(cherry picked from commit ad1e2500efd0aa49b0dc7427bf69d4879f3b0ff5)
(cherry picked from commit aec730a0af4c977513ce28236cbecaca72af6901)

Upstream changes:

* Fix ordering between systemd socket file descriptor names and rules.
* Fix usage of C library path as discovered by Meson.

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 8b7f8e2e6970f21d9f180887b91c979b41450fe8)

The new version string for jdk11 contains a '+' character, which needs
to be escaped for use in the sed command.
Fixes #95117.

(cherry picked from commit 5622b6b6feb669edc227aaf000413d5b593d4051)

[20.03] perlPackages.ImageExifTool: apply fix for CVE-2021-22204

Recent changes in the Hetzner Robot API have removed a few obsolete
fields which version 0.8.2 was still referencing and which is now fixed
in version 0.8.3.

Due to a misunderstanding on my side I haven't updated to version 0.8.3
in nixpkgs yet, which resulted in this delay.

This fixes the NixOps Hetzner backend.

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit e899b57c8aae84b5c29a2d23bd5c33cc6afab2cd)

Include instead of using fetchpatch due to boostrapping requirement.

The new configuration name for this is plural. Currently, attempting to enable ec2 SD results in a `promtool check config` error

(cherry picked from commit 8389fb8f169bf770cdadf856030bf698ff0baeec)

(cherry picked from commit d1a0eb7f0b7065dea9715f6d6d7f9c6459dd37bf)

[20.03] slurm: 19.05.7.1 -> 19.05.8.1

Addresses CVE-2020-27745 and CVE-2020-27746.

Fixes a regression on some "OEM platforms".

Relates to #104301

(cherry picked from commit 5928d667043949e3532dce3e60b05ad2d2007d51)

(cherry picked from commit 19036e0ca0605d855066a10b650815b45cd76155)

> Local privilege escalation due to race condition in creation of the Xauthority file.

Fixes: CVE-2020-28049
(cherry picked from commit faf436ea7915672835fce7a6b99576f491595d15)

[20.03] motion: fix CVE-2020-26566

[20.03] mutt: apply patch for CVE-2020-28896

mutt has improper handling of broken IMAP connections, this could result
in authentication credentials being sent over an unencrypted connection,
without $ssl_force_tls being consulted.

https://security.archlinux.org/CVE-2020-28896
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a

[20.03] thunderbird, thunderbird-bin: 78.4.0 -> 78.5.0 [High security fixes]

(cherry picked from commit ebb3d1a9a49b1b5b3eac8911b7eb3bd48870098a)

without master's fix in #83888, opencv3 & opencv4 end up with an 8-byte
openblas, which it does work with. however this causes the python
bindings to also end up with an 8-byte openblas, which numpy doesn't work
with. force 4-byte openblas for opencv.

(cherry picked from commit 19682545d91b4589544fe2f040320dbe7e28a66f)

(cherry picked from commit 52f5b947f6c4471de8f2e3659a9790bf7e4c777c)

(cherry picked from commit 205652e31afac6eed2e1fc40ceaa0270dd2cc601)

(cherry picked from commit ec5fc9b7a4077c167fcc71812fbac4b04bebdf88)

(cherry picked from commit bd03a75f6f59f76f0e72d71135eb95bde3ffb683)

(cherry picked from commit d19906002f6935c358bf8d925b1cb8c8195bb8bf)

(cherry picked from commit 00213ef17f8bc35aae3227012256713d17b1d0d8)
(with modification)

(cherry picked from commit 33a3ac31693030f0942a960ec0cc411f5a5b0dbe)

Merge staging-20.03 into release-20.03

See https://github.com/neomutt/neomutt/releases/tag/20201120 &
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896 for
further information.

It seems as `neomutt` (and also `mutt`) had an improper handling of
broken IMAP connections and thus a risk of leaking sensitive
information. The relevant patch can be found at
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06

balsa: 2.5.9 -> 2.5.11 [20.03]

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This update includes 33 security fixes.

CVEs:
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021
CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027
CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2019-8075
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16012 CVE-2020-16036

Note: We'll finally build with use_ozone=true on Hydra now :) \o/
(cherry picked from commit 54673b1f3b4fef504f9057bd5b8fdc22f714ea6a)
Backport of #104100.

Fixes: CVE-2020-25692, CVE-2020-25709, CVE-2020-25710