From 07c40561791fc72fd2fc3e97aa490cd54a9b2d93 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Wed, 23 Dec 2020 01:42:11 +0100
Subject: [PATCH 1/7] gnats: format hardened flag isn't supported
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When invoking a simple Ada program with `gcc` from `gnats10`, the
following warnings are shown:

```
$ gcc -c conftest.adb
gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada
$ echo $?
0
```

This is only spammy when compiling Ada programs inside a Nix derivation,
but certain configure scripts (such as the ./configure script from the
gcc that's built by coreboot's `make crossgcc` command) fail entirely
when getting that warning output.

https://nixos.wiki/wiki/Coreboot currently suggests manually running

> NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc

… but actually teaching the nixpkgs-provided cc wrapper that `format`
isn't supported as a hardening flag seems to be the more canonical way
to do this in nixpgks.

After this, Ada programs still compile:

```
$ gcc -c conftest.adb
$ echo $?
0
```

And the compiler output is empty.
---
 pkgs/build-support/cc-wrapper/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix
index 09cef8b8678d..85d71996b397 100644
--- a/pkgs/build-support/cc-wrapper/default.nix
+++ b/pkgs/build-support/cc-wrapper/default.nix
@@ -437,7 +437,7 @@ stdenv.mkDerivation {
     '' + optionalString targetPlatform.isNetBSD ''
       hardening_unsupported_flags+=" stackprotector fortify"
     '' + optionalString cc.langAda or false ''
-      hardening_unsupported_flags+=" stackprotector strictoverflow"
+      hardening_unsupported_flags+=" format stackprotector strictoverflow"
     '' + optionalString cc.langD or false ''
       hardening_unsupported_flags+=" format"
     '' + optionalString targetPlatform.isWasm ''

From 7262fb6878d6e7bae3ea472d8242f840122ae7ed Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Wed, 23 Dec 2020 17:26:52 +0200
Subject: [PATCH 2/7] imapfilter: 2.6.16 -> 2.7.5

---
 .../applications/networking/mailreaders/imapfilter.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/networking/mailreaders/imapfilter.nix b/pkgs/applications/networking/mailreaders/imapfilter.nix
index b677d82dce47..8423beec4687 100644
--- a/pkgs/applications/networking/mailreaders/imapfilter.nix
+++ b/pkgs/applications/networking/mailreaders/imapfilter.nix
@@ -1,27 +1,27 @@
-{ stdenv, fetchFromGitHub, openssl, lua, pcre }:
+{ stdenv, fetchFromGitHub, openssl, lua, pcre2 }:
 
 stdenv.mkDerivation rec {
   pname = "imapfilter";
-  version = "2.6.16";
+  version = "2.7.5";
 
   src = fetchFromGitHub {
     owner = "lefcha";
     repo = "imapfilter";
     rev = "v${version}";
-    sha256 = "0f65sg6hhv6778fxwsz4hvarbm97dsb8jj0mg7a9qs273r35pqck";
+    sha256 = "nbVwbPkNbJz4GHhvOp+QVgiBqKA/HR34p4x3NXJB7ig=";
   };
   makeFlags = [
     "SSLCAFILE=/etc/ssl/certs/ca-bundle.crt"
     "PREFIX=$(out)"
   ];
 
-  propagatedBuildInputs = [ openssl pcre lua ];
+  buildInputs = [ openssl pcre2 lua ];
 
   meta = {
     homepage = "https://github.com/lefcha/imapfilter";
     description = "Mail filtering utility";
     license = stdenv.lib.licenses.mit;
     platforms = stdenv.lib.platforms.unix;
-    maintainers = with stdenv.lib.maintainers; [ ];
+    maintainers = with stdenv.lib.maintainers; [ doronbehar ];
   };
 }

From ed0c68df46de55925730343119a23d6f53ab7d71 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Wed, 23 Dec 2020 21:22:53 +0000
Subject: [PATCH 3/7] python37Packages.zstd: 1.4.5.1 -> 1.4.8.1

---
 pkgs/development/python-modules/zstd/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/zstd/default.nix b/pkgs/development/python-modules/zstd/default.nix
index d57416ac18a4..95626c802bad 100644
--- a/pkgs/development/python-modules/zstd/default.nix
+++ b/pkgs/development/python-modules/zstd/default.nix
@@ -4,11 +4,11 @@
 
 buildPythonPackage rec {
   pname = "zstd";
-  version = "1.4.5.1";
+  version = "1.4.8.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "2a1806d625bd2d8944ead4b3018fc6444a31467fa09935e9c1d4296275f024c6";
+    sha256 = "b62b21eb850abd6b8c0046bfc1c5c773c873eeb94f1904ef1ff304e98b62b80e";
   };
 
   postPatch = ''

From 466759ff2751a386bc77bf80fcb217c0bcbe05c5 Mon Sep 17 00:00:00 2001
From: Mario Rodas <marsam@users.noreply.github.com>
Date: Wed, 23 Dec 2020 04:20:00 +0000
Subject: [PATCH 4/7] libnice: 0.1.16 -> 0.1.18

