NixOS · Jan 30, 2019 · Jan 30, 2019 · Feb 2, 2019 · Feb 2, 2019 · Feb 2, 2019
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -78,6 +78,7 @@
   ./misc/version.nix
   ./programs/adb.nix
   ./programs/atop.nix
+  ./programs/autojump.nix
   ./programs/bash/bash.nix
   ./programs/bcc.nix
   ./programs/blcr.nix

diff --git a/nixos/modules/programs/autojump.nix b/nixos/modules/programs/autojump.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.autojump;
+  prg = config.programs;
+in
+{
+  options = {
+    programs.autojump = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable autojump.
+        '';
+      };
+    };
+  }; 
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    environment.pathsToLink = [ "/share/autojump" ];
+    environment.systemPackages = [ pkgs.autojump ];
+
+    programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash"; 
+    programs.zsh.interactiveShellInit = mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh";
+    programs.fish.interactiveShellInit = mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish";
+  };
+}
diff --git a/pkgs/applications/editors/vscode/default.nix b/pkgs/applications/editors/vscode/default.nix
@@ -16,16 +16,16 @@ let
   }.${system};
 
   sha256 = {
-    "i686-linux" = "09mgvff27iljj9z7h0xxmr6152hcxh7qqxl3i7wdc55ra1rsjq1n";
-    "x86_64-linux" = "1gvlvg3cjsscx6khy5gxd4wnb069kska00qdfwcq4kn7x1z04xnz";
-    "x86_64-darwin" = "1mf9nyjnxgmzai7rfd1rkwk0wvil0ripg3mh8icg4mld2jjz8rsy";
+    "i686-linux" = "04kbx1cx40lsy9irxy1arp1rixzk49ldhg34w3llmfbx63a4hchf";
+    "x86_64-linux" = "1plvx0mjcbizl6iffib95p5224r9frf0mn6c5xp14p3qnrp32jhm";
+    "x86_64-darwin" = "14h9gs6jpxydgd1h16ybq3ifw5jc7k83yg22pw3sk6vhy7hx7pxr";
   }.${system};
 
   archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
 in
   stdenv.mkDerivation rec {
     name = "vscode-${version}";
-    version = "1.31.0";
+    version = "1.31.1";
 
     src = fetchurl {
       name = "VSCode_${version}_${plat}.${archive_fmt}";
@@ -94,7 +94,7 @@ in
         and code refactoring. It is also customizable, so users can change the
         editor's theme, keyboard shortcuts, and preferences
       '';
-      homepage = http://code.visualstudio.com/;
+      homepage = https://code.visualstudio.com/;
       downloadPage = https://code.visualstudio.com/Updates;
       license = licenses.unfree;
       maintainers = with maintainers; [ eadwu ];

diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix
@@ -28,6 +28,9 @@ stdenv.mkDerivation rec {
 
   qmakeFlags = [ "VERSION=${version}" ];
 
+  # src/lexer.l:36:10: fatal error: parser.hxx: No such file or directory
+  enableParallelBuilding = false; # true by default due to qmake
+
   doCheck = false;
 
