* gnu/packages/patches/shadow-CVE-2018-7169.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shadow)[source]: Use it.
* gnu/packages/patches/java-jeromq-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/java.scm (java-jeromq)[source](patches): Add it.
[arguments](#test-exclude): Disable more failing tests.
Rename the function and move the declaration from gif_lib.h to
gif_lib_private.h to solve conflicts when some .c-file #includes
both stdlib.h and gif_lib.h.
See also https://sourceforge.net/p/giflib/bugs/110/
* gnu/packages/patches/giflib-make-reallocarray-private.patch: New
file
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/image.scm(giflib)[source](patches): New field.
* gnu/packages/patches/gnome-todo-libical-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (gnome-todo)[source](patches): Use it.
* gnu/packages/php.scm (php)[inputs]: Use gd-for-php.
(gd-for-php): New private variable.
* gnu/packages/patches/gd-CVE-2018-5711.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/glibc-allow-kernel-2.6.32.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field.
(glibc-2.26-patched): New variable.
* gnu/packages/patches/wavpack-CVE-2018-6767.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/audio.scm (wavpack)[source](patches): Add it.
* gnu/packages/patches/json-glib-fix-tests-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (json-glib)[source](patches): New field.
* gnu/packages/patches/password-store-gnupg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/password-utils.scm (password-store)[source]: Use it.
This release claims to fix 2 vulnerabilities:
- ‘an integer overflow vulnerability in the TIFF decoder’
(CVE-2017-1000229, previously patched in Guix), and
- ‘a buffer overflow vulnerability in the GIF decoder’.
* gnu/packages/image.scm (optipng): Update to 0.7.7.
[source]: Remove patch.
[arguments]: Substitute INVOKE for SYSTEM* and end phase with #t.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/htop-fix-process-tree.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (htop)[source]: Use it.
* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (freetype)[replacement]: New field.
(freetype/fixed): New variable.
Transfer the applicable NixOS patches as of 2018-01-19:
- Not adopted: We don't change the .cmake.in and .prf, but use config
mechanisms provided by th Qt build system.
- src/corelib/tools/qtimezoneprivate_tz.cpp: Adopted patch: Use $TZDIR to
search for time-zone data. Thus avoid depending on package "tzdata", which
often introduces changes with near-immediate effects, so it's important to
be able to update it fast.
- src/corelib/kernel/qcoreapplication.cpp: Not adopted: NixOS adds plugin
paths derived from PATH. We do not need this, since we already have
native-search-path QT_PLUGIN_PATH.
- src/network/kernel/qdnslookup_unix.cpp,
src/network/kernel/qhostinfo_unix.cpp: Transferred: Use hard-coded path to
libresolv.
- src/network/ssl/qsslcontext_openssl.cpp: Not adopted: NixOS changes a
conditional compilation for Qt 5.9 (but leaves it unchanged for Qt 5.10) to
fix compilation with libressl. But Qt does not support libressl anway, see
config.tests/openssl/openssl.cpp in qtbase 5.9.4.
- src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp:
Transferred: Use hard-coded path to libx11.
- src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp:
Transferred: Use hard-coded path to mess's libGL, no need for a fall-back.
- src/plugins/platforms/xcb/qxcbcursor.cpp: Transferred: Use hard-coded path
to Xcursor.
- src/plugins/platformthemes/gtk3/main.cpp: Not adopted: NixOS changes
$XDG_DATA_DIRS and $GIO_EXTRA_MODULES in the code. We already have a
search-path-specification for this.
- src/testlib/qtestassert.h: Decided not to adopt this for guix.
* gnu/packages/patches/qtbase-use-TZDIR.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qtbase): Add comment. [source]: Use new patch.
[arguments]<#:phases>'patch-paths': New phase.
This was causing segfaults in the MH test suite when building with
glibc 2.26 on x86_64.
* gnu/packages/patches/mailutils-uninitialized-memory.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mailutils)[source](patches, snippet): New
fields.
[native-inputs]: New field.
* gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.9)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/python-waitress-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-waitress): Update to 1.1.0.
[source](patches): New field.
This fixes the security issues described at
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-
rubygems/
* gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch: New file.
* gnu/packages/ruby.scm (ruby-2.4.3)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
Add a patch by Ludovic Courtès <ludo@gnu.org> from the upstream
shepherd repository to partially fix <https://bugs.gnu.org/30299>.
* gnu/packages/patches/shepherd-herd-status-sorted.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Add patch.
* gnu/packages/patches/libtasn1-CVE-2018-6003.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
* gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (emacs-browse-at-remote)[source](patches): Use it.
Clementine has a button in the preference menu that allows downloading a
binary blob to add support for Spofify. Let's remove this button. It turns
out this is the only part of the code base that uses crypto++, let's remove
this dependency too.
* gnu/packages/music.scm (clementine)[arguments]: Remove crypto++ support. Set
HAVE_SPOTIFY_DOWNLOADER to FALSE.
[inputs]: Remove crypto++ input.
* gnu/packages/patches/clementine-remove-crypto++-dependency.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
* gnu/packages/patches/icecat-use-system-harfbuzz.patch,
gnu/packages/patches/icecat-use-system-graphite2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. Delete
"gfx/harfbuzz" and "gfx/graphite2" in the snippet.
[inputs]: Add harfbuzz and graphite2.
[arguments]: Add "--with-system-harfbuzz" and "--with-system-graphite2" to
configure-flags.
* gnu/packages/mpi.scm (hwloc-2.0): New variable.
* gnu/packages/patches/hwloc-tests-without-sysfs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/p7zip-CVE-2017-17969.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (p7zip)[source]: Use it.
python-axolotl has been failing since March,
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
This also fixes the OMEMO and OTR plugins for Gajim work.
* gnu/packages/patches/python-axolotl-AES-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python-crypto.scm (python-axolotl): Upgrade to 0.1.39.
[source]: Use the patch.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/version-control.scm (reposurgeon): Update to 3.43.
[source]: Add a patch needed to build the package.
[arguments]: Add ‘patch-inputs’ phase.
[native-inputs]: Replace docbook-xml-4.1.2 with the latest docbook-xml.
[inputs]: Add tzdata.
* gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dovecot-CVE-2017-15132.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (dovecot)[source]: Use it.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
* gnu/packages/patches/rtags-separate-rct.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/code.scm (rtags): Dependencies no longer bundled.
[source]: Use tarball release. Use the patch to link rct.
Substitute corresponding headers.
[native-inputs]: Add new dependencies.
[inputs]: Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/rct-add-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cpp.scm (rct): Use the patch, enable RTTI.
[source]: Use the patch to add missing headers from installation.
[arguments]: Enable RTTI in configure-flags.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/opencascade-oce-glibc-2.26.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (opencascade-oce)[source]: Use it.
* gnu/packages/patches/libgnomeui-utf8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgnomeui)[source]: Use it.
* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libgnome-encoding.patch: New file.
* gnu/packages/gnome.scm (libgnome)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
* gnu/packages/patches/nfs-utils-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nfs.scm (nfs-utils)[source]: Use it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/potrace-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/fontutils.scm (potrace)[source]: Use it.
* gnu/packages/gcc.scm (gcc@6)[source]: Add snippet to adjust
linux-unwind.h to changes in glibc@2.26. Add patch.
* gnu/packages/patches/gcc-libsanitizer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/ao-cad-aarch64-support.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/engineering.scm (ao-cad)[source]: Use it. Update snapshot to
fb288c9. Use VCS helpers for version and file-name.
[arguments]: Add 'remove-native-compilation' phase.
This patch is modified from the original patch targeting gcc@5.
* gnu/packages/patches/gcc-asan-missing-include.patch: New file.
* gnu/packages/gcc.scm (gcc@4.8)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
Fixes <https://bugs.gnu.org/29782>.
Reported by Gábor Boskovits.
