Includes fixes for CVE-2018-12383 and CVE-2018-12385.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to apply
cleanly to IceCat 60.
* gnu/packages/gnuzilla.scm (mozilla-patch): Update to fetch from
mozilla-esr60.
(icecat): Add selected changesets from upstream mozilla-esr60.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.2.0-gnu1.
[source]: Download pre-release from alpha.gnu.org. Remove obsolete patches.
Comment out the code to delete the bundled copies of libevent, cairo,
harfbuzz, and graphite2.
[inputs]: Use the latest ffmpeg. Comment out libevent, cairo, harfbuzz, and
graphite2.
[native-inputs]: Add rust and cargo.
[arguments]: Remove --enable-gio and --disable-gnomeui. Add --disable-stylo.
Comment out --with-system-{libevent,harfbuzz,graphite2}, --enable-system-cairo.
Import %cargo-build-system-modules. Add 'patch-cargo-checksums' phase.
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch,
gnu/packages/patches/icecat-bug-1413868-pt1.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/xf86-video-ast-remove-mibstore.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/xorg.scm (xf86-video-ast): New public variable.
* gnu/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rust.scm (rust-1.25): Use it.
(rust-1.26): Use it.
(rust): Use it.
This allows (gnu services admin) to remain deeper in the module graph
and to be used by (gnu services web).
* gnu/services/admin.scm (<tailon-configuration-file>)
(tailon-configuration-files-string)
(tailon-configuration-file-compiler, <tailon-configuration>)
(tailon-shepherd-service, %tailon-accounts)
(tailon-service-type): Move to...
* gnu/services/web.scm: ... here.
* gnu/tests/admin.scm: Remove. Move test to...
* gnu/tests/web.scm (%tailon-os)
(run-tailon-test, %test-tailon): ... here.
* gnu/packages/patches/gd-CVE-2018-1000222.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gd.scm (gd/fixed): New variable.
* gnu/packages/php.scm (gd-for-php)[source]: Use 'gd-CVE-2018-1000222.patch'.
* gnu/packages/patches/oath-toolkit-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/authentication.scm (oath-toolkit)[source](patches): New field.
The following CVEs are fixed with this release: CVE-2018-15908,
CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509,
CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539,
CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file.
* gnu/packages/patches/ghostscript-CVE-2018-16509.patch,
gnu/packages/patches/ghostscript-bug-699708.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24.
[source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and
'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and
'ghostscript-bug-699708.patch'.
[arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output
directory.
Fixes <https://bugs.gnu.org/31726>.
Thanks to Jack Hill <jackhill@jackhill.us> for exploring different solutions
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31726>.
* gnu/packages/patches/haskell-mode-unused-variables.patch,
gnu/packages/patches/haskell-mode-make-check.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/emacs.scm (haskell-mode)[source]: Use them.
[arguments]: Adjust 'pre-build' phase to embed file name.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/qtbase-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qtbase)[source](patches): Use it.
[arguments]: Remove "--no-feature-renameat2" from #:configure-flags.
* gnu/packages/patches/texinfo-5-perl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/texinfo.scm (texinfo-5)[source](patches): New field.
* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (dropbear)[source]: Use it.
* gnu/packages/patches/grub-binutils-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): Add it.
* gnu/packages/patches/grub-check-error-efibootmgr.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): New field.
This fixes <https://bugs.freedesktop.org/show_bug.cgi?id=104325> which showed
up in Guix as an infinite loop during cairocffi tests.
* gnu/packages/patches/cairo-setjmp-wrapper.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gtk.scm (cairo)[source](patches): Add it.
* gnu/packages/patches/parted-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/disk.scm (parted)[source](patches): New field.
* gnu/packages/patches/findutils-gnulib-libio.patch,
gnu/packages/patches/findutils-makedev.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm (findutils)[source](patches): Use them.
* gnu/packages/patches/m4-gnulib-libio.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/m4.scm (m4)[source](patches): New field.
* gnu/packages/patches/gcc-libsanitizer-ustat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-5)[source](patches): Add it.
* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
Fixes <https://bugs.gnu.org/32397>.
Reported by fis trivial <ybbs.daans@hotmail.com>.
* gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.8)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnupg.scm (libgcrypt)[source]: Use it.