   meta = {

diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   beta = {
-    sha256 = "1kbcn8yzgrn41d12806bsycnw6xyjbgv4d8nk0y4x2hymg34vc2k";
-    sha256bin64 = "0irafrmz9c3s8bdkqkwhj96v090ynvvbs50qzcdmidw8iqh2x1f8";
-    version = "73.0.3683.27";
+    sha256 = "0gd426a9xcgs8a9286gavziysq6fw1ilaifsna396dbdm8b571wi";
+    sha256bin64 = "05p20l0969rppbyn7965k78ccynng47rg7d7h7piqiwnm6ffg9yx";
+    version = "73.0.3683.39";
   };
   dev = {
-    sha256 = "0gyzil473kn7mqpa1dp3pai0x7vk8rw2bkqr3z0p33fx2g7b7y5s";
-    sha256bin64 = "1clr6xr08mmzmi71jy5ri4b2cp4qaf5apynbd9gnrp6qiy04rmn2";
-    version = "73.0.3683.20";
+    sha256 = "1yyzhw5zv803ysdj7zf0imdw9cf0mdlw30vphcb59a93nnvhkbb7";
+    sha256bin64 = "1a1dswkfc4x2rslkb899fgywv5mfrmcp1d8wxy7h034504r8gy87";
+    version = "74.0.3702.0";
   };
   stable = {
-    sha256 = "0fxavi4nwfiyb15lqm02vlq6kb8i4ipxnd7hp45bm7jdmhmgbnmj";
-    sha256bin64 = "1gz1ga8d3a4q1n6bdb79wv8ldlksvj0mlnrs5k1safwzlv11prsx";
-    version = "72.0.3626.96";
+    sha256 = "0bcc0iksk2v30drwd5zbw7v6sfbw16jqllc12ks2nifrvh058jjp";
+    sha256bin64 = "0azyhnmdg3grladpkpsv67zxqiqf5a3x9qjfj8h831kh7i7m3gy8";
+    version = "72.0.3626.109";
   };
 }
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
@@ -1,32 +1,32 @@
 {
   "ce": {
-    "version": "11.7.4",
-    "repo_hash": "0qq9snykdlpkpbznwpkv0n7bz1rsgz4z7lcjl4xkjxkf2gkf8pxp",
-    "deb_hash": "1j76jya0ydyg7v3vcdfjmcr5ir23yzdwmg9fxlirvgh74py7q85c",
-    "deb_url": "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/stretch/gitlab-ce_11.7.4-ce.0_amd64.deb/download.deb",
+    "version": "11.7.5",
+    "repo_hash": "0bbyx9zmscf9273fgypb82gw166psy7d3p7dnwb6f5r9yz7rmhbn",
+    "deb_hash": "1m6hdvrz467q33z626l9f3d5pssl0bbj2hkqy5g0b05wvdznmldy",
+    "deb_url": "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/stretch/gitlab-ce_11.7.5-ce.0_amd64.deb/download.deb",
     "owner": "gitlab-org",
     "repo": "gitlab-ce",
-    "rev": "v11.7.4",
+    "rev": "v11.7.5",
     "passthru": {
       "GITALY_SERVER_VERSION": "1.12.2",
       "GITLAB_PAGES_VERSION": "1.3.1",
       "GITLAB_SHELL_VERSION": "8.4.4",
-      "GITLAB_WORKHORSE_VERSION": "8.0.1"
+      "GITLAB_WORKHORSE_VERSION": "8.0.2"
     }
   },
   "ee": {
-    "version": "11.7.4",
-    "repo_hash": "0riqww094ylbbwb9mhjpsqhrdpxlcf6rc5p796p7x7f46p31mcjb",
-    "deb_hash": "02hnhhyrm4a3lgwnl399byka2dr5q3pjirki447373270ca93h5i",
-    "deb_url": "https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/stretch/gitlab-ee_11.7.4-ee.0_amd64.deb/download.deb",
+    "version": "11.7.5",
+    "repo_hash": "05dzvqrdgxbzsrf9rbis5m3iic04midx2arxgg3g4f78qfjxzylm",
+    "deb_hash": "1nfd68vzy3zc6a3xn5lhr83kqv9d7aaxvzv4ca9awcz4va5b33kc",
+    "deb_url": "https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/stretch/gitlab-ee_11.7.5-ee.0_amd64.deb/download.deb",
     "owner": "gitlab-org",
     "repo": "gitlab-ee",
-    "rev": "v11.7.4-ee",
+    "rev": "v11.7.5-ee",
     "passthru": {
       "GITALY_SERVER_VERSION": "1.12.2",
       "GITLAB_PAGES_VERSION": "1.3.1",
       "GITLAB_SHELL_VERSION": "8.4.4",
-      "GITLAB_WORKHORSE_VERSION": "8.0.1"
+      "GITLAB_WORKHORSE_VERSION": "8.0.2"
     }
   }
 }
diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
@@ -3,13 +3,13 @@
 stdenv.mkDerivation rec {
   name = "gitlab-workhorse-${version}";
 
-  version = "8.0.1";
+  version = "8.0.2";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-workhorse";
     rev = "v${version}";
-    sha256 = "1aslcadag1q2rdirf9m0dl5vfaz8v3yy1232mvyjyvy1wb51pf4q";
+    sha256 = "12xwr9yl59i58gnf0yn5yjp7zwz3s46042lk7rihvvzsa0kax690";
   };
 
   buildInputs = [ git go ];

diff --git a/pkgs/development/compilers/adoptopenjdk-bin/generate-sources.py b/pkgs/development/compilers/adoptopenjdk-bin/generate-sources.py
@@ -38,21 +38,15 @@ def generate_sources(release, assets):
         type_map = out.setdefault(asset["os"], {})
         impl_map = type_map.setdefault(asset["binary_type"], {})
         arch_map = impl_map.setdefault(asset["openjdk_impl"], {
-            "version": version,
-            "build": build,
             "packageType": asset["binary_type"],
             "vmType": asset["openjdk_impl"],
         })
 
-        if arch_map["version"] != version or arch_map["build"] != build:
-            print("error: architectures have different latest versions ({}+{} vs {}+{})".format(
-                arch_map["version"], arch_map["build"], version, build
-            ), file=sys.stderr)
-            sys.exit(1)
-
         arch_map[arch_to_nixos[asset["architecture"]]] = {
             "url": asset["binary_link"],
             "sha256": get_sha256(asset["checksum_link"]),
+            "version": version,
+            "build": build,
         }
 
     return out

diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix
@@ -5,13 +5,14 @@ sourcePerArch:
 , fetchurl
 }:
 
