* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ao-cad-aarch64-support.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/engineering.scm (ao-cad)[source]: Use it. Update snapshot to
fb288c9. Use VCS helpers for version and file-name.
[arguments]: Add 'remove-native-compilation' phase.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
* gnu/packages/patches/python-pillow-fix-failing-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pillow)[source]: Use it.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
See <https://github.com/borgbackup/borg/issues/3444> for more information.
* gnu/packages/patches/borg-fix-archive-corruption-bug.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/video.scm (libvdpau-va-gl): New variable.
* gnu/packages/patches/libvdpau-va-gl-unbundle.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/eigen-arm-neon-fixes.patch: New patch.
* gnu/packages/algebra.scm (eigen): Update to 3.3.4.
[source]: Use patch. Disable svd-preallocation test for BDCSVD.
[arguments]: Set "EIGEN_SEED" environment variable in check phase.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/bootloader/extlinux.scm (install-extlinux): Factorize bootloader
writing in a new procedure write-file-on-device defined in (gnu build
bootloader).
* gnu/build/bootloader.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add new file.
* gnu/system/vm.scm (qemu-img): Adapt to import and use (gnu build bootloader)
module during derivation building.
* gnu/scripts/system.scm (bootloader-installer-derivation): Ditto.
* gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch:
New file.
* gnu/packages/machine-learning.scm (python-scikit-learn)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/jemalloc-arm-address-bits.patch: New patch.
* gnu/packages/jemalloc.scm (jemalloc)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/picprog-non-intel-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/embedded.scm (picprog)[source]: Add patch.
[arguments]: Skip building the 'testport' binary.
Leo Famulari