* gnu/packages/patches/json-glib-fix-tests-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (json-glib)[source](patches): New field.
* gnu/packages/patches/password-store-gnupg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/password-utils.scm (password-store)[source]: Use it.
This release claims to fix 2 vulnerabilities:
- ‘an integer overflow vulnerability in the TIFF decoder’
(CVE-2017-1000229, previously patched in Guix), and
- ‘a buffer overflow vulnerability in the GIF decoder’.
* gnu/packages/image.scm (optipng): Update to 0.7.7.
[source]: Remove patch.
[arguments]: Substitute INVOKE for SYSTEM* and end phase with #t.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/htop-fix-process-tree.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (htop)[source]: Use it.
* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (freetype)[replacement]: New field.
(freetype/fixed): New variable.
Transfer the applicable NixOS patches as of 2018-01-19:
- Not adopted: We don't change the .cmake.in and .prf, but use config
mechanisms provided by th Qt build system.
- src/corelib/tools/qtimezoneprivate_tz.cpp: Adopted patch: Use $TZDIR to
search for time-zone data. Thus avoid depending on package "tzdata", which
often introduces changes with near-immediate effects, so it's important to
be able to update it fast.
- src/corelib/kernel/qcoreapplication.cpp: Not adopted: NixOS adds plugin
paths derived from PATH. We do not need this, since we already have
native-search-path QT_PLUGIN_PATH.
- src/network/kernel/qdnslookup_unix.cpp,
src/network/kernel/qhostinfo_unix.cpp: Transferred: Use hard-coded path to
libresolv.
- src/network/ssl/qsslcontext_openssl.cpp: Not adopted: NixOS changes a
conditional compilation for Qt 5.9 (but leaves it unchanged for Qt 5.10) to
fix compilation with libressl. But Qt does not support libressl anway, see
config.tests/openssl/openssl.cpp in qtbase 5.9.4.
- src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp:
Transferred: Use hard-coded path to libx11.
- src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp:
Transferred: Use hard-coded path to mess's libGL, no need for a fall-back.
- src/plugins/platforms/xcb/qxcbcursor.cpp: Transferred: Use hard-coded path
to Xcursor.
- src/plugins/platformthemes/gtk3/main.cpp: Not adopted: NixOS changes
$XDG_DATA_DIRS and $GIO_EXTRA_MODULES in the code. We already have a
search-path-specification for this.
- src/testlib/qtestassert.h: Decided not to adopt this for guix.
* gnu/packages/patches/qtbase-use-TZDIR.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qtbase): Add comment. [source]: Use new patch.
[arguments]<#:phases>'patch-paths': New phase.
This was causing segfaults in the MH test suite when building with
glibc 2.26 on x86_64.
* gnu/packages/patches/mailutils-uninitialized-memory.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mailutils)[source](patches, snippet): New
fields.
[native-inputs]: New field.
* gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.9)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/python-waitress-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-waitress): Update to 1.1.0.
[source](patches): New field.
This fixes the security issues described at
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-
rubygems/
* gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch: New file.
* gnu/packages/ruby.scm (ruby-2.4.3)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
Add a patch by Ludovic Courtès <ludo@gnu.org> from the upstream
shepherd repository to partially fix <https://bugs.gnu.org/30299>.
* gnu/packages/patches/shepherd-herd-status-sorted.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Add patch.
* gnu/packages/patches/libtasn1-CVE-2018-6003.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
* gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (emacs-browse-at-remote)[source](patches): Use it.
Clementine has a button in the preference menu that allows downloading a
binary blob to add support for Spofify. Let's remove this button. It turns
out this is the only part of the code base that uses crypto++, let's remove
this dependency too.
* gnu/packages/music.scm (clementine)[arguments]: Remove crypto++ support. Set
HAVE_SPOTIFY_DOWNLOADER to FALSE.
[inputs]: Remove crypto++ input.
