gnupatch: Use fetchpatch to avoid cgit [WIP]

This doesn't work:
  $ nix-build . -A patch
  error: anonymous function at /home/username/devel/nixpkgs/pkgs/build-support/fetchurl/boot.nix:5:1
  called with unexpected argument 'meta', at /home/username/devel/nixpkgs/pkgs/build-support/fetchpatch/default.nix:14:1

Verification that the new hashes describe semantically equivalent content:

$ diff --label tarballs.nixos.org -u <(curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)") --label fetchpatch <( cat "$(nix-build -E 'with import <nixpkgs> {}; fetchpatch { url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1; name = "Allow_input_files_to_be_missing_for_ed-style_patches.patch"; sha256 = "0j6zqaz100mkhl9p0ldq0122zdvh7za0vg2rp3cznv244j837rdk"; }')" )                        --- tarballs.nixos.org
+++ fetchpatch
@@ -1,19 +1,6 @@
-From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 11:34:51 +0200
-Subject: Allow input files to be missing for ed-style patches
-
-* src/pch.c (do_ed_script): Allow input files to be missing so that new
-files will be created as with non-ed-style patches.
----
- src/pch.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/pch.c b/src/pch.c
-index bc6278c..0c5cc26 100644
 --- a/src/pch.c
 +++ b/src/pch.c
-@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+@@ -2394,9 +2394,11 @@

      if (! dry_run && ! skip_rest_of_patch) {
        int exclusive = *outname_needs_removal ? 0 : O_EXCL;
@@ -28,6 +15,3 @@
        sprintf (buf, "%s %s%s", editor_program,
                 verbosity == VERBOSE ? "" : "- ",
                 outname);
---
-cgit v1.0-41-gc330
-

$ diff --label tarballs.nixos.org -u <(curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)") --label fetchpatch <( cat "$(nix-build -E 'with import <nixpkgs> {}; fetchpatch {  url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d;  name = "CVE-2018-1000156.patch";  sha256 = "03rpq4qw7s34av391ff24lgnl381xxq5mdn1m4db941a0ffm0nkf"; }')")
--- tarballs.nixos.org
+++ fetchpatch
@@ -1,23 +1,3 @@
-From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 12:14:49 +0200
-Subject: Fix arbitrary command execution in ed-style patches
- (CVE-2018-1000156)
-
-* src/pch.c (do_ed_script): Write ed script to a temporary file instead
-of piping it to ed: this will cause ed to abort on invalid commands
-instead of rejecting them and carrying on.
-* tests/ed-style: New test case.
-* tests/Makefile.am (TESTS): Add test case.
----
- src/pch.c         | 91 ++++++++++++++++++++++++++++++++++++++++---------------
- tests/Makefile.am |  1 +
- tests/ed-style    | 41 +++++++++++++++++++++++++
- 3 files changed, 108 insertions(+), 25 deletions(-)
- create mode 100644 tests/ed-style
-
-diff --git a/src/pch.c b/src/pch.c
-index 0c5cc26..4fd5a05 100644
 --- a/src/pch.c
 +++ b/src/pch.c
 @@ -33,6 +33,7 @@
@@ -28,7 +8,7 @@

  #define INITHUNKMAX 125                       /* initial dynamic allocation size */

-@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+@@ -2389,24 +2390,28 @@
      static char const editor_program[] = EDITOR_PROGRAM;

      file_offset beginning_of_this_line;
@@ -73,7 +53,7 @@
      for (;;) {
        char ed_command_letter;
        beginning_of_this_line = file_tell (pfp);
-@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+@@ -2417,14 +2422,14 @@
        }
        ed_command_letter = get_ed_command_letter (buf);
        if (ed_command_letter) {
@@ -92,7 +72,7 @@
                            write_fatal ();
                    if (chars_read == 2  &&  strEQ (buf, ".\n"))
                        break;
-@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+@@ -2437,13 +2442,49 @@
            break;
        }
      }
@@ -147,11 +127,9 @@

      if (ofp)
        {
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 6b6df63..16f8693 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -32,6 +32,7 @@ TESTS = \
+@@ -32,6 +32,7 @@
        crlf-handling \
        dash-o-append \
        deep-directories \
@@ -159,9 +137,6 @@
        empty-files \
        false-match \
        fifo \
-diff --git a/tests/ed-style b/tests/ed-style
-new file mode 100644
-index 0000000..d8c0689
 --- /dev/null
 +++ b/tests/ed-style
 @@ -0,0 +1,41 @@
@@ -206,6 +181,3 @@
 +check 'cat foo' <<EOF
 +foo
 +EOF
---
-cgit v1.0-41-gc330
-

pkgs/tools/text/gnupatch/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, fetchpatch
 , ed, autoreconfHook
 }:
 
@@ -13,15 +13,15 @@ stdenv.mkDerivation rec {
   patches = [
     # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
     ./CVE-2018-6951.patch
-    (fetchurl {
+    (fetchpatch {
       url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1;
       name = "Allow_input_files_to_be_missing_for_ed-style_patches.patch";
-      sha256 = "0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64";
+      sha256 = "0j6zqaz100mkhl9p0ldq0122zdvh7za0vg2rp3cznv244j837rdk";
     })
-    (fetchurl {
+    (fetchpatch {
       url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d;
       name = "CVE-2018-1000156.patch";
-      sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
+      sha256 = "03rpq4qw7s34av391ff24lgnl381xxq5mdn1m4db941a0ffm0nkf";
     })
     # https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
     ./CVE-2018-6952.patch