(cherry picked from commit 6380be302a5da1f5200968cd358e93fa64cdc996)

(cherry picked from commit 40f3faedbdeecc21ddc784019433e20e0dd82453)

(cherry picked from commit a045b050dcc321bc21b0475b9dfc44cea1a1a350)

(cherry picked from commit 51fcafe7797c9140da3c66ed8f7e76661ea60303)

[20.03] openvswitch 2.12.0 -> 2.13.0

[20.03] ACME test cleanups

The resolver is mainly useful for the ACME server, and acme.nix uses its
own DNS server to test DNS-01 challenges.

(cherry picked from commit 21f183a3fe4eddbbb418cc1ee37a9f86526f675a)

(cherry picked from commit 695fd78ac45763b02ae4c68abda28974bb72c96b)

Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:

* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}

The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).

[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242

Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
(cherry picked from commit d0f04c1623ae74f256ff5ced77ac78c7fe3b6abc)

This was added in aade4e577bbb27f044217c51a006ab6ba544ebb5, but the
implementation of the ACME module has been entirely rewritten since
then, and the test seems to run fine on AArch64.

(cherry picked from commit 352e30df8a38b1b673c19de817fedca7d3d95d71)

This lets us get early warning about any bugs or backwards-compatibility
hazards in lego.

Pebble will default to this in the future, but doesn't currently;
see https://github.com/letsencrypt/pebble/blob/v2.3.0/README.md#strict-mode.

(cherry picked from commit e6d5e83cf10f8d6d900c53f8b29399e3619434c7)

Also add myself to maintainers and correct meta.homepage.

(cherry picked from commit 6285d5eabda26d0e696a328bcc9b8bf33dea1b3a)

(cherry picked from commit c8523fe0038739ddee2aa653b1927e219830c78b)

nixos/acme: Fix postRun in acme certificate being ran at every run

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>

Update the release documentation

vscode, vscodium: 1.44.0 -> 1.44.1

(cherry picked from commit 8e88b8dce2826d4b3a55c9ac182574a69caf26a2)

ZHF: #80379

It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not.

https://github.com/grocy/grocy/releases/tag/v2.7.1
(cherry picked from commit 135ae45d24e4dfe177c8511ce76815e21c6108cd)

https://github.com/neomutt/neomutt/releases/tag/20200417

To fix the tests, I had to copy the recently created
`neomutt-test-files`[1] repository into the build-environment.

Also applied a patch from master[2] which ensures that the
`change-folder` macro actually switches to the specified folder.

[1] https://github.com/neomutt/neomutt-test-files
[2] https://github.com/neomutt/neomutt/commit/9e7537caddb9c6adc720bb3322a7512cf51ab025

(cherry picked from commit 192485f8fab8bd7dce972ff46aa5d8012d5adc09)

(cherry picked from commit 45cc3c986d0a8cc6523f6e1085536de1f6d02aca)

paperwork: unmark as broken

[20.03] flashplayer: 32.0.0.330 -> 32.0.0.363

The patch phase runs after the build phase. Which means than when
using an override to override both 'conf' and 'patches' to provide
a custom config file and apply some patches, it doesn't work:
- first the patches applied (optionally changing config.def.h)
- then preBuild is run which overrides config.def.h with the user
supplied one (effectively cancelling previously applied patches)

By copying the config file in the prePatch phase instead, changes
are kept and applied in order.

(cherry picked from commit b584941ab9b5df164adc4584c3ab21da681a01db)

(cherry picked from commit e341107367f77c6b961afd1e6b6de274d1b89dd5)

(cherry picked from commit d9258d33be5b46ff2661580707f8e46195b61bcc)

(cherry picked from commit ee6f5a32bb090ddacee9f40056a5598b2f10480a)

(cherry picked from commit 4fd1f49ea47148bb423c4de13f21e5b7ead9ecb4)

(cherry picked from commit 4a129e6a3205e9fd7ea9a2cd7c65a90d2b4f0f71)

treewide: mark broken packages for 20.03

(cherry picked from commit e61c924adba64110802dc22f2f4d8617aa98b1b3)

https://github.com/google/evcxr/blob/582ce09f216d4812f7d152f6eedf0b034fc4dbbd/RELEASE_NOTES.md#version-051
(cherry picked from commit cd5bc89cca1b5fc0cc6064454b455af9518f549e)

(cherry picked from commit d4659dece27b9aa5096091b46a11b3280689c897)

(cherry picked from commit 5e124e5abd53108b3f21f9f7a1ec56db002fee4f)

(cherry picked from commit ef80b6324b9c387256027159796f4f5adbfffe6a)

(cherry picked from commit 6f6c08af30ceafe36580205e829321b763e04af3)

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

This update includes 1 security fix.

CVEs: CVE-2020-6457
(cherry picked from commit ef2c3ab20e315aeb05a9811ae395f5a04be714c2)
Backport of #85360.

(cherry picked from commit 16477d764f375ef7b81acbfd13189299ff67f233)

(cherry picked from commit ac374d41c816f7365a3945e657d2beba3962587d)

Backported 32.0.0.363 to release 20.03 for important bug fixes.

Also needed because old upstream release is no longer available.

These values were incorrect. We need to use NIX_LDFLAGS, not
NIX_LD_FLAGS. Also need to prefix all flags with -Wl, for GCC to
accept it.

(cherry picked from commit 184cd9f6ff4294881c51fa5958e7d093e3aa0a1b)

[20.03] node-problem-detector: init at 0.8.1

Fixes #84976.

(cherry picked from commit 91c6809946438a935714e85e510399b494994c6b)

v2.25.3 addresses CVE-2020-5260. /cc roundup #75974.

See https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/

[20.03] signal-desktop: 1.33.0 -> 1.33.1 (backport)

Package is missing, built from Golang sources on GitHub.

(cherry picked from commit 511cb624b79e859cbf7f463e3e55112ad0bdcf24)

[20.03] Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"

(cherry picked from commit 56f7c93a2fcd325506a6bfa7bf8e9faa2a2c7530)

(cherry picked from commit 05cc2b1f514da3e5337595c5bbaee7d6681f9585)

Closes #85327

(cherry picked from commit 74d6e86ec2513aeb7624dd7a9fc731b635cd9d82)

This reverts commit 5532065d0690645f0a813fed6e68163b0f4774d4.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.

(cherry picked from commit dd14ee840c66497ad3ae5c6b9874ea6f11942171)

(cherry picked from commit d44b9d302802e9352a03a885df465addfc1336d4)

https://github.com/elementary/pantheon-agent-geoclue2/releases/tag/1.0.4
(cherry picked from commit 7eb0a87ace53fdd9065d657ae7637a7343b131d6)