The CF configure flags broke with the last update but based on
fa9c81f694 and the comment it seems like
these are not necessary anymore.
$ nix-build -A stdenv.__bootPackages.stdenv.__bootPackages.gettext
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
$ nix-store -qR /nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
/nix/store/2ws9cmamvr7xyvdg4d2nnd1bmr1zjrrq-bootstrap-tools
/nix/store/2yn28axagwyifnvdm8npy2f982jxr986-libiconv-osx-10.12.6
/nix/store/dii9p8717rjnbzar4kh1q3sxk77dbbkd-gettext-0.20.1
This commit fixes missing fc-cache binary from make-fonts-cache.nix build:
```
builder for '/nix/store/az48nr8gdqrw3fliddmi82ghj2ljxrj4-fc-cache.drv' failed with exit code 127; last 1 log lines:
/nix/store/p3z1lgsi7xymvl7akg531ikwiisqs4x5-stdenv-linux/setup: line 1299: fc-cache: command not found
cannot build derivation '/nix/store/swaxvjsf8h0rsmm9kigp6j3f5q5h4nvg-fc-00-nixos-cache.conf.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/wiaiv0pq7w1xm2i2fqp2ngd1ljb4n6n9-fontconfig-conf.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/4zhiwpiyccs0rs26bs3q0w8fwaxrrgw0-fontconfig-etc.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/xhvljdp9b00fbkapx6cbfs4sjdh49qwv-etc.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/w63q0n0vh7vkdfrjmhb41qy1alx7qa8s-nixos-system-nixos-19.09.git.c814289.drv': 1 dependencies couldn't be built
```
This is required for programs using rocksdb and and typeinfo.
Otherwise, linking them fails with errors like this (that's ceph):
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(RocksDBStore.cc.o):(.data.rel.ro._ZTIN12RocksDBStore14RocksWBHandlerE[_ZTIN12RocksDBStore14RocksWBHandlerE]+0x10): undefined reference to `typeinfo for rocksdb::WriteBatch::Handler'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(RocksDBStore.cc.o):(.data.rel.ro._ZTIN12RocksDBStore19MergeOperatorRouterE[_ZTIN12RocksDBStore19MergeOperatorRouterE]+0x10): undefined reference to `typeinfo for rocksdb::AssociativeMergeOperator'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(RocksDBStore.cc.o):(.data.rel.ro._ZTIN12RocksDBStore19MergeOperatorLinkerE[_ZTIN12RocksDBStore19MergeOperatorLinkerE]+0x10): undefined reference to `typeinfo for rocksdb::AssociativeMergeOperator'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(RocksDBStore.cc.o):(.data.rel.ro._ZTI17CephRocksdbLogger[_ZTI17CephRocksdbLogger]+0x10): undefined reference to `typeinfo for rocksdb::Logger'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(BlueRocksEnv.cc.o):(.data.rel.ro._ZTI12BlueRocksEnv[_ZTI12BlueRocksEnv]+0x10): undefined reference to `typeinfo for rocksdb::EnvWrapper'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(BlueRocksEnv.cc.o):(.data.rel.ro._ZTI23BlueRocksSequentialFile[_ZTI23BlueRocksSequentialFile]+0x10): undefined reference to `typeinfo for rocksdb::SequentialFile'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(BlueRocksEnv.cc.o):(.data.rel.ro._ZTI25BlueRocksRandomAccessFile[_ZTI25BlueRocksRandomAccessFile]+0x10): undefined reference to `typeinfo for rocksdb::RandomAccessFile'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(BlueRocksEnv.cc.o):(.data.rel.ro._ZTI21BlueRocksWritableFile[_ZTI21BlueRocksWritableFile]+0x10): undefined reference to `typeinfo for rocksdb::WritableFile'
/nix/store/cg0k49h66nkdqx6ccwnqr0i4q0fnfznc-binutils-2.31.1/bin/ld: ../../lib/libos.a(BlueRocksEnv.cc.o):(.data.rel.ro._ZTI17BlueRocksFileLock[_ZTI17BlueRocksFileLock]+0x10): undefined reference to `typeinfo for rocksdb::FileLock'
I think those deps could be made to build, but I didn't want to get
bogged down investigating further. "Use flags" are always a good thing,
so this is fine for now.
* add patch for CVE-2017-8372 and CVE-2017-8373
* add patch for CVE-2017-8374
* add patch for x86_64 platforms
* fetch existing patches from remote sources
Most other packages don't move `.a` files to "$dev", and that is because
it makes the pkg-config `.pc` file wrong (the `libdir` is the non-dev one).
Keeping them in the main output makes static linking of SDL2 work.
See added comment about pruning of `.la` files.
