The previous code using substituteInPlace was broken for both 5.9 and
5.11 (latter was broken after a minor release bump). Using patches
should make things fail loudly and prevent modules/qtwebengine.nix from
being littered with version checks.

The patch for 5.12 is only tested to apply.

(cherry picked from commit 1809832)

…ituteInPlace

qt59.qtwebengine doesn't need those fixes (probably since the recent
minor version bump)

(cherry picked from commit ccd1bf6)

This ports a patch that is already used in 5.11. Also one of the
substituteInPlace call fails because a file doesn't exist.

(cherry picked from commit 0624deb)

dockerTools: align generated layer archives with docker's output
(cherry picked from commit 6af3176)

(cherry picked from commit a0a1dc0)

(cherry picked from commit b1d040b)

(cherry picked from commit bbefa95)

(cherry picked from commit 4b7d9dc)

(cherry picked from commit b16b1b3)

[19.03] monero: 0.13 -> 0.14

https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html
Close NixOS#58437.

(cherry picked from commit 225b164)

(cherry picked from commit 128e6c5)

(cherry picked from commit ea5f098)

users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile
users.ldap.bind.password -> users.ldap.bind.passwordFile

as users.ldap.daemon.rootpwmodpw never was part of a release, no
mkRenamedOptionModule is introduced.

(cherry picked from commit 0a1451a)

eb90d97 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (NixOS#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes NixOS#57783

(cherry picked from commit 8817bbe)

Backport of NixOS#58477
(cherry picked from commit e76f30e)

Gitaly uses `ps` to track the RSS of `gitlab-ruby` and kills it when it
detects excessive memory leakage. See
https://gitlab.com/gitlab-org/gitaly/issues/1562.

(cherry picked from commit b90f5f0)

….12.3

[19.03] kde-applications: 18.12.1 -> 18.12.3

qcollectiongenerator was merged into qhelpgenerator in qt 5.12,
see https://blog.qt.io/blog/2018/11/02/whats-new-qt-help/

(cherry picked from commit 0b8d40a)

(Cherry-picked from 2556b7b)

https://dovecot.org/list/dovecot-news/2019-March/000401.html
fixes CVE-2019-7524

(cherry picked from commit d3ca36b)

Fixed a trivial merge conflict because some intermediate version bumps were
missing.

(cherry picked from commit 43d0137)

(cherry picked from commit 862b211)

(cherry picked from commit ead0e93)

(cherry picked from commit 7cb7596)

(cherry picked from commit 4933eae)

(cherry picked from commit 2a328c8)

(cherry picked from commit 68a33fc)

(cherry picked from commit a2f6e40)