Commit Graph

1364 Commits

Author SHA1 Message Date
Marius Bakke 5887d554ec
gnu: evince: Fix CVE-2017-1000083.
* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (evince)[source]: Use it.
2017-07-13 21:11:15 +02:00
Leo Famulari d89ce52096
gnu: spice: Fix CVE-2017-7506.
* gnu/packages/patches/spice-CVE-2017-7506.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/spice.scm (spice)[source]: Use it.
2017-07-12 16:27:40 -04:00
Kei Kebreau 082725b502
gnu: hop: Update to 3.1.0-pre2.
* gnu/packages/scheme.scm (hop): Update to 3.1.0-pre2.
[source]: Remove unnecessary patch.
[arguments]: Enable tests; disable parallel building; specify BIGLOO in
make-flags.
[inputs]: Add libgc, libunistring, libuv, pcre and sqlite.
* gnu/local.mk (dist_patch_DATA): Remove unnecessary patch.
* gnu/packages/patches/hop-linker-flags.patch: Delete file.
2017-07-10 19:35:44 -04:00
Kei Kebreau 5e3ea571c5
gnu: bigloo: Update to 4.3a.
* gnu/packages/scheme.scm (bigloo): Update to 4.3a.
[source]: Remove old patch. Add snippet.
[arguments]: Adjust the build phases accordingly.
[inputs]: Add libgc, libunistring, libuv, openssl, pcre and sqlite.
2017-07-10 19:35:44 -04:00
Leo Famulari 61adfb00b1
gnu: libtiff: Fix two integer overflows.
* gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch,
gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch:
New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff-4.0.8)[source]: Use them.
2017-07-10 13:31:58 -04:00
Leo Famulari 625e7cd654
gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.
* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.
2017-07-10 13:31:58 -04:00
Mark H Weaver ef019092b9
gnu: poppler: Fix null pointer dereferences.
* gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch.
2017-07-10 12:59:07 -04:00
Ricardo Wurmus b81dd94a79
gnu: dblatex: Use texlive-union.
* gnu/packages/patches/dblatex-remove-multirow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/docbook.scm (dblatex)[source]: Use patch.
[inputs]: Replace "texlive" with a texlive-union.
2017-07-09 17:07:39 +02:00
Leo Famulari b3cc304b30
gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776.
This is a followup to commit 95bbaa02aa.
See <https://bugs.gnu.org/27621> for more information.

Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not
possible to graft the newer version in place of the older one.

This change leaves CVE-2017-9775 unfixed for now.

* gnu/packages/patches/poppler-CVE-2017-9776.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler-0.56.0): Replace with ...
(poppler/fixed): ... new variable.
(poppler)[replacement]: Replaced with poppler/fixed.
2017-07-09 02:25:27 -04:00
Ben Woodcroft 4732e6ee84
gnu: blast+: Update to 2.6.0.
* gnu/packages/bioinformatics.scm (blast+): Update to 2.6.0.
[origin]: Remove bundled pcre.  Add patch.
[arguments]: Replace paths in run_with_lock.c.  Configure with pcre.
[inputs]: Add pcre, perl, python.
* gnu/packages/patches/blast+-fix-makefile.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
2017-07-08 12:05:59 +10:00
Marius Bakke d28f90bed9
gnu: python-pyopenssl: Fix test failure on 32-bit platforms.
* gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pyopenssl)[source]: Use it.
2017-07-07 18:43:16 +02:00
Alex Vong dab536fe1a
gnu: libtiff: Fix CVE-2017-{9936,10688}.
* gnu/packages/patches/libtiff-CVE-2017-9936.patch,
gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff-4.0.8)[source]: Use them.

Signed-off-by: Leo Famulari <leo@famulari.name>
2017-07-07 00:06:37 -04:00
Kei Kebreau ab104672e1
gnu: xorg-server: Fix CVE-2017-{10971,10972}.
* gnu/packages/patches/xorg-server-CVE-2017-10971.patch,
gnu/packages/patches/xorg-server-CVE-2017-10972.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xorg.scm (xorg-server)[source]: Use them.