* gnu/packages/patches/docbook-xsl-nonrecursive-string-subst.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/docbook.scm (docbook-xsl)[source](patches): Use it.
[native-inputs]: Add XZ.
[arguments]: Adjust PATH accordingly.
* gnu/packages/patches/python-pillow-fix-failing-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pillow)[source]: Use it.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
Previously cross-compilation would fail:
CC xvasprintf.o
xstrtol-error.c:50:16: warning: 'struct rpl_option' declared inside parameter list
int exit_status)
^
xstrtol-error.c: In function 'xstrtol_error':
xstrtol-error.c:84:5: error: invalid use of undefined type 'struct rpl_option'
* gnu/packages/patches/diffutils-getopt.patch: New file.
* gnu/packages/base.scm (diffutils)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
See <https://github.com/borgbackup/borg/issues/3444> for more information.
* gnu/packages/patches/borg-fix-archive-corruption-bug.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/video.scm (libvdpau-va-gl): New variable.
* gnu/packages/patches/libvdpau-va-gl-unbundle.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/eigen-arm-neon-fixes.patch: New patch.
* gnu/packages/algebra.scm (eigen): Update to 3.3.4.
[source]: Use patch. Disable svd-preallocation test for BDCSVD.
[arguments]: Set "EIGEN_SEED" environment variable in check phase.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch:
New file.
* gnu/packages/machine-learning.scm (python-scikit-learn)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Gperf is now a hard dependency.
* gnu/packages/patches/fontconfig-remove-debug-printf.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (fontconfig): Update to 2.12.6.
[source]: Add 'fontconfig-remove-debug-printf.patch'.
[arguments]: Remove 'regenerate-fcobjshash' phase.
* gnu/packages/patches/jemalloc-arm-address-bits.patch: New patch.
* gnu/packages/jemalloc.scm (jemalloc)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/picprog-non-intel-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/embedded.scm (picprog)[source]: Add patch.
[arguments]: Skip building the 'testport' binary.
* gnu/packages/patches/valgrind-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/valgrind.scm (valgrind)[source](patches): Use it.
This is a follow-up to commit 9a187b39b7.
* gnu/packages/spice.scm (spice): Update to 0.14.0.
[source]: Remove obsolete patches. Use HTTPS URL.
[inputs]: Add orc.
[home-page]: Update to use https.
* gnu/packages/patches/spice-CVE-2016-9577.patch,
gnu/packages/patches/spice-CVE-2016-9578-1.patch,
gnu/packages/patches/spice-CVE-2016-9578-2.patch,
gnu/packages/patches/spice-CVE-2017-7506.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/bazaar-CVE-2017-14176.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (bazaar)[source]: Use it.
* gnu/packages/patches/shepherd-close-fds.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Use it.
* gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/file-systems.scm (glusterfs)[source]: Use it.
* gnu/packages/bootloaders.scm (dtc)[patches]: Add dtc-32-bits-check.patch and
dtc-format-modifier.patch to fix build and tests on 32 bits platforms.
* gnu/packages/patches/dtc-32-bits-check.patch : New file.
* gnu/packages/patches/dtc-format-modifier.patch : New file.
* gnu/local.mk (dist_patch_DATA): Add two above patches.
* gnu/packages/mail.scm (exim): Update to 4.89.1.
[source]: Remove patches for fixed CVEs (all of them).
* gnu/packages/patches/exim-CVE-2017-16943.patch: Delete file...
* gnu/packages/patches/exim-CVE-2017-16944.patch: ...as well as this file...
* gnu/packages/patches/exim-CVE-2017-1000369.patch: ...and this file.
* gnu/local.mk (dist_patch_DATA): Remove all of them.
* gnu/packages/image.scm (optipng)[source](patches): New field.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/node.scm (node): Update to 8.9.1.
[source]: Apply 'node-test-http2-server-rst-stream.patch'.
[arguments]: Skip 'doc-only' target in 'check', which attempts to use
npm to retrieve 'js-yaml' package. Remove test/doctool/test-make-doc.js.
