versions
---
 pkgs/os-specific/linux/alsa-lib/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix
index 3c3fbc6e797..8dcddf4baf9 100644
--- a/pkgs/os-specific/linux/alsa-lib/default.nix
+++ b/pkgs/os-specific/linux/alsa-lib/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "alsa-lib-1.1.8";
+  name = "alsa-lib-1.1.9";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "1pxf0zkmps03l3zzd0fr828xhkg6a8hxljmbxzc2cyj2ls9kmp1w";
+    sha256 = "0jwr9g4yxg9gj6xx0sb2r6wrdl8amrjd19hilkrq4rirynp770s8";
   };
 
   patches = [

From 07dbc438cce81ff15c3c9ae3213a1762d178274f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Tue, 28 May 2019 13:51:55 +0200
Subject: [PATCH 44/48] gnutls: 3.6.7 -> 3.6.8 (bugfix)

No security fixes announced.
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html
---
 pkgs/development/libraries/gnutls/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 381ac2b59ad..e0a54052c23 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -8,7 +8,7 @@
 
 assert guileBindings -> guile != null;
 let
-  version = "3.6.7";
+  version = "3.6.8";
 
   # XXX: Gnulib's `test-select' fails on FreeBSD:
   # http://hydra.nixos.org/build/2962084/nixlog/1/raw .
@@ -24,7 +24,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "mirror://gnupg/gnutls/v3.6/gnutls-${version}.tar.xz";
-    sha256 = "1ql8l6l5bxks2pgpwb1602zc0j6ivhpy27hdfc49h8xgbanhjd2v";
+    sha256 = "10ry71sy8zbksa905bjryphafcg25gkmfa3pf48ripimar7990da";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];

From 072f4d61c06661567c0ee00efe6d539db0342f06 Mon Sep 17 00:00:00 2001
From: Ben Hipple <bhipple@protonmail.com>
Date: Tue, 28 May 2019 14:24:42 +0000
Subject: [PATCH 45/48] swig: use pname and standardize meta

- pname makes it easier to override the version in an overlay and looks generally cleaner
- Updated the meta sections to match between the various versions

No real functional change, just cleanup.
---
 pkgs/development/tools/misc/swig/2.x.nix     | 27 ++++--------------
 pkgs/development/tools/misc/swig/3.x.nix     |  4 +--
 pkgs/development/tools/misc/swig/default.nix | 29 ++++++--------------
 3 files changed, 16 insertions(+), 44 deletions(-)

diff --git a/pkgs/development/tools/misc/swig/2.x.nix b/pkgs/development/tools/misc/swig/2.x.nix
index acf1988c947..9f0e767c3d0 100644
--- a/pkgs/development/tools/misc/swig/2.x.nix
+++ b/pkgs/development/tools/misc/swig/2.x.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, bison, pcre }:
 
 stdenv.mkDerivation rec {
-  name = "swig-${version}";
+  pname = "swig";
   version = "2.0.12";
 
   src = fetchFromGitHub {
@@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--without-tcl" ];
 
+  # Disable ccache documentation as it needs yodl
   postPatch = ''
-    # Disable ccache documentation as it need yodl
     sed -i '/man1/d' CCache/Makefile.in
   '';
 
@@ -25,26 +25,11 @@ stdenv.mkDerivation rec {
     ./autogen.sh
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "SWIG, an interface compiler that connects C/C++ code to higher-level languages";
-
-    longDescription = ''
-       SWIG is an interface compiler that connects programs written in C and
-       C++ with languages such as Perl, Python, Ruby, Scheme, and Tcl.  It
-       works by taking the declarations found in C/C++ header files and using
-       them to generate the wrapper code that scripting languages need to
-       access the underlying C/C++ code.  In addition, SWIG provides a variety
-       of customization features that let you tailor the wrapping process to
-       suit your application.
-    '';
-
     homepage = http://swig.org/;
-
-    # Licensing is a mess: http://www.swig.org/Release/LICENSE .
-    license = "BSD-style";
-
-    platforms = lib.platforms.linux ++ lib.platforms.darwin;
-
-    maintainers = [ ];
+    # Different types of licenses available: http://www.swig.org/Release/LICENSE .
+    license = licenses.gpl3Plus;
+    platforms = with platforms; linux ++ darwin;
   };
 }
diff --git a/pkgs/development/tools/misc/swig/3.x.nix b/pkgs/development/tools/misc/swig/3.x.nix
index 903693b9280..bec855f3cee 100644
--- a/pkgs/development/tools/misc/swig/3.x.nix
+++ b/pkgs/development/tools/misc/swig/3.x.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchFromGitHub, autoconf, automake, libtool, bison, pcre, buildPackages }:
 
 stdenv.mkDerivation rec {
-  name = "swig-${version}";
+  pname = "swig";
   version = "3.0.12";
 
   src = fetchFromGitHub {
@@ -17,8 +17,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--without-tcl" ];
 
+  # Disable ccache documentation as it needs yodl
   postPatch = ''
-    # Disable ccache documentation as it need yodl
     sed -i '/man1/d' CCache/Makefile.in
   '';
 
diff --git a/pkgs/development/tools/misc/swig/default.nix b/pkgs/development/tools/misc/swig/default.nix
index cfd1c7728cb..e74b2898498 100644
--- a/pkgs/development/tools/misc/swig/default.nix
+++ b/pkgs/development/tools/misc/swig/default.nix
@@ -1,10 +1,11 @@
 { stdenv, fetchurl, boost, tcl }:
 
 stdenv.mkDerivation rec {
-  name = "swig-1.3.40";
+  pname = "swig";
+  version = "1.3.40";
 
   src = fetchurl {
-    url = "mirror://sourceforge/swig/${name}.tar.gz";
+    url = "mirror://sourceforge/swig/${pname}-${version}.tar.gz";
     sha256 = "02dc8g8wy75nd2is1974rl24c6mdl0ai1vszs1xpg9nd7dlv6i8r";
   };
 
@@ -14,26 +15,12 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--disable-ccache" ];
 
-  meta = {
-    description = "Interface compiler that connects C/C++ code to higher-level languages";
-
-    longDescription = ''
-       SWIG is an interface compiler that connects programs written in C and
-       C++ with languages such as Perl, Python, Ruby, Scheme, and Tcl.  It
-       works by taking the declarations found in C/C++ header files and using
-       them to generate the wrapper code that scripting languages need to
-       access the underlying C/C++ code.  In addition, SWIG provides a variety
-       of customization features that let you tailor the wrapping process to
-       suit your application.
-    '';
 
+  meta = with stdenv.lib; {
+    description = "SWIG, an interface compiler that connects C/C++ code to higher-level languages";
     homepage = http://swig.org/;
-
-    # Licensing is a mess: http://www.swig.org/Release/LICENSE .
-    license = "BSD-style";
-
-    platforms = stdenv.lib.platforms.all;
-
-    maintainers = [ ];
+    # Different types of licenses available: http://www.swig.org/Release/LICENSE .
+    license = licenses.gpl3Plus;
+    platforms = with platforms; linux ++ darwin;
   };
 }

From 858076ef564bf00ce3fd36543c094895273ecb30 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Tue, 21 May 2019 21:00:34 -0400
Subject: [PATCH 46/48] meson: fix cpu_family for aarch64

As documented, it should be `aarch64` for AArch64.

 * https://mesonbuild.com/Reference-tables.html#cpu-families

```
 $ nix eval '((import <nixpkgs> {}).pkgsCross.aarch64-multiplatform.stdenv.targetPlatform.parsed.cpu.family)'
"arm"
```

The lookup table will ensure that, at any point, meson does not pick the
wrong family.
---
 .../tools/build-managers/meson/default.nix           | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix
index 92a0ae3eb85..3ae7df0ed82 100644
--- a/pkgs/development/tools/build-managers/meson/default.nix
+++ b/pkgs/development/tools/build-managers/meson/default.nix
@@ -1,5 +1,15 @@
 { lib, python3Packages, stdenv, writeTextDir, substituteAll, targetPackages }:
 
+let
+  # See https://mesonbuild.com/Reference-tables.html#cpu-families
+  cpuFamilies = {
+    "aarch64" = "aarch64";
+    "armv6l"  = "arm";
+    "armv7l"  = "arm";
+    "i686"    = "x86";
+    "x86_64"  = "x86_64";
+  };
+in
 python3Packages.buildPythonApplication rec {
   version = "0.49.2";
   pname = "meson";
@@ -68,7 +78,7 @@ python3Packages.buildPythonApplication rec {
 
     [host_machine]
     system = '${targetPackages.stdenv.targetPlatform.parsed.kernel.name}'
-    cpu_family = '${targetPackages.stdenv.targetPlatform.parsed.cpu.family}'
+    cpu_family = '${cpuFamilies.${targetPackages.stdenv.targetPlatform.parsed.cpu.name}}'
     cpu = '${targetPackages.stdenv.targetPlatform.parsed.cpu.name}'
     endian = ${if targetPackages.stdenv.targetPlatform.isLittleEndian then "'little'" else "'big'"}
   '';

From 418c3e11235460aa74ed9bc19810e72b7bc663d4 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Tue, 21 May 2019 21:02:37 -0400
Subject: [PATCH 47/48] meson: Adds more binaries, needed for systemd-boot

---
 pkgs/development/tools/build-managers/meson/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix
index 3ae7df0ed82..638fd2eaa43 100644
--- a/pkgs/development/tools/build-managers/meson/default.nix
+++ b/pkgs/development/tools/build-managers/meson/default.nix
@@ -72,6 +72,8 @@ python3Packages.buildPythonApplication rec {
     ar = '${targetPackages.stdenv.cc.bintools.targetPrefix}ar'
     strip = '${targetPackages.stdenv.cc.bintools.targetPrefix}strip'
     pkgconfig = 'pkg-config'
+    ld = '${targetPackages.stdenv.cc.targetPrefix}ld'
+    objcopy = '${targetPackages.stdenv.cc.targetPrefix}objcopy'
 
     [properties]
     needs_exe_wrapper = true

From cc058156bdd69fd2b4adaaaa4007930a2b7c4855 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Tue, 21 May 2019 21:03:35 -0400
Subject: [PATCH 48/48] systemd: Enables systemd-boot for ARM platforms

---
 pkgs/os-specific/linux/systemd/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 9d95269daa9..84890b56916 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -96,7 +96,7 @@ in stdenv.mkDerivation rec {
     "-Dsystem-gid-max=499"
     # "-Dtime-epoch=1"
 
-    (if stdenv.isAarch32 || stdenv.isAarch64 || !stdenv.hostPlatform.isEfi then "-Dgnu-efi=false" else "-Dgnu-efi=true")
+    (if !stdenv.hostPlatform.isEfi then "-Dgnu-efi=false" else "-Dgnu-efi=true")
     "-Defi-libdir=${toString gnu-efi}/lib"
     "-Defi-includedir=${toString gnu-efi}/include/efi"
     "-Defi-ldsdir=${toString gnu-efi}/lib"