Signed-off-by: Leo Famulari <leo@famulari.name>
2017-07-06 23:52:22 -04:00
Efraim Flashner ce7e361fa3
gnu: gemma: Fix building on non-Intel architectures.
* gnu/packages/patches/gemma-intel-compat.patch: New file.
* gnu/packages/bioinformatics.scm (gemma)[source]: Add patch.
[arguments]: Add NO_INTEL_COMPAT flag on non-Intel architectures.
* gnu/local.mk (dist_patch_DATA): Register patch.
2017-07-04 22:55:44 +03:00
Arun Isaac 0545e43a91
gnu: gajim: Update to 0.16.8.
* gnu/packages/messaging.scm (gajim): Update to 0.16.8.
[source]: Remove patch.
* gnu/packages/patches/gajim-CVE-2016-10376.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-07-04 23:07:15 +05:30
Marius Bakke 96bbc41f8b
gnu: python-pyopenssl: Update to 17.1.0.
* gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.1.0.
[source]: Remove patch.
[native-inputs]: Add PYTHON-PRETEND.
[arguments]<#:phases>: Disable the network test here instead of via a patch.
Also disable one new test.
* gnu/packages/patches/python-pyopenssl-skip-network-test.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-07-04 02:52:26 +02:00
Kei Kebreau 910f1709a8
gnu: gcr: Correct patch.
* gnu/packages/patches/gcr-disable-failing-tests.patch: Correct
erroneously committed file.

This is a follow-up to commit 85c774808f.
2017-07-03 18:42:50 -04:00
Kei Kebreau 85c774808f
gnu: gcr: Enable working tests.
* gnu/packages/patches/gcr-disable-failing-tests.patch,
gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch:
New files.
* gnu/local.mk (dist_patch_DATA): Add patches.
* gnu/packages/gnome.scm (gcr)[source]: Use patches.
[arguments]: Enable tests.
2017-07-03 09:52:59 -04:00
Ludovic Courtès 1b0f266e40
gnu: Switch guile-cairo and dependents to Guile 2.2 again.
Fixes <https://bugs.gnu.org/27551>.
Reported by Leo Famulari <leo@famulari.name>.

This reinstates the following commits:

  e3ddb1e83 * gnu: guile-cairo: Switch to Guile 2.2.
  ae5c6ef39 * gnu: guile-gnome: Update to 2.16.5.
  0fd8013fc * gnu: guile-rsvg: Update to commit 05c6a2fd.
  66b9183c4 * gnu: guile-lib: Switch to Guile 2.2.

and adds the following changes:

* gnu/bootloader/grub.scm (svg->png): Add 'package->derivation' call for
GUILE-2.2.  Pass #:guile-for-build to 'gexp->derivation'.
* gnu/build/svg.scm (svg->png): Add 'em' and 'ex' to the 'let-values'
form to account for all the values returned by
'rsvg-handle-get-dimensions', which Guile 2.2 does not truncate.
2017-07-02 22:52:30 +02:00
Leo Famulari 6b820ef15d
Revert "gnu: guile-rsvg: Update to commit 05c6a2fd."
This reverts commit 0fd8013fca.
2017-07-01 16:08:47 -04:00
Ludovic Courtès 0fd8013fca
gnu: guile-rsvg: Update to commit 05c6a2fd.
* gnu/packages/gtk.scm (guile-rsvg): Update to commit 05c6a2fd.
[source](url): Change to gitlab.com.
(snippet): Use @GUILE_EFFECTIVE_VERSION@ instead of "2.0".
* gnu/packages/patches/guile-rsvg-pkgconfig.patch: Use
"$GUILE_EFFECTIVE_VERSION" instead of "2.0".
2017-06-30 23:20:34 +02:00
Jelle Licht b786661309
gnu: ansible: Apply experimental patch to deal with wrapping of ansible script.
See <http://lists.gnu.org/archive/html/bug-guix/2017-05/msg00015.html> for the
rationale.

