From a69a7c2217c03b9cfe319f904f8cd61a5d72dd5e Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 19 Jun 2021 08:44:07 +0000
Subject: [PATCH 1/6] hugo: 0.83.1 -> 0.84.0

(cherry picked from commit 6a5010cfb85088e24aca330ceb9512879a480173)
---
 pkgs/applications/misc/hugo/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/hugo/default.nix b/pkgs/applications/misc/hugo/default.nix
index b8ea6b83b90..9834e91309d 100644
--- a/pkgs/applications/misc/hugo/default.nix
+++ b/pkgs/applications/misc/hugo/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "hugo";
-  version = "0.83.1";
+  version = "0.84.0";
 
   src = fetchFromGitHub {
     owner = "gohugoio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-c9T3a6J78uLumBTy/DgE4gbxCmEXVGKd9JyF9dyrL6g=";
+    sha256 = "sha256-BRp4iboiaoB6zFwleFSJ7oVAd3o6OiR5BB4VRQilExc=";
   };
 
-  vendorSha256 = "sha256-ddCyMmZ5RIZWzT2RYNnSW795oR7PIRudl3QTjsXtBGk=";
+  vendorSha256 = "sha256-jY/g92ON5OxjuZzPHJNduXYMgPU8/0ioAYvp4iqjGnU=";
 
   doCheck = false;
 

From be870d6d3abec1738bbc76290767f4ae2bf2912e Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Fri, 25 Jun 2021 12:40:38 +0000
Subject: [PATCH 2/6] hugo: 0.84.0 -> 0.84.1

(cherry picked from commit c20a18093742134137b583fe66cec77823e30420)
---
 pkgs/applications/misc/hugo/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/misc/hugo/default.nix b/pkgs/applications/misc/hugo/default.nix
index 9834e91309d..bf5fe070cbf 100644
--- a/pkgs/applications/misc/hugo/default.nix
+++ b/pkgs/applications/misc/hugo/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "hugo";
-  version = "0.84.0";
+  version = "0.84.1";
 
   src = fetchFromGitHub {
     owner = "gohugoio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-BRp4iboiaoB6zFwleFSJ7oVAd3o6OiR5BB4VRQilExc=";
+    sha256 = "sha256-ULZa0tepq00v2VHDR3+aYYvRfbxYKcjcltRgRmbVmRA=";
   };
 
   vendorSha256 = "sha256-jY/g92ON5OxjuZzPHJNduXYMgPU8/0ioAYvp4iqjGnU=";

From b4ec6596aacbf054118d408904467f10d10e115f Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 20 Jul 2021 14:46:26 +0200
Subject: [PATCH 3/6] taskwarrior: Remove space from URL

(cherry picked from commit fc125d06bc210c077169c8607d997e3f90853902)
---
 pkgs/applications/misc/taskwarrior/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/misc/taskwarrior/default.nix b/pkgs/applications/misc/taskwarrior/default.nix
index ee781c75e69..812c9b72f99 100644
--- a/pkgs/applications/misc/taskwarrior/default.nix
+++ b/pkgs/applications/misc/taskwarrior/default.nix
@@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
 
   srcs = [
     (fetchurl {
-      url = " https://github.com/GothenburgBitFactory/taskwarrior/releases/download/v${version}/${sourceRoot}.tar.gz";
+      url = "https://github.com/GothenburgBitFactory/taskwarrior/releases/download/v${version}/${sourceRoot}.tar.gz";
       sha256 = "0fwnxshhlha21hlgg5z1ad01w13zm1hlmncs274y5n8i15gdfhvj";
     })
     (fetchurl {

From f05736ab580e371a627caa175876eed81fdac8a8 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 20 Jul 2021 14:48:00 +0200
Subject: [PATCH 4/6] warrant: Remove space from URL