-let result = stdenv.mkDerivation rec {
+let cpuName = stdenv.hostPlatform.parsed.cpu.name;
+    result = stdenv.mkDerivation rec {
   name = if sourcePerArch.packageType == "jdk"
-    then "adoptopenjdk-${sourcePerArch.vmType}-bin-${sourcePerArch.version}"
-    else "adoptopenjdk-${sourcePerArch.packageType}-${sourcePerArch.vmType}-bin-${sourcePerArch.version}";
+    then "adoptopenjdk-${sourcePerArch.vmType}-bin-${sourcePerArch.${cpuName}.version}"
+    else "adoptopenjdk-${sourcePerArch.packageType}-${sourcePerArch.vmType}-bin-${sourcePerArch.${cpuName}.version}";
 
   src = fetchurl {
-    inherit (sourcePerArch.${stdenv.hostPlatform.parsed.cpu.name}) url sha256;
+    inherit (sourcePerArch.${cpuName}) url sha256;
   };
 
   # See: https://github.com/NixOS/patchelf/issues/10

diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix
@@ -42,15 +42,19 @@ let
     xorg.libXrender
     stdenv.cc.cc
   ]);
+
+  cpuName = stdenv.hostPlatform.parsed.cpu.name;
 in
 
 let result = stdenv.mkDerivation rec {
   name = if sourcePerArch.packageType == "jdk"
-    then "adoptopenjdk-${sourcePerArch.vmType}-bin-${sourcePerArch.version}"
-    else "adoptopenjdk-${sourcePerArch.packageType}-${sourcePerArch.vmType}-bin-${sourcePerArch.version}";
+    then "adoptopenjdk-${sourcePerArch.vmType}-bin-${version}"
+    else "adoptopenjdk-${sourcePerArch.packageType}-${sourcePerArch.vmType}-bin-${version}";
+
+  version = sourcePerArch.${cpuName}.version or (throw "unsupported CPU ${cpuName}");
 
   src = fetchurl {
-    inherit (sourcePerArch.${stdenv.hostPlatform.parsed.cpu.name}) url sha256;
+    inherit (sourcePerArch.${cpuName}) url sha256;
   };
 
   nativeBuildInputs = [ file ];

diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix
@@ -5,6 +5,5 @@ in
   jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.hotspot;
   jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.hotspot;
   jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.openj9;
-  # openj9 jre builds are currently missing: https://github.com/AdoptOpenJDK/openjdk-build/issues/796
-  #jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.openj9;
+  jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.openj9;
 }
diff --git a/pkgs/development/compilers/adoptopenjdk-bin/sources.json b/pkgs/development/compilers/adoptopenjdk-bin/sources.json
@@ -4,88 +4,102 @@
       "jdk": {
         "hotspot": {
           "aarch64": {
-            "sha256": "b66121b9a0c2e7176373e670a499b9d55344bcb326f67140ad6d0dc24d13d3e2",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.1%2B13/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.1_13.tar.gz"
+            "build": "7",
+            "sha256": "95b14e954f96185d02afda1a3ab146011076a4d97b457c9333556bd5d9263c41",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B7/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.2_7.tar.gz",
+            "version": "11.0.2"
           },
-          "build": "13",
           "packageType": "jdk",
-          "version": "11.0.1",
           "vmType": "hotspot",
           "x86_64": {
-            "sha256": "22bd2f1a2e0cb6e4075967bfeda4a960b0325879305aa739a0ba2d6e5cd4c3e2",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.1%2B13/OpenJDK11U-jdk_x64_linux_hotspot_11.0.1_13.tar.gz"
+            "build": "9",
+            "sha256": "d02089d834f7702ac1a9776d8d0d13ee174d0656cf036c6b68b9ffb71a6f610e",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.2_9.tar.gz",
+            "version": "11.0.2"
           }
         },
         "openj9": {
-          "build": "13",
           "packageType": "jdk",
-          "version": "11.0.1",
           "vmType": "openj9",
           "x86_64": {
-            "sha256": "ef9bf07cba79082285a9d426ea4eb3e8df57561ce2afe07cc5f299a8fa203279",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.1%2B13/OpenJDK11U-jdk_x64_linux_openj9_jdk-11.0.1_13_openj9-0.11.0_11.0.1_13.tar.gz"
+            "build": "9",
+            "sha256": "02de51ebe86897081f7998dd2f256e33fb8b15c70cf26715020795326cc50511",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_linux_openj9_11.0.2_9_openj9-0.12.0.tar.gz",
+            "version": "11.0.2"
           }
         }
       },
       "jre": {
         "hotspot": {
           "aarch64": {
-            "sha256": "6fd756bda392e3fddb48382460daae263c6fb5708683a691c8d30af2eb870bb8",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11%2B28/OpenJDK11-jre_aarch64_linux_hotspot_11_28.tar.gz"
+            "build": "7",
+            "sha256": "b101c86948742a5a580f94596654ef7d200f629cfc1ffdded10fb6a0cbe34c34",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B7/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.2_7.tar.gz",
+            "version": "11.0.2"
           },
-          "build": "28",
           "packageType": "jre",
-          "version": "11",
           "vmType": "hotspot",
           "x86_64": {
-            "sha256": "346448142d46c6e51d0fadcaadbcde31251d7678922ec3eb010fcb1b6e17804c",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11%2B28/OpenJDK11-jre_x64_linux_hotspot_11_28.tar.gz"
+            "build": "9",
+            "sha256": "e762e4cd50cebd1c63dee2cf0d5737016e9e057520b67761df5ad2dc7bbc7d54",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jre_x64_linux_hotspot_11.0.2_9.tar.gz",
+            "version": "11.0.2"
           }
         },
         "openj9": {
-          "build": "28",
           "packageType": "jre",
-          "version": "11",
           "vmType": "openj9",
           "x86_64": {
-            "sha256": "83a7c95e6b2150a739bdd5e8a6fe0315904fd13d8867c95db67c0318304a2c42",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11%2B28/OpenJDK11-jre_x64_linux_openj9_11_28.tar.gz"
+            "build": "9",
+            "sha256": "9c6283485a9fa07c1dca882e6427d785c9f4a99d2e49e91ccefbc6147da27343",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jre_x64_linux_openj9_11.0.2_9_openj9-0.12.0.tar.gz",
+            "version": "11.0.2"
           }
         }
       }
     },
     "mac": {
       "jdk": {
         "hotspot": {
-          "build": "13",
           "packageType": "jdk",
-          "version": "11.0.1",
           "vmType": "hotspot",
           "x86_64": {
-            "sha256": "e219e7e2d586ed09ae65f4ec390fca5d5f0c37a61b47677648610194daf1aaa7",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.1%2B13/OpenJDK11U-jdk_x64_mac_hotspot_11.0.1_13.tar.gz"
+            "build": "9",
+            "sha256": "fffd4ed283e5cd443760a8ec8af215c8ca4d33ec5050c24c1277ba64b5b5e81a",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_mac_hotspot_11.0.2_9.tar.gz",
+            "version": "11.0.2"
           }
         },
         "openj9": {
-          "build": "13",
           "packageType": "jdk",
-          "version": "11.0.1",
           "vmType": "openj9",
           "x86_64": {
-            "sha256": "c9a816d6a3f8aac9dc5b3b41c5a9e4e5460af433a06e003ae25d5a06dea8375f",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.1%2B13/OpenJDK11U-jdk_x64_mac_openj9_macosXL-jdk-11.0.1_13_openj9-0.11.0_11.0.1_13.tar.gz"
+            "build": "9",
+            "sha256": "0589fea4f9012299267dd3c533417a37540a3db61ae86f411bda67195b3636f4",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_mac_openj9_11.0.2_9_openj9-0.12.0.tar.gz",
+            "version": "11.0.2"
           }
         }
       },
       "jre": {
         "hotspot": {
-          "build": "28",
           "packageType": "jre",
-          "version": "11",
           "vmType": "hotspot",
           "x86_64": {
-            "sha256": "ef4dbfe5aed6ab2278fcc14db6cc73abbaab56e95f6ebb023790a7ebc6d7f30c",
-            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11%2B28/OpenJDK11-jre_x64_mac_hotspot_11_28.tar.gz"
+            "build": "9",
+            "sha256": "7e70784f7833751b63cee9e197230877a4059b178a24858261f834ea39b29fd5",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jre_x64_mac_hotspot_11.0.2_9.tar.gz",
+            "version": "11.0.2"
+          }
+        },
+        "openj9": {
+          "packageType": "jre",
+          "vmType": "openj9",
+          "x86_64": {
+            "build": "9",
+            "sha256": "40d70bf570b2098b381b77ae62dfddfb8cf6fc500ed539d82b78405593a9c9e5",
+            "url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jre_x64_mac_openj9_11.0.2_9_openj9-0.12.0.tar.gz",
+            "version": "11.0.2"
           }
         }
       }

diff --git a/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch
@@ -0,0 +1,16 @@
+diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
+index e6d0e6e1a6..b89456fd87 100644
+--- a/crypto/x509/by_file.c
++++ b/crypto/x509/by_file.c
+@@ -97,7 +97,10 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = ossl_safe_getenv(X509_get_default_cert_file_env());
++            file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
++
++            if (!file)
++                file = ossl_safe_getenv(X509_get_default_cert_file_env());
+
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
diff --git a/...es/openssl/use-etc-ssl-certs-darwin.patch → ...nssl/1.0.2/use-etc-ssl-certs-darwin.patch b/...es/openssl/use-etc-ssl-certs-darwin.patch → ...nssl/1.0.2/use-etc-ssl-certs-darwin.patch
diff --git a/...libraries/openssl/use-etc-ssl-certs.patch → ...ies/openssl/1.0.2/use-etc-ssl-certs.patch b/...libraries/openssl/use-etc-ssl-certs.patch → ...ies/openssl/1.0.2/use-etc-ssl-certs.patch
diff --git a/pkgs/development/libraries/openssl/darwin-arch.patch b/pkgs/development/libraries/openssl/darwin-arch.patch
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
@@ -15,13 +15,7 @@ let
       inherit sha256;
     };
 