* gnu/packages/patches/ansible-wrap-program-hack.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (ansible)[source]: Use it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2017-06-29 15:21:18 +02:00
Eric Bavier 57dfc9f86c
gnu: screen: Update to 4.6.0.
* gnu/packages/screen.scm (screen): Update to 4.6.0.
[source]: Remove patch.
* gnu/packages/patches/screen-fix-info-syntax-error.patch: Delete patch.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-28 22:59:41 -05:00
Gábor Boskovits c2700e785b
gnu: Add quagga.
* gnu/packages/networking.scm (quagga): New variable.
* gnu/packages/patches/quagga-reproducible-build.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
2017-06-26 20:37:44 +02:00
Mark H Weaver ffc015bea2
gnu: glibc: Fix replacement on i686.
This is followup to 665d6a5916.
Fixes <https://bugs.gnu.org/27489>.

* gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24, glibc-2.23)
(glibc-2.22): Add glibc-vectorized-strcspn-guards.patch to patches.
Move a comment where it belongs.
* gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch: Swap with ...
* gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: ... this.
* gnu/packages/patches/glibc-vectorized-strcspn-guards.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.  Fix formatting.
2017-06-25 21:56:22 -04:00
Leo Famulari d17e085a59
gnu: Remove libwmf.
This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:

https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html

* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
2017-06-24 23:10:28 -04:00
Efraim Flashner 665d6a5916
gnu: glibc: Add mitigations for CVE-2017-1000366.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field.
(glibc-2.25-patched): New variable.
(glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)[source]: Add patches.
[replacement]: New field.
(glibc-locales)[replacement]: New field.
* gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.

Modified-By: Mark H Weaver <mhw@netris.org>
2017-06-24 02:42:37 -04:00
Leo Famulari c57b56722f
gnu: qemu: Fix CVE-2017-9524.
* gnu/packages/patches/qemu-CVE-2017-9524.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qemu.scm (qemu)[source]: Use it.
2017-06-23 16:54:36 -04:00
Roel Janssen f70f3407ca
gnu: Update calibre to 3.0.0.
* gnu/local.mk: Remove patch.
* gnu/packages/ebook.scm (calibre): Update to 3.0.0.
* gnu/packages/patches/calibre-dont-load-remote-icons.patch: Remove file.
2017-06-22 00:07:58 +02:00
Leo Famulari 4dd8d28085
gnu: exim: Fix CVE-2017-1000369.
* gnu/packages/patches/exim-CVE-2017-1000369.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (exim)[source]: Use it.
2017-06-19 20:20:54 -04:00
Marius Bakke 200762a44c
gnu: miniupnpc: Update to 2.0.20170509.
* gnu/packages/upnp.scm (miniupnpc): Update to 2.0.20170509.
[source]: Remove obsolete patch.
* gnu/packages/patches/miniupnpc-CVE-2017-8798.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-18 18:22:06 +02:00
Kei Kebreau f54efbdc46
gnu: gspell: Update to 1.4.1.
* gnu/packages/gnome.scm (gspell): Update to 1.4.1.
* gnu/packages/patches/gspell-dash-test.patch: Adjust accordingly.
2017-06-15 21:58:37 -04:00
Leo Famulari 8d138ea087
gnu: libtiff: Fix several bugs related to improper codec usage [security fixes].
Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.

* gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.
2017-06-15 11:28:21 -04:00
Leo Famulari 0c5a8007fe
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}.
* gnu/packages/patches/zziplib-CVE-2017-5974.patch,
gnu/packages/patches/zziplib-CVE-2017-5975.patch,
gnu/packages/patches/zziplib-CVE-2017-5976.patch,
gnu/packages/patches/zziplib-CVE-2017-5978.patch,
gnu/packages/patches/zziplib-CVE-2017-5979.patch,
gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (zziplib)[source]: Use them.
2017-06-15 11:12:02 -04:00
Ricardo Wurmus db90eb8c2b
gnu: Add propeller-gcc-4.
* gnu/packages/embedded.scm (propeller-gcc-4): New variable.
* gnu/packages/patches/gcc-4.6-gnu-inline.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
2017-06-15 17:06:47 +02:00
Leo Famulari 75072795bd
gnu: osip: Fix CVE-2017-7853.
* gnu/packages/patches/osip-CVE-2017-7853.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (osip)[source]: Use it.
2017-06-14 13:16:21 -04:00
Ludovic Courtès 8e469b67f9
gnu: guile-ssh: Close RREPL channel ports before they are finalized.
Partly fixes <https://bugs.gnu.org/26976>.