(cherry picked from commit 21b39527bfc5b718c798bb41df5b85b1f0de034c)
---
 pkgs/development/python-modules/warrant/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/python-modules/warrant/default.nix b/pkgs/development/python-modules/warrant/default.nix
index a4bbee43d01..8da1cf55b54 100644
--- a/pkgs/development/python-modules/warrant/default.nix
+++ b/pkgs/development/python-modules/warrant/default.nix
@@ -17,7 +17,7 @@ buildPythonPackage {
   patches = [
     (fetchpatch {
       name = "fix-pip10-compat.patch";
-      url = " https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch";
+      url = "https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch";
       sha256 = "1lvqi2qfa3kxdz05ab2lc7xnd3piyvvnz9kla2jl4pchi876z17c";
     })
   ];

From 10e32cce2aeb8258231b2f171b916206074d5a43 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 20 Jul 2021 14:48:50 +0200
Subject: [PATCH 5/6] copy-tarballs.pl: Handle SRI hashes

This should fix

  Jul 20 07:16:12 bastion mirror-tarballs-start[21663]: Use of uninitialized value $algo in concatenation (.) or string at ./maintainers/scripts/copy-tarballs.pl line 80.
  Jul 20 07:16:12 bastion mirror-tarballs-start[21663]: Use of uninitialized value in subroutine entry at ./maintainers/scripts/copy-tarballs.pl line 185.
  Jul 20 07:16:13 bastion mirror-tarballs-start[21663]: error: unknown hash algorithm '' at ./maintainers/scripts/copy-tarballs.pl line 185.

(cherry picked from commit c48be3c17d2754d396790fb30405d625a562d1a5)
---
 maintainers/scripts/copy-tarballs.pl | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/maintainers/scripts/copy-tarballs.pl b/maintainers/scripts/copy-tarballs.pl
index 59696a4432d..6a08eb88bf8 100755
--- a/maintainers/scripts/copy-tarballs.pl
+++ b/maintainers/scripts/copy-tarballs.pl
@@ -165,6 +165,20 @@ elsif (defined $expr) {
         my $hash = $fetch->{hash};
         my $name = $fetch->{name};
 
+        if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) {
+            $algo = $1;
+            $hash = `nix hash to-base16 $hash` or die;
+            chomp $hash;
+        }
+
+        next unless $algo =~ /^[a-z0-9]+$/;
+
+        # Convert non-SRI base-64 to base-16.
+        if ($hash =~ /^[A-Za-z0-9+\/=]+$/) {
+            $hash = `nix hash to-base16 --type '$algo' $hash` or die;
+            chomp $hash;
+        }
+
         if (defined $ENV{DEBUG}) {
             print "$url $algo $hash\n";
             next;
@@ -184,7 +198,7 @@ elsif (defined $expr) {
 
         my $storePath = makeFixedOutputPath(0, $algo, $hash, $name);
 
-        print STDERR "mirroring $url ($storePath)...\n";
+        print STDERR "mirroring $url ($storePath, $algo, $hash)...\n";
 
         if ($dryRun) {
             $mirrored++;

From f3414d7d2b4d4014fbca6f28c51cf2445602051d Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 18 Jul 2021 14:35:50 +0100
Subject: [PATCH 6/6] qemu: add patches for CVE-2021-3545 & CVE-2021-3546

(cherry picked from commit cddea297f28ab67d1f2bf0902bfdcc95ec29a8a0)
---
 pkgs/applications/virtualization/qemu/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 0a9de4eb10a..f5783c436f9 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -86,6 +86,16 @@ stdenv.mkDerivation rec {
   patches = [
     ./fix-qemu-ga.patch
     ./9p-ignore-noatime.patch
+    (fetchpatch {
+      name = "CVE-2021-3545.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/121841b25d72d13f8cad554363138c360f1250ea.patch";
+      sha256 = "13dgfd8dmxcalh2nvb68iv0kyv4xxrvpdqdxf1h3bjr4451glag1";
+    })
+    (fetchpatch {
+      name = "CVE-2021-3546.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch";
+      sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n";
+    })
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
     ++ optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {