(Cherry-picked from 173f41cf0bc618f0b2c313b1915fee8d8a6d0ee2.)

Some patches dropped, as they seemed included.

(cherry picked from commit 920a734a153b767c31d661959437515c4d2a17ed)
Signed-off-by: Domen Kožar <domen@dev.si>

(cherry picked from commit 95aa6a9afa40ed71f0d7e5cfc08c68a2e0d7c4f6)

Otherwise, when switching from systemd 203 to 212, you get errors like:

Failed to stop remote-fs.target: Bad message
Failed to stop systemd-udevd-control.socket: Bad message
...

(cherry picked from commit 56b4b841ae45c9fb512096852d06410e7ebe45d2)

(cherry picked from commit 37e6e08cdee082d9f60ab2900c960f2f594933a0)

(cherry picked from commit fa1a46a01cab1e6c0c594ced17dedf68b0cd39a7)

(cherry picked from commit a8aa9f3fd4e6a6e53be4dc8429f4bf876715cda7)

(cherry picked from commit 3f15f8b703f8737117f7364bb2c4de3f48de4ff0)

This reverts commit 70b398dc684eea6730b19abd03b56841f0a9cc51.
Fixes eval.

Signed-off-by: Domen Kožar <domen@dev.si>

Signed-off-by: Domen Kožar <domen@dev.si>

Signed-off-by: Domen Kožar <domen@dev.si>

(cherry picked from commit c3c045c59d52e0282eb89d3a50b8d016d658ee61)

Conflicts:
pkgs/top-level/all-packages.nix

(cherry picked from commit a4ebaa61e426b3a9c2625be37cfb4828a64a30d6)

Conflicts:
pkgs/tools/networking/dd-agent/default.nix

Signed-off-by: Domen Kožar <domen@dev.si>

Conflicts:
pkgs/servers/monitoring/munin/default.nix

Unfortunately github's *.patch URIs contain version of git generating them,
which changes from time to time. It seems that *.diff doesn't suffer from that.

(cherry picked from commit c814dab2eeb97c15f4a309e69435988fc3e65c6a)

Conflicts:
pkgs/development/libraries/libarchive/default.nix

As reported by Kirill Elagin, read_file doesn't chomp its output. So
the equality tests on PCI/USB vendor and device IDs were failing.

(cherry picked from commit caf98828bb2f8d40448ca3a6782b881a0f2cec58)

CVE-2014-0160, CVE-2014-0076

Signed-off-by: Domen Kožar <domen@dev.si>

This reverts commit 0194a44d63c613065bb5c55d50470881c00563c2 because
it breaks udisks on 13.10 (e.g. running "udisks --enumerate" will
print "Unit udisks.service failed to load").

(cherry picked from commit 0fd5a3af0c2fd71dc05ed04738b4527cc1dccdca)

- longterm: 3.4 skipped due to iwlwifi
- longterm: -> 3.10.35
- longterm: -> 3.12.15
- stable: not present in release-13.10

Signed-off-by: Austin Seipp <aseipp@pobox.com>
(cherry picked from commit 19bc051ca11be6abef4bc7ca705a9faa56c356e7)

Conflicts:
pkgs/os-specific/linux/kernel/linux-3.10.nix
pkgs/os-specific/linux/kernel/linux-3.12.nix
pkgs/os-specific/linux/kernel/linux-3.4.nix
pkgs/os-specific/linux/kernel/linux-3.9.nix

(cherry picked from commit e50a76a4693a9f64c028e47c336b68cf36a50e7b)

I was lazy to do any backporting, so I took the expression from master.
It looked like there were some more CVEs fixed in between.

Conflicts:
pkgs/tools/networking/openssh/default.nix

(cherry picked from commit 14cd8bc24874b33e87ec08ddb6d47502e76f17b0)

(cherry picked from commit 8951be2d805cfb03b98900530a0bdb64146111a0)

(cherry picked from commit 33cb0bbb4b18ae1c1a5762b9f9f3f46c7008d7fd)

This ensures that nscd can find the NSS modules.

Fixes #1248.

(cherry picked from commit 953f12995be933fb2c1efe314299556e4178e26e)

In particular, complain if two modules define the same systemd option.

(cherry picked from commit 5620e69b5dfce29f1759ec653d0f26745239f2af)

(cherry picked from commit 58857096fb679848730892d3f939be471e185cd1)

Conflicts (release contained even older version):
pkgs/tools/misc/file/default.nix

(cherry picked from commit 271de86a94cf7eb5366c2166eb8c11a854d86a7c)

(cherry picked from commit 9332d9ed5c0c5ae2ad2bf47a5f67442a11ac9c1f)

(cherry picked from commit 51d35d5028ab334a705e356f1e08b3de2829fd32)

(cherry picked from commit ffc30918118dca407016b9716da6d682303b4712)

3.4.83 breaks iwlwifi, see https://lkml.org/lkml/2014/3/12/420.

http://hydra.nixos.org/build/9595928
(cherry picked from commit 26a868139ec2e582a8dd678676eed4d665b584f5)

Potentially fixes CVE-2012-0031, CVE-2012-0053, CVE-2012-0883,
CVE-2012-2687, CVE-2012-3499, CVE-2012-4558, CVE-2013-1862,
CVE-2013-1896, CVE-2013-2249, CVE-2013-1034, CVE-2013-5143.

(cherry picked from commit 2ea4ec798bd289328aeb164024fb8edf9a9593a4)

Conflicts (auto-solved):
pkgs/servers/monitoring/zabbix/2.2.nix

(cherry picked from commit b0c23548095f464fbb4bae866300c1446e9720e2)

Conflicts (more updates instead of just one):
pkgs/servers/dns/bind/default.nix

(cherry picked from commit be58c4f9e484d054311ac062727c95690d24874b)

(cherry picked from commit 76822ea4d5982e4d247f1c90f00577c5b47854f0)

I suppose it's better to have patched untested version than the other way.

(cherry picked from commit c2cd9852acdea18f5ed425b17e2db4307cbb0319)

CVE-2014-0092

Unfortunately, 3.2.12 doesn't pass the tests with Guile bindings
enabled, so I've turned them off in the default build.

(cherry picked from commit 738a5321bcd89452f65df19057367ce004402693)

Conflicts:
pkgs/development/libraries/gnutls/3.2.nix
pkgs/top-level/all-packages.nix

Also add pkgconfig to inputs, as it was looked for by cmake.
Dependent packages seem to build fine.

(cherry picked from commit a13200352a15fd35db4cebf90d724230d310809b)

Fixes CVE-2014-{1947,1958,2030}.

(cherry picked from commit 5d14048867ccc4a05b86875573e64a66c4382144)

(cherry picked from commit 0ffbfd38bfe820579ac4c8ed37676813179e2608)

Also systemd unit is now installed.
Thanks to nixpkgs monitor again, as for all my CVE commits.

(cherry picked from commit 344f2e6518ebcc1d07cff19df49ed2f960680087)

(cherry picked from commit f5464c298232c179508ee77ff35a187393c71264)

(cherry picked from commit 09c14cd8aa7df29d5c752f650710b0928fce0317)