* gnu/packages/patches/guile-ssh-channel-finalization.patch: New file.
* gnu/packages/ssh.scm (guile-ssh)[source](patches): Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
2017-06-13 23:22:19 +02:00
Marius Bakke a10040e09b
gnu: nss, nss-certs: Update to 3.31.
Release notes:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes>

* gnu/packages/certs.scm (nss-certs): Update to 3.31.
* gnu/packages/gnuzilla.scm (nss): Likewise.
[source]<patches>: Remove upstream 'nss-disable-long-b64-tests' patch.
[arguments]<#:phases>: Move armhf timeout substitution ...
* gnu/packages/patches/nss-increase-test-timeout.patch: ... here.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-12 21:31:12 +02:00
nee 1243aaac73
gnu: crawl: Fix savegame upgrades.
* gnu/packages/patches/crawl-upgrade-saves.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/games.scm (crawl)[source]: Apply patch.

Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
2017-06-12 15:02:23 +05:30
Leo Famulari 34a0984e57
gnu: libmwaw: Fix CVE-2017-9433.
* gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
2017-06-12 01:20:34 -04:00
Marius Bakke 75cc8fe9ea
gnu: libextractor: Update to 1.4.
* gnu/packages/gnunet.scm (libextractor): Update to 1.4.
[source]: Remove obsolete patch and snippet.
* gnu/packages/patches/libextractor-ffmpeg-3.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-11 15:42:51 +02:00
Marius Bakke 88e2511e21
gnu: gnutls: Replace with 3.5.13.
This update addresses the following security advisories:

GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.

See <https://gnutls.org/security.html> and <https://gnutls.org/news.html>.

* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register patches.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.13): New variable.
(gnutls/guile-2.2)[replacement]: New field. Set #f.
[source]: Inherit from GNUTLS-3.5.13.
2017-06-11 01:08:58 +02:00
Marius Bakke 099c9fdae6
gnu: raptor2: Fix heap overflow bug.
* gnu/packages/patches/raptor2-heap-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/rdf.scm (raptor2): Use it.
2017-06-09 01:16:55 +02:00
Ludovic Courtès dfcd02c0f6
gnu: artanis: Update to 0.2.1.
* gnu/packages/guile.scm (artanis): Update to 0.2.1.
[inputs]: Switch to GUILE-2.2.
[arguments]: Adjust #:make-flags for Guile 2.2.  Take .go files from
lib/guile/2.2.  Add 'wrap-art' phase.
* gnu/packages/patches/artanis-fix-Makefile.in.patch: Remove.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-08 23:54:56 +02:00
Leo Famulari 15df12beae
gnu: perl: Fix CVE-2017-6512 in File::Path.
* gnu/packages/perl.scm (perl)[replacement]: New field.
(perl/fixed): New variable.
* gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
2017-06-06 20:59:12 -04:00
Marius Bakke 00c5e3e5fc
gnu: xf86-input-wacom: Update to 0.34.2.
* gnu/packages/xdisorg.scm (xf86-input-wacom): Update to 0.34.2.
[source]: Remove obsolete patch.
* gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2017-06-05 14:58:01 +02:00
Marius Bakke f484a50d50
Merge branch 'staging' 2017-06-05 00:36:11 +02:00
Ludovic Courtès fb976ada5b
gnu: libssh: Update to 0.7.5.
* gnu/packages/ssh.scm (libssh): Update to 0.7.5.
[source](patches): New field.
2017-06-04 23:00:32 +02:00
Manolis Ragkousis 6bf11392f9
gnu: Add openscenegraph.
* gnu/packages/graphics.scm (openscenegraph): New variable.
* gnu/packages/patches/openscenegraph-ffmpeg3.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
2017-06-04 21:57:08 +03:00
Leo Famulari 8b5cb8d054
gnu: qemu: Fix CVE-2017-{8112,8309,8379,8380}.
* gnu/packages/patches/qemu-CVE-2017-8112.patch,
gnu/packages/patches/qemu-CVE-2017-8309.patch,
gnu/packages/patches/qemu-CVE-2017-8379.patch,
gnu/packages/patches/qemu-CVE-2017-8380.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/qemu.scm (qemu)[source]: Use them.
2017-06-03 20:50:10 -04:00