-    patches =
-      (args.patches or [])
-      ++ [ ./nix-ssl-cert-file.patch ]
-      ++ optional (versionOlder version "1.1.0")
-          (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch)
-      ++ optional (versionOlder version "1.0.2" && stdenv.hostPlatform.isDarwin)
-           ./darwin-arch.patch;
+    inherit patches;
 
     postPatch = ''
       patchShebangs Configure
@@ -121,13 +115,21 @@ let
 in {
 
   openssl_1_0_2 = common {
-    version = "1.0.2p";
-    sha256 = "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah";
+    version = "1.0.2q";
+    sha256 = "115nisqy7kazbg6br2wrcra9nphyph1l4dgp563b9cf2rv5wyi2p";
+    patches = [
+      ./1.0.2/nix-ssl-cert-file.patch
+
+      (if stdenv.hostPlatform.isDarwin
+       then ./1.0.2/use-etc-ssl-certs-darwin.patch
+       else ./1.0.2/use-etc-ssl-certs.patch)
+    ];
   };
 
   openssl_1_1_0 = common {
     version = "1.1.0i";
     sha256 = "16fgaf113p6s5ixw227sycvihh3zx6f6rf0hvjjhxk68m12cigzb";
+    patches = [ ./nix-ssl-cert-file.patch ];
   };
 
 }
diff --git a/pkgs/development/libraries/qt-5/5.11/default.nix b/pkgs/development/libraries/qt-5/5.11/default.nix
@@ -54,6 +54,7 @@ let
       ./qtbase-revert-no-macos10.10.patch
     ] ++ optionals stdenv.isDarwin [
       ./qtbase-darwin-nseventtype.patch
+      ./qtbase-darwin-revert-69221.patch
     ];
     qtdeclarative = [ ./qtdeclarative.patch ];
     qtscript = [ ./qtscript.patch ];

diff --git a/pkgs/development/libraries/qt-5/5.11/fetch.sh b/pkgs/development/libraries/qt-5/5.11/fetch.sh
@@ -1,2 +1,2 @@
-WGET_ARGS=( http://download.qt.io/official_releases/qt/5.11/5.11.1/submodules/ \
+WGET_ARGS=( http://download.qt.io/official_releases/qt/5.11/5.11.3/submodules/ \
             -A '*.tar.xz' )
diff --git a/pkgs/development/libraries/qt-5/5.11/qtbase-darwin-revert-69221.patch b/pkgs/development/libraries/qt-5/5.11/qtbase-darwin-revert-69221.patch
@@ -0,0 +1,73 @@
+diff --git a/src/plugins/platforms/cocoa/qcocoawindow.mm b/src/plugins/platforms/cocoa/qcocoawindow.mm
+index 00c3f7c22c..94d35f59d6 100644
+--- a/src/plugins/platforms/cocoa/qcocoawindow.mm
++++ b/src/plugins/platforms/cocoa/qcocoawindow.mm
+@@ -1355,15 +1355,6 @@ QCocoaNSWindow *QCocoaWindow::createNSWindow(bool shouldBePanel)
+ {
+     QMacAutoReleasePool pool;
+
+-    Qt::WindowType type = window()->type();
+-    Qt::WindowFlags flags = window()->flags();
+-
+-    // Note: The macOS window manager has a bug, where if a screen is rotated, it will not allow
+-    // a window to be created within the area of the screen that has a Y coordinate (I quadrant)
+-    // higher than the height of the screen  in its non-rotated state, unless the window is
+-    // created with the NSWindowStyleMaskBorderless style mask.
+-    NSWindowStyleMask styleMask = windowStyleMask(flags);
+-
+     QRect rect = geometry();
+
+     QScreen *targetScreen = nullptr;
+@@ -1375,22 +1366,26 @@ QCocoaNSWindow *QCocoaWindow::createNSWindow(bool shouldBePanel)
+     }
+
+     if (!targetScreen) {
+-        qCWarning(lcQpaCocoaWindow) << "Window position" << rect << "outside any known screen, using primary screen";
++        qCWarning(lcQpaCocoaWindow) << "Window position outside any known screen, using primary screen";
+         targetScreen = QGuiApplication::primaryScreen();
+-        // AppKit will only reposition a window that's outside the target screen area if
+-        // the window has a title bar. If left out, the window ends up with no screen.
+-        // The style mask will be corrected to the original style mask in setWindowFlags.
+-        styleMask |= NSWindowStyleMaskTitled;
+     }
+
+     rect.translate(-targetScreen->geometry().topLeft());
+     QCocoaScreen *cocoaScreen = static_cast<QCocoaScreen *>(targetScreen->handle());
+     NSRect frame = QCocoaScreen::mapToNative(rect, cocoaScreen);
+
++    // Note: The macOS window manager has a bug, where if a screen is rotated, it will not allow
++    // a window to be created within the area of the screen that has a Y coordinate (I quadrant)
++    // higher than the height of the screen  in its non-rotated state, unless the window is
++    // created with the NSWindowStyleMaskBorderless style mask.
++
++    Qt::WindowType type = window()->type();
++    Qt::WindowFlags flags = window()->flags();
++
+     // Create NSWindow
+     Class windowClass = shouldBePanel ? [QNSPanel class] : [QNSWindow class];
+     QCocoaNSWindow *nsWindow = [[windowClass alloc] initWithContentRect:frame
+-        styleMask:styleMask
++        styleMask:windowStyleMask(flags)
+         // Deferring window creation breaks OpenGL (the GL context is
+         // set up before the window is shown and needs a proper window)
+         backing:NSBackingStoreBuffered defer:NO
+@@ -1399,9 +1394,6 @@ QCocoaNSWindow *QCocoaWindow::createNSWindow(bool shouldBePanel)
+     Q_ASSERT_X(nsWindow.screen == cocoaScreen->nativeScreen(), "QCocoaWindow",
+         "Resulting NSScreen should match the requested NSScreen");
+
+-    if (targetScreen != window()->screen())
+-        QWindowSystemInterface::handleWindowScreenChanged(window(), targetScreen);
+-
+     nsWindow.delegate = [[QNSWindowDelegate alloc] initWithQCocoaWindow:this];
+
+     // Prevent Cocoa from releasing the window on close. Qt
+@@ -1421,6 +1413,9 @@ QCocoaNSWindow *QCocoaWindow::createNSWindow(bool shouldBePanel)
+         });
+     }
+
++    if (targetScreen != window()->screen())
++        QWindowSystemInterface::handleWindowScreenChanged(window(), targetScreen);
++
+     nsWindow.restorable = NO;
+     nsWindow.level = windowLevel(flags);
+
diff --git a/pkgs/development/libraries/qt-5/5.11/qtbase.patch b/pkgs/development/libraries/qt-5/5.11/qtbase.patch
diff --git a/pkgs/development/libraries/qt-5/5.11/srcs.nix b/pkgs/development/libraries/qt-5/5.11/srcs.nix
diff --git a/pkgs/development/libraries/qt-5/5.6/default.nix b/pkgs/development/libraries/qt-5/5.6/default.nix
@@ -26,7 +26,7 @@ existing packages here and modify it as necessary.
 