Do not remove now-missing test case. Remove new test case that fails in
containers due to networking.
* gnu/packages/patches/node-test-http2-server-rst-stream.patch: New file.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/guile-emacs-fix-configure.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (guile-emacs): Use it. Add workaround for src/deps
dir creation. Fixes#29186.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Arch Linux.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/lxde.scm (pcmanfm)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/procmail-CVE-2017-16844.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (procmail)[source]: Use it.
* gnu/packages/patches/audacity-build-with-system-portaudio.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/audio.scm (audacity): Update to 2.2.0.
[source]: Add patch to build with system portaudio; add snippet to remove most
bundled libraries.
[inputs]: Replace "gtk+-2" with "gtk+", replace "wxwidgets-gtk2" with
"wxwidgets"; remove "libsbsms"; add "suil" and "portmidi".
[arguments]: Adjust configure flags to avoid using bundled libraries; remove
phase "autoreconf"; add phases "fix-sbsms-check" and "use-upstream-headers".
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
For compatibility, dependents must be updated at the same time.
* gnu/packages/web.scm (libcss): Update to 0.7.0
(nsgenbind): Update to 0.5.
(netsurf): Update to 3.7.
[arguments]: Fix binary name in .desktop. Adjust "docs" directory name.
* gnu/packages/patches/netsurf-system-utf8proc.patch: Adjust to new source.
* gnu/packages/java.scm (java-powermock-reflect): New variable.
* gnu/packages/patches/java-powermock-fix-java-files.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/icu4c.scm (icu4c)[replacement]: New field.
(icu4c-fixed): New variable.
* gnu/packages/patches/libvirt-CVE-2017-1000256.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (libvirt)[source]: Use it.
* gnu/packages/python.scm (python-unittest2): Update to 1.1.0.
[source]: Use PYPI-URI. Add two patches.
[arguments]: Add phase to run tests.
[propagated-inputs]: Add PYTHON-SIX and PYTHON-TRACEBACK2.
(python2-unittest2): Use 'package-with-python2'.
* gnu/packages/patches/python2-unittest2-remove-argparse.patch: Rename to ...
* gnu/packages/patches/python2-unittest2-remove-argparse.patch: ... this.
* gnu/packages/patches/python-unittest2-python3-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/patches/mupdf-CVE-2017-15587.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (mupdf)[source](patches): Use it.
Fixes CVE-2017-{13078,13079,13080,13081,13082,13087,13088}.
See these announcements for more information:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txthttps://www.krackattacks.com/
* gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch,
gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch,
gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch
gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch,
gnu/packages/patches/wpa-supplicant-krack-followups.patch: New files.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use them.
* gnu/local.mk (dist_patch_DATA): Add them.
See <https://bugzilla.gnome.org/show_bug.cgi?id=776504> for the license change.
* gnu/packages/patches/glib-respect-datadir.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/glib.scm (glib): Update to 2.54.1.
[source](patches): Add 'glib-respect-datadir.patch'.
[arguments]<#:phases>: Re-enable timezone test.
[license]: Change to LGPL2.1+.
While at it, remove leftover patches since libxml2/fixed went missing
without conflict in c01ef97594.
* gnu/packages/patches/libxml2-CVE-2017-0663.patch,
gnu/packages/patches/libxml2-CVE-2017-7375.patch,
gnu/packages/patches/libxml2-CVE-2017-7376.patch,
gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch,
gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/xml.scm (libxml2): Update to 2.9.6.
* gnu/packages/python.scm (python2-unittest2): Update to 1.1.0.
* gnu/packages/patches/python2-unittest2-remove-argparse.patch: New file.
* gnu/local.mk: Add it.
Fixes bug #24069. perl is made a native input to all of the gcc-* packages
except for gcc-boot0; perl-boot0 is made a native input to gcc-final.