* gnu/packages/patches/clementine-remove-crypto++-dependency.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
* gnu/packages/patches/icecat-use-system-harfbuzz.patch,
gnu/packages/patches/icecat-use-system-graphite2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. Delete
"gfx/harfbuzz" and "gfx/graphite2" in the snippet.
[inputs]: Add harfbuzz and graphite2.
[arguments]: Add "--with-system-harfbuzz" and "--with-system-graphite2" to
configure-flags.
* gnu/packages/mpi.scm (hwloc-2.0): New variable.
* gnu/packages/patches/hwloc-tests-without-sysfs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/p7zip-CVE-2017-17969.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (p7zip)[source]: Use it.
python-axolotl has been failing since March,
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
This also fixes the OMEMO and OTR plugins for Gajim work.
* gnu/packages/patches/python-axolotl-AES-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python-crypto.scm (python-axolotl): Upgrade to 0.1.39.
[source]: Use the patch.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/version-control.scm (reposurgeon): Update to 3.43.
[source]: Add a patch needed to build the package.
[arguments]: Add ‘patch-inputs’ phase.
[native-inputs]: Replace docbook-xml-4.1.2 with the latest docbook-xml.
[inputs]: Add tzdata.
* gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dovecot-CVE-2017-15132.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (dovecot)[source]: Use it.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
* gnu/packages/patches/rtags-separate-rct.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/code.scm (rtags): Dependencies no longer bundled.
[source]: Use tarball release. Use the patch to link rct.
Substitute corresponding headers.
[native-inputs]: Add new dependencies.
[inputs]: Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/rct-add-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cpp.scm (rct): Use the patch, enable RTTI.
[source]: Use the patch to add missing headers from installation.
[arguments]: Enable RTTI in configure-flags.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to commit e074a655dd.
* gnu/local.mk (dist_patch_DATA): Remove ninja-zero-mtime.patch and
node-test-http2-server-rst-stream.patch, which no longer exist.
* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/opencascade-oce-glibc-2.26.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (opencascade-oce)[source]: Use it.
* gnu/packages/patches/libgnomeui-utf8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgnomeui)[source]: Use it.
* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libgnome-encoding.patch: New file.
* gnu/packages/gnome.scm (libgnome)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
* gnu/packages/patches/nfs-utils-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nfs.scm (nfs-utils)[source]: Use it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/potrace-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/fontutils.scm (potrace)[source]: Use it.
* gnu/packages/gcc.scm (gcc@6)[source]: Add snippet to adjust
linux-unwind.h to changes in glibc@2.26. Add patch.
* gnu/packages/patches/gcc-libsanitizer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/ao-cad-aarch64-support.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/engineering.scm (ao-cad)[source]: Use it. Update snapshot to
fb288c9. Use VCS helpers for version and file-name.
[arguments]: Add 'remove-native-compilation' phase.
This patch is modified from the original patch targeting gcc@5.
* gnu/packages/patches/gcc-asan-missing-include.patch: New file.
* gnu/packages/gcc.scm (gcc@4.8)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
Fixes <https://bugs.gnu.org/29782>.
Reported by Gábor Boskovits.
* gnu/packages/patches/docbook-xsl-nonrecursive-string-subst.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/docbook.scm (docbook-xsl)[source](patches): Use it.
[native-inputs]: Add XZ.
[arguments]: Adjust PATH accordingly.
* gnu/packages/patches/python-pillow-fix-failing-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pillow)[source]: Use it.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
Previously cross-compilation would fail:
CC xvasprintf.o
xstrtol-error.c:50:16: warning: 'struct rpl_option' declared inside parameter list
int exit_status)
^
xstrtol-error.c: In function 'xstrtol_error':
xstrtol-error.c:84:5: error: invalid use of undefined type 'struct rpl_option'
* gnu/packages/patches/diffutils-getopt.patch: New file.
* gnu/packages/base.scm (diffutils)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
See <https://github.com/borgbackup/borg/issues/3444> for more information.
* gnu/packages/patches/borg-fix-archive-corruption-bug.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/video.scm (libvdpau-va-gl): New variable.