---
 pkgs/development/libraries/libnice/default.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/libnice/default.nix b/pkgs/development/libraries/libnice/default.nix
index d2333ac0ca59..e7b01ca29cb1 100644
--- a/pkgs/development/libraries/libnice/default.nix
+++ b/pkgs/development/libraries/libnice/default.nix
@@ -16,13 +16,14 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "libnice-0.1.16";
+  pname = "libnice";
+  version = "0.1.18";
 
   outputs = [ "bin" "out" "dev" "devdoc" ];
 
   src = fetchurl {
-    url = "https://nice.freedesktop.org/releases/${name}.tar.gz";
-    sha256 = "1pzgxq0qrqlrhd78qnvpfgp8bl5c4znqh599ljaybpcldw37idh6";
+    url = "https://libnice.freedesktop.org/releases/${pname}-${version}.tar.gz";
+    sha256 = "1x3kj9b3dy9m2h6j96wgywfamas1j8k2ca43k5v82kmml9dx5asy";
   };
 
   patches = [
@@ -77,7 +78,7 @@ stdenv.mkDerivation rec {
 
       It provides a GLib-based library, libnice and a Glib-free library,
       libstun as well as GStreamer elements.'';
-    homepage = "https://nice.freedesktop.org/wiki/";
+    homepage = "https://libnice.freedesktop.org/";
     platforms = platforms.linux;
     license = with licenses; [ lgpl21 mpl11 ];
   };

From fe23bdaecbc20885a7139ca26d4a4e4ce23dc334 Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Wed, 23 Dec 2020 20:03:11 -0500
Subject: [PATCH 5/7] alsaLib: 1.2.3 -> 1.2.4

---
 pkgs/os-specific/linux/alsa-lib/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix
index 3c5427340baf..b1d85f2674cb 100644
--- a/pkgs/os-specific/linux/alsa-lib/default.nix
+++ b/pkgs/os-specific/linux/alsa-lib/default.nix
@@ -1,11 +1,12 @@
 { stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }:
 
 stdenv.mkDerivation rec {
-  name = "alsa-lib-1.2.3";
+  pname = "alsa-lib";
+  version = "1.2.4";
 
   src = fetchurl {
-    url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "13k7dx1g749z74rz71hs5j8z0pqdjgx7l69pn0vsy7jizhi0kw02";
+    url = "mirror://alsa/lib/${pname}-${version}.tar.bz2";
+    sha256 = "sha256-91VL4aVs3/RotY/BwpuVtkhkxZADjdMJx6l4xxFpCPc=";
   };
 
   patches = [

From 72f71e907135f250b656090eeb70d9f95f8e653d Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Wed, 23 Dec 2020 20:08:23 -0500
Subject: [PATCH 6/7] alsa-firmware: 1.2.1 -> 1.2.4

---
 pkgs/os-specific/linux/alsa-firmware/default.nix | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/pkgs/os-specific/linux/alsa-firmware/default.nix b/pkgs/os-specific/linux/alsa-firmware/default.nix
index 01955534bfc7..53b3126705ca 100644
--- a/pkgs/os-specific/linux/alsa-firmware/default.nix
+++ b/pkgs/os-specific/linux/alsa-firmware/default.nix
@@ -1,18 +1,13 @@
 { stdenv, buildPackages, autoreconfHook, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
-  name = "alsa-firmware-1.2.1";
+  name = "alsa-firmware-1.2.4";
 
   src = fetchurl {
     url = "mirror://alsa/firmware/${name}.tar.bz2";
-    sha256 = "1aq8z8ajpjvcx7bwhwp36bh5idzximyn77ygk3ifs0my3mbpr8mf";
+    sha256 = "sha256-tnttfQi8/CR+9v8KuIqZwYgwWjz1euLf0LzZpbNs1bs=";
   };
 
-  patches = [ (fetchpatch {
-    url = "https://github.com/alsa-project/alsa-firmware/commit/a8a478485a999ff9e4a8d8098107d3b946b70288.patch";
-    sha256 = "0zd7vrgz00hn02va5bkv7qj2395a1rl6f8jq1mwbryxs7hiysb78";
-  }) ];
-
   nativeBuildInputs = [ autoreconfHook buildPackages.stdenv.cc ];
 
   configureFlags = [

From e24bf9062b4b23f4c11f57399d11ad73c86e0828 Mon Sep 17 00:00:00 2001
From: upkeep-bot <foo@bar.com>
Date: Thu, 17 Dec 2020 00:22:31 +0000
Subject: [PATCH 7/7] vscode: 1.51.1 -> 1.52.1

---
 pkgs/applications/editors/vscode/vscode.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix
index 70f621177105..8f04e6b17861 100644
--- a/pkgs/applications/editors/vscode/vscode.nix
+++ b/pkgs/applications/editors/vscode/vscode.nix
@@ -11,8 +11,8 @@ let
   archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
 
   sha256 = {
-    x86_64-linux = "0yv6584y4idkl9vvmpxj5ix5brshm1vadiwf7ima84snm0fipb0n";
-    x86_64-darwin = "0igndxkwkxyjc9rkf9hbj8903hvfv7ab41q0s3gw8w5qh4b8s48x";
+    x86_64-linux = "1kbjbqb03yapz7067q589gaa7d6cqaipj7hmp1l3nh0bmggzsc4c";
+    x86_64-darwin = "1qgadm52c5lzkvgvqrz0n8brm4qbjg8hf1dk6a2ynqhqjxcwbj4r";
   }.${system};
 in
   callPackage ./generic.nix rec {
@@ -21,7 +21,7 @@ in
 
     # Please backport all compatible updates to the stable release.
     # This is important for the extension ecosystem.
-    version = "1.51.1";
+    version = "1.52.1";
     pname = "vscode";
 
     executableName = "code" + lib.optionalString isInsiders "-insiders";