 {
   newScope,
-  stdenv, fetchurl, makeSetupHook,
+  stdenv, fetchurl, fetchpatch, makeSetupHook,
   bison, cups ? null, harfbuzz, libGL, perl,
   gstreamer, gst-plugins-base,
 
@@ -46,14 +46,62 @@ let
   srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; };
 
   patches = {
-    qtbase = [ ./qtbase.patch ];
+    qtbase = [
+      ./qtbase.patch
+      (fetchpatch {
+        name = "CVE-2018-15518.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=28a6e642af2ccb454dd019f551c2908753f76f08";
+        sha256 = "0nyssg7d0br7qgzp481f1w8b4p1bj2ggv9iyfrm1mng5v9fypdd7";
+      })
+      (fetchpatch {
+        name = "CVE-2018-19873.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=c9b9f663d7243988bcb5fee9180ea9cb3a321a86";
+        sha256 = "1q01cafy92c1j8cgrv4sk133mi3d48x8kbg3glbnnbijpc4k6di5";
+      })
+      (fetchpatch {
+        name = "CVE-2018-19870.patch";
+        url = "http://code.qt.io/cgit/qt/qtbase.git/patch/?id=ac0a910756f91726e03c0e6a89d213bdb4f48fec";
+        sha256 = "00qb9yqwvwnp202am3lqirkjxln1cj8v4wvmlyqya6hna176lj2l";
+      })
+    ];
     qtdeclarative = [ ./qtdeclarative.patch ];
     qtscript = [ ./qtscript.patch ];
     qtserialport = [ ./qtserialport.patch ];
     qttools = [ ./qttools.patch ];
     qtwebengine = [ ./qtwebengine-seccomp.patch ]
       ++ optional stdenv.needsPax ./qtwebengine-paxmark-mksnapshot.patch;
     qtwebkit = [ ./qtwebkit.patch ];
+    qtvirtualkeyboard = [
+      (fetchpatch {
+        name = "CVE-2018-19865-A.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c02115db1de1f3aba81e109043766d600f886522";
+        sha256 = "0ncnyl8f3ypi1kcb9z2i8j33snix111h28njrx8rb49ny01ap8x2";
+      })
+      (fetchpatch {
+        name = "CVE-2018-19865-B.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=01fc537adc74d5e102c8cc93384cdf5cb08b4442";
+        sha256 = "19z8kxqf2lpjqr8189ingrpadch4niviw3p5v93zgx24v7950q27";
+      })
+      (fetchpatch {
+        name = "CVE-2018-19865-C.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=993a21ba03534b172d5354405cc9d50a2a822e24";
+        sha256 = "1bipqxr9bvy8z402pv9kj2w1yzcsj1v03l09pg5jyg1xh6jbgiky";
+      })
+    ];
+    qtimageformats = [
+      (fetchpatch {
+        name = "CVE-2018-19871.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtimageformats.git;a=patch;h=9299ab07df61c56b70e047f1fe5f06b6ff541aa3";
+        sha256 = "0fd3mxdlc0s405j02bc0g72fvdfvpi31a837xfwf40m5j4jbyndr";
+      })
+    ];
+    qtsvg = [
+      (fetchpatch {
+        name = "CVE-2018-19869.patch";
+        url = "http://code.qt.io/cgit/qt/qtsvg.git/patch/?id=c5f1dd14098d1cc2cb52448fb44f53966d331443";
+        sha256 = "1kgyfsxw2f0qv5fx9y7wysjsvqikam0qc7wzhklf0406zz6rhxbl";
+      })
+    ];
   };
 
   mkDerivation =
@@ -111,6 +159,7 @@ let
       /* qtwinextras = not packaged */
       qtx11extras = callPackage ../modules/qtx11extras.nix {};
       qtxmlpatterns = callPackage ../modules/qtxmlpatterns.nix {};
+      qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {};
 
       env = callPackage ../qt-env.nix {};
       full = env "qt-full-${qtbase.version}" [

diff --git a/pkgs/development/libraries/qt-5/5.9/default.nix b/pkgs/development/libraries/qt-5/5.9/default.nix
@@ -17,7 +17,7 @@ top-level attribute to `top-level/all-packages.nix`.
 
 {
   newScope,
-  stdenv, fetchurl, makeSetupHook,
+  stdenv, fetchurl, fetchpatch, makeSetupHook,
   bison, cups ? null, harfbuzz, libGL, perl,
   gstreamer, gst-plugins-base, gtk3, dconf,
 
@@ -44,6 +44,25 @@ let
     qttools = [ ./qttools.patch ];
     qtwebengine = optional stdenv.needsPax ./qtwebengine-paxmark-mksnapshot.patch;
     qtwebkit = [ ./qtwebkit.patch ];
+    qtvirtualkeyboard = [
+      (fetchpatch {
+        name = "CVE-2018-19865-A.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=61780a113f02b3c62fb14516fe8ea47d91f9ed9a";
+        sha256 = "0jd4nzaz9ndm9ryvrkav7kjs437l661288diklhbmgh249f8gki0";
+      })
+      (fetchpatch {
+        name = "CVE-2018-19865-B.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c0ac7a4c684e2fed60a72ceee53da89eea3f95a7";
+        sha256 = "0yvxrx5vx6845vgnq8ml3q93y61py5j0bvhqj7nqvpbmyj1wy1p3";
+
+      })
+      (fetchpatch {
+        name = "CVE-2018-19865-C.patch";
+        url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=a2e7b8412f56841e12ed20a39f4a38e32d3c1e30";
+        sha256 = "1yijysa9gy5xbxndx5ri0dkfrjqja0d1bsx52qz4mhzi4pkbib02";
+      })
+    ];
+
   };
 
   mkDerivation =

diff --git a/pkgs/development/libraries/qt-5/5.9/fetch.sh b/pkgs/development/libraries/qt-5/5.9/fetch.sh
@@ -1,2 +1,2 @@
-WGET_ARGS=( http://download.qt.io/official_releases/qt/5.9/5.9.3/submodules/ \
+WGET_ARGS=( http://download.qt.io/official_releases/qt/5.9/5.9.7/submodules/ \
             -A '*.tar.xz' )
diff --git a/pkgs/development/libraries/qt-5/5.9/qtbase-darwin.patch b/pkgs/development/libraries/qt-5/5.9/qtbase-darwin.patch
@@ -1,16 +1,3 @@
-diff --git a/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm b/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
-index 66baf16..89794ef 100644
---- a/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
-+++ b/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
-@@ -830,7 +830,7 @@ void QCoreTextFontEngine::getUnscaledGlyph(glyph_t glyph, QPainterPath *path, gl
-
- QFixed QCoreTextFontEngine::emSquareSize() const
- {
--    return QFixed::QFixed(int(CTFontGetUnitsPerEm(ctfont)));
-+    return QFixed(int(CTFontGetUnitsPerEm(ctfont)));
- }
-
- QFontEngine *QCoreTextFontEngine::cloneWithSize(qreal pixelSize) const
 diff --git a/src/plugins/bearer/corewlan/qcorewlanengine.mm b/src/plugins/bearer/corewlan/qcorewlanengine.mm
 index 341d3bc..3368234 100644
 --- a/src/plugins/bearer/corewlan/qcorewlanengine.mm