* gnu/packages/patches/libvdpau-va-gl-unbundle.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/eigen-arm-neon-fixes.patch: New patch.
* gnu/packages/algebra.scm (eigen): Update to 3.3.4.
[source]: Use patch. Disable svd-preallocation test for BDCSVD.
[arguments]: Set "EIGEN_SEED" environment variable in check phase.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/bootloader/extlinux.scm (install-extlinux): Factorize bootloader
writing in a new procedure write-file-on-device defined in (gnu build
bootloader).
* gnu/build/bootloader.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add new file.
* gnu/system/vm.scm (qemu-img): Adapt to import and use (gnu build bootloader)
module during derivation building.
* gnu/scripts/system.scm (bootloader-installer-derivation): Ditto.
* gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch:
New file.
* gnu/packages/machine-learning.scm (python-scikit-learn)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Gperf is now a hard dependency.
* gnu/packages/patches/fontconfig-remove-debug-printf.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (fontconfig): Update to 2.12.6.
[source]: Add 'fontconfig-remove-debug-printf.patch'.
[arguments]: Remove 'regenerate-fcobjshash' phase.
* gnu/packages/patches/jemalloc-arm-address-bits.patch: New patch.
* gnu/packages/jemalloc.scm (jemalloc)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/picprog-non-intel-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/embedded.scm (picprog)[source]: Add patch.
[arguments]: Skip building the 'testport' binary.
* gnu/packages/patches/valgrind-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/valgrind.scm (valgrind)[source](patches): Use it.
This is a follow-up to commit 9a187b39b7.
* gnu/packages/spice.scm (spice): Update to 0.14.0.
[source]: Remove obsolete patches. Use HTTPS URL.
[inputs]: Add orc.
[home-page]: Update to use https.
* gnu/packages/patches/spice-CVE-2016-9577.patch,
gnu/packages/patches/spice-CVE-2016-9578-1.patch,
gnu/packages/patches/spice-CVE-2016-9578-2.patch,
gnu/packages/patches/spice-CVE-2017-7506.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/bazaar-CVE-2017-14176.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (bazaar)[source]: Use it.
* gnu/packages/patches/shepherd-close-fds.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Use it.
* gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/file-systems.scm (glusterfs)[source]: Use it.
* gnu/packages/bootloaders.scm (dtc)[patches]: Add dtc-32-bits-check.patch and
dtc-format-modifier.patch to fix build and tests on 32 bits platforms.
* gnu/packages/patches/dtc-32-bits-check.patch : New file.
* gnu/packages/patches/dtc-format-modifier.patch : New file.
* gnu/local.mk (dist_patch_DATA): Add two above patches.
* gnu/packages/mail.scm (exim): Update to 4.89.1.
[source]: Remove patches for fixed CVEs (all of them).
* gnu/packages/patches/exim-CVE-2017-16943.patch: Delete file...
* gnu/packages/patches/exim-CVE-2017-16944.patch: ...as well as this file...
* gnu/packages/patches/exim-CVE-2017-1000369.patch: ...and this file.
* gnu/local.mk (dist_patch_DATA): Remove all of them.
* gnu/packages/image.scm (optipng)[source](patches): New field.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/guile-emacs-fix-configure.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (guile-emacs): Use it. Add workaround for src/deps
dir creation. Fixes#29186.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Arch Linux.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/lxde.scm (pcmanfm)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/procmail-CVE-2017-16844.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (procmail)[source]: Use it.
* gnu/packages/patches/audacity-build-with-system-portaudio.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/audio.scm (audacity): Update to 2.2.0.
[source]: Add patch to build with system portaudio; add snippet to remove most
bundled libraries.
[inputs]: Replace "gtk+-2" with "gtk+", replace "wxwidgets-gtk2" with
"wxwidgets"; remove "libsbsms"; add "suil" and "portmidi".
[arguments]: Adjust configure flags to avoid using bundled libraries; remove
phase "autoreconf"; add phases "fix-sbsms-check" and "use-upstream-headers".
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.