* gnu/packages/patches/gcc-fix-texi2pod.patch: Add patch file to fix texi2pod.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-4.7, gcc-4.8, gcc-4.9, gcc-5): Use it.
(gcc-4.7)[native-inputs]: Add perl.
(gcc-4.9)[native-inputs]: Likewise.
* gnu/packages/commencement.scm (gcc-boot0)[native-inputs]: Remove perl.
(gcc-final)[native-inputs]: Add perl-boot0.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
The GPG signature for the bz2 tarball is bad, but the checksum matches the
signed release announcement, and contents are identical to the good .gz.
* gnu/packages/xorg.scm (xorg-server): Update to 1.19.4.
[source]: Remove obsolete patches.
* gnu/packages/patches/xorg-server-CVE-2017-10971.patch,
gnu/packages/patches/xorg-server-CVE-2017-10972.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ocaml.scm (ocaml-graph): New variable.
* gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/fontutils.scm (fontforge): Update to 20170731.
[source]: Remove patch, remove snippet.
[arguments]: Enable tests. Remove phase to build showttf.
[inputs]: Use python-wrapper instead of python.
[home-page]: Update to new home page.
* gnu/packages/patches/fontforge-svg-modtime.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This is a follow-up to commit 164fccea7e.
* gnu/packages/patches/bluez-CVE-2017-1000250.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/tls.scm (python-acme)[source]: Use it.
* gnu/packages/markdown.scm (perl-text-markdown-discount): New variable.
* gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch:
New file.
* gnu/packages/patches/bluez-CVE-2017-1000250.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (bluez)[replacement]: New field.
(bluez/fixed): New variable.
* gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch:
New file.
* gnu/packages/emacs.scm (emacs)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
This is a followup to commit d02aabaf1b.
* gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch: New file.
* gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive-3.3.2): New variable.
* gnu/packages/patches/libarchive-CVE-2017-14166.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/file.scm (file)[replacement]: New field.
(file/fixed): New variable.
* gnu/packages/commencement.scm (file-boot0): Use package/inherit.
* gnu/packages/patches/file-CVE-2017-1000249.patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/metabat-remove-compilation-date.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/bioinformatics.scm (metabat): Update to 2.12.1.
[source]: Remove it. Use url-fetch.
* gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python2-larch)[source]: Use it.
[arguments]: Move 'check' phase to before 'build' phase.
* gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ruby.scm (ruby-2.2.7)[source]: Use it.
* gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ruby.scm (ruby-2.3.4)[source]: Use it.
* gnu/packages/patches/libzip-CVE-2017-12858.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (libzip)[source]: Use it.
* gnu/packages/patches/newsbeuter-CVE-2017-12904.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/syndication.scm (newsbeuter)[source]: Use it.
* gnu/packages/python.scm (python-pygit2): Update to 0.26.0.
* gnu/packages/patches/python-pygit2-disable-network-tests.patch: Skip one
more test. Use unittest.skipIf instead of deleting sections.
* gnu/packages/patches/bcftools-regidx-unsigned-char.patch: New file.
* gnu/packages/bioinformatics.scm (bcftools)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/linux.scm (e2fsprogs): Update to 1.43.5.
[source]: Use patch.
* gnu/packages/patches/cvs-2017-12836.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (cvs)[source]: Use it.
* gnu/packages/patches/curl-bounds-check.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/curl.scm (curl-7.55.0)[source]: Use it.
* gnu/packages/patches/catdoc-CVE-2017-11110.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/textutils.scm (catdoc)[source]: Use it.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
In addition to the patches we already had (which are not mentioned in the
ChangeLog, but verified by following their respective GitHub issues) this
release also fixes CVE-2016-9112, CVE-2016-5139, CVE-2016-5152, CVE-2016-5158,
CVE-2016-5159, CVE-2016-1626 and CVE-2016-1628.
See <https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md> for details.
* gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch,
gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/image.scm (openjpeg): Update to 2.2.0.
[source](patches): Remove.
* gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Add phase to patch
hard-coded openjpeg-2.1 path.