Signed-off-by: Leo Famulari <leo@famulari.name>
It seems a recent version of sqlite broke Clementine's first startup. It turns
out we can patch clementine to fix the problem instead of providing a different
sqlite package:
<https://github.com/clementine-player/Clementine/pull/5669>
* gnu/packages/databases.scm (sqlite-with-fts3): Remove.
* gnu/packages/music.scm (clementine)[inputs]: Replace sqlite-with-fts3 with
sqlite.
[source]: Add clementine-fix-sqlite.patch.
* gnu/packages/patches/clementine-fix-sqlite.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
Also includes a fix for CVE-2018-0732, and a different approach to
fixing CVE-2018-0495.
* gnu/packages/tls.scm (openssl-next): Update to 1.1.0i.
[sources]: Remove CVE patches.
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch: Delete...
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch: ...both files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
* gnu/packages/patches/lxc-CVE-2018-6556.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (lxc)[source]: Use it.
* gnu/packages/patches/mariadb-client-test-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/databases.scm (mariadb)[source](patches): Add it.
[arguments]: Increase retry count and test timeout. Disable test
main.myisampack.
* gnu/packages/patches/libreoffice-glm.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/libreoffice.scm (libreoffice)[source](patches): Add it.
* gnu/packages/patches/gdb-python-3.7.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gdb.scm (gdb)[source](patches): New field.
* gnu/packages/patches/x265-arm-asm-primitives.patch: New file.
* gnu/packages/video.scm (x265)[sources](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
Fixes <https://bugs.freedesktop.org/show_bug.cgi?id=106715>.
* gnu/packages/patches/xorg-server-rotate-fb.patch: New file.
* gnu/packages/xorg.scm (xorg-server)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (python-sip)[arguments]: Don't use '--sip-module'
flag in custom 'configure phase.
(python-pyqt)[sources]: Add patch.
* gnu/packages/patches/pyqt-public-sip.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/openbabel-fix-crash-on-nwchem-output.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chemistry.scm (openbabel)[source]: Use it.
* gnu/packages/patches/texinfo-perl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/texinfo.scm (texinfo)[source](patches): New field.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/twinkle-include-qregexpvalidator-explicity.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (twinkle)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/monero-use-system-miniupnpc.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/finance.scm (monero): Update to 0.12.3.0.
[source]: Add patch. Remove snippet because miniupnpc, rapidjson
and unbound are no longer bundled in-tree.
[inputs]: Add zeromq, cppzmq, libsodium. Use monero-miniupnpc.
[arguments]: Change build-type to "release".
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/xapian-revert-5489fb2f8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/search.scm (xapian)[source](patches): Use it.
* gnu/packages/patches/syncthing-fix-crash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/syncthing.scm (syncthing)[source]: Use it.
* gnu/services/monitoring.scm (prometheus-node-exporter-service-type):
New variable.
(<prometheus-node-exporter-configuration>): New record type.
(prometheus-node-exporter-shepherd-service): New procedure.
* gnu/doc/guix.texi (Monitoring Services): Document it.
* gnu/tests/monitoring.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add test module.
* gnu/packages/patches/xf86-video-savage-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-savage)[source](patches): Use it.
* gnu/packages/patches/xf86-video-sis-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-sis)[source](patches): Use it.
* gnu/packages/compression.scm (zstd): Update to 1.3.5.
[source]: Add two patches to make the test suite pass.
* gnu/packages/patches/zstd-fix-stdin-list-without-tty.patch,
gnu/packages/patches/zstd-fix-stdin-list-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add both.
* gnu/packages/java.scm (icedtea-6)[arguments]: Modify phases to extract
hostspot, as after the patching it becomes an archive.
[native-inputs]: add patch to hotspot-src.
* gnu/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the
remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out
of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/gcc-8-strmov-store-file-names.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-8): New public variable.
This is a follow-up to commit 18ab54d4a2
and fixes a regression introduced by Nyx 2.0.4 + Python 3.
* gnu/packages/tor.scm (nyx)[source]: Add patch.
* gnu/packages/patches/nyx-show-header-stats-with-python3.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch: New
file.
* gnu/packages/ocaml.scm (ocaml)[origin]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/openblas-fix-tests-i686.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/maths.scm (openblas)[native-inputs]: Add it.
[arguments]: Add phase to apply it on i686 systems only.
Mark H Weaver