(cherry picked from commit 4d6a14e)

* fetchs3: add configurable name

Change the default from "foo" to the basename of the s3 URL and make it
configurable.

* fetchs3: fix error on missing credentials.session_token

The session token should default to null instead of failing

* fetchs3: make use of the region argument

Set it to null if you don't want to use it

* fetchs3: prefer local build

Fetcher-types spend more time on network than CPU

(cherry picked from commit f7abcb0)

Fixes #39806.

…s. Issues: #38623 NixOS/nixops#930.

Security update, backport of #39922.

(cherry picked from commit 3d97455)

(cherry picked from commit ce3961c)

[18.03] matrix-synapse: 0.26.1 -> 0.28.1 (security update)

runInLinuxVM: fix ext4 and crc32c-intel interactions

(cherry picked from commit f99ded2)

(cherry picked from commit 814938a)

(cherry picked from commit 374fde0)

(cherry picked from commit 6fd4462)

(cherry picked from commit 97ca2f5)

To mitigate Spectre Variant 2, GCC needs to have retpoline
support (-mindirect-branch and -mfunction-return arguments on amd64
and i386).

Patches were pulled from H.J. Lu's backport branch to
4.9 (hjl/indirect/gcc-4_9-branch), available at
https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream
GCC does not apply patches to anything older than the
gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits
as well.

Several Linux distributions already backported these patches to GCC 4
branches and some old kernels (3.13 for instance) have been recompiled
with these GCC patches. These kernels only allow to load kernel
modules that are compiled with the retpoline support.

References:
- Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261
- Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4

Fixes #38394

(cherry picked from commit ada2fc0)

This synchronizes with the move in master to make backports easier.

On nixpkgs master/staging we have 2.32 - that includes this patch.
https://nvd.nist.gov/vuln/detail/CVE-2018-7738 claims 2.32-rc1 fixes
this and upstream master hasn't changed umount completion except for
this patch, so it has to be it. /cc #38994.

…ening a GIF file

(cherry picked from commit b41ede5)

Vscode backport

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/uftp/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftpd help’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt -h’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt --help’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt help’ got 0 exit code
- found 4.9.6 with grep in /nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6
- directory tree listing: https://gist.github.com/c08d432d7a238559a904561aa46161bd

(cherry picked from commit 8994bf5)

Moved list of ip ranges to url_preview_ip_range_blacklist defaults.
Fixes #40017

(cherry picked from commit 560e91f)