diff --git a/pkgs/development/libraries/qt-5/5.9/srcs.nix b/pkgs/development/libraries/qt-5/5.9/srcs.nix
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.14.101";
+  version = "4.14.102";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "16mnrn2lb6xhcmpqx8brk2w4g6igfb1cwkqkpvlnc7003g2zfbql";
+    sha256 = "0095aqc1jbic77r34mpddjbz75rq1smr41yjx4mdqkl0lb7q5afq";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.19.23";
+  version = "4.19.24";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "02hkiz5vlx2qhyi1hxar9d1cr2gfnrpjdrjjkh83yzxci9kjb6rd";
+    sha256 = "014fpzy40yy56whnd8fclgxbdmaab8f5f6gam1lv8x6qmdgqic9v";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.4.174";
+  version = "4.4.175";
   extraMeta.branch = "4.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0fdsxfwhn1xqic56c4aafxw1rdqy7s4w0inmkhcnh98lj3fi2lmy";
+    sha256 = "1r8bp8dcjgndx9ziwv3pkgngr1bxwvdmimg8gxq8ak0km9bqfz76";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.158";
+  version = "4.9.159";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1vvm2gw5cddy40amxxr1hcw0bis2zldzyicvjhy11wg6j3snk2lc";
+    sha256 = "0hhpfyvankdiwbngpsl9xprf6777830dms722hix3450d0qz37cz";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
@@ -61,15 +61,16 @@ let
     postInstall =
       ''
         moveToOutput "lib/pgxs" "$out" # looks strange, but not deleting it
-        moveToOutput "lib/*.a" "$out"
+        moveToOutput "lib/libpgcommon.a" "$out"
+        moveToOutput "lib/libpgport.a" "$out"
         moveToOutput "lib/libecpg*" "$out"
 
         # Prevent a retained dependency on gcc-wrapper.
         substituteInPlace "$out/lib/pgxs/src/Makefile.global" --replace ${stdenv.cc}/bin/ld ld
 
         if [ -z "''${dontDisableStatic:-}" ]; then
           # Remove static libraries in case dynamic are available.
-          for i in $out/lib/*.a; do
+          for i in $out/lib/*.a $lib/lib/*.a; do
             name="$(basename "$i")"
             if [ -e "$lib/lib/''${name%.a}.so" ] || [ -e "''${i%.a}.so" ]; then
               rm "$i"

diff --git a/pkgs/tools/archivers/unzip/CVE-2018-18384.patch b/pkgs/tools/archivers/unzip/CVE-2018-18384.patch
@@ -0,0 +1,35 @@
+--- unzip60/list.c	
++++ unzip60/list.c	
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[10];
++    char sgn, cfactorstr[1+10+1+1];	/* <sgn><int>%NUL */
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G)    /* return PK-type
+             }
+ #else /* !WINDLL */
+             if (cfactor == 100)
+-                sprintf(cfactorstr, LoadFarString(CompFactor100));
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+             else
+-                sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+             if (longhdr)
+                 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+                   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G)    /* return PK-type
+
+ #else /* !WINDLL */
+         if (cfactor == 100)
+-            sprintf(cfactorstr, LoadFarString(CompFactor100));
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+         else
+-            sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+         if (longhdr) {
+             Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+               FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix
@@ -24,6 +24,7 @@ stdenv.mkDerivation {
     ./CVE-2015-7697.diff
     ./CVE-2014-9913.patch
     ./CVE-2016-9844.patch
+    ./CVE-2018-18384.patch
     ./dont-hardcode-cc.patch
   ] ++ stdenv.lib.optional enableNLS
     (fetchurl {

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -6321,11 +6321,9 @@ with pkgs;
     then callPackage adoptopenjdk-bin-11-packages-linux.jdk-openj9 {}
     else callPackage adoptopenjdk-bin-11-packages-darwin.jdk-openj9 {};
 
-  # openj9 jre builds for mac are currently missing (upstream)
-  #adoptopenjdk-jre-openj9-bin-11 = if stdenv.isLinux
-  #  then callPackage adoptopenjdk-bin-11-packages-linux.jre-openj9 {}
-  #  else callPackage adoptopenjdk-bin-11-packages-darwin.jre-openj9 {};
-  adoptopenjdk-jre-openj9-bin-11 = callPackage adoptopenjdk-bin-11-packages-linux.jre-openj9 {};
+  adoptopenjdk-jre-openj9-bin-11 = if stdenv.isLinux
+    then callPackage adoptopenjdk-bin-11-packages-linux.jre-openj9 {}
+    else callPackage adoptopenjdk-bin-11-packages-darwin.jre-openj9 {};
 
   adoptopenjdk-bin = adoptopenjdk-hotspot-bin-11;
   adoptopenjdk-jre-bin = adoptopenjdk-jre-hotspot-bin-11;
@@ -11745,7 +11743,7 @@ with pkgs;
   qt56 = recurseIntoAttrs (makeOverridable
     (import ../development/libraries/qt-5/5.6) {
       inherit newScope;
-      inherit stdenv fetchurl makeSetupHook;
+      inherit stdenv fetchurl fetchpatch makeSetupHook;
       bison = bison2; # error: too few arguments to function 'int yylex(...
       inherit cups;
       harfbuzz = harfbuzzFull;
@@ -11759,7 +11757,7 @@ with pkgs;
   qt59 = recurseIntoAttrs (makeOverridable
     (import ../development/libraries/qt-5/5.9) {
       inherit newScope;
-      inherit stdenv fetchurl makeSetupHook;
+      inherit stdenv fetchurl fetchpatch makeSetupHook;
       bison = bison2; # error: too few arguments to function 'int yylex(...
       inherit cups;
       harfbuzz = harfbuzzFull;