In addition to the patches we already had (which are not mentioned in the
ChangeLog, but verified by following their respective GitHub issues) this
release also fixes CVE-2016-9112, CVE-2016-5139, CVE-2016-5152, CVE-2016-5158,
CVE-2016-5159, CVE-2016-1626 and CVE-2016-1628.
See <https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md> for details.
* gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch,
gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/image.scm (openjpeg): Update to 2.2.0.
[source](patches): Remove.
* gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Add phase to patch
hard-coded openjpeg-2.1 path.
* gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
* gnu/packages/patches/erlang-man-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/erlang.scm (erlang)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This release includes minor code changes and many certificate updates:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes>
* gnu/packages/certs.scm (nss-certs): Update to 3.32.
* gnu/packages/gnuzilla.scm (nss): Update to 3.32.
[arguments]: Prevent another test file from being installed.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust.
* gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
* gnu/packages/patches/guile-bytestructures-name-clash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-bytestructures)[source]: Use it.
[arguments]: Unpack the source.
[native-inputs]: New field.
(guile2.0-bytestructures): New variable.
* gnu/packages/bioinformatics.scm (bcftools): Update to 1.4.1.
[arguments]: Move Makefile modifications from here ...
[source]: ... to added patch. Adjust patch for update to 1.4.
* gnu/packages/patches/bcftools-fix-makefile.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/quassel-fix-tls-check.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/irc.scm (quassel)[source]: Use it.
Signed-off-by: Leo Famulari <leo@famulari.name>
This is a followup to c799eb2eb8.
* gnu/packages/patches/python-fake-factory-fix-build-32bit.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/libusb.scm (libusb-0.1): New variable.
* gnu/packages/patches/libusb-0.1-disable-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/packages/patches/qemu-CVE-2017-11334.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (qemu)[source]: Use it.
* gnu/packages/patches/chicken-CVE-2017-11343.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/scheme.scm (chicken)[source]: Use it.
* gnu/packages/patches/sooperlooper-build-with-wx-30.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/music.scm (sooperlooper): New variable.
* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (evince)[source]: Use it.
* gnu/packages/patches/spice-CVE-2017-7506.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/spice.scm (spice)[source]: Use it.
* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.
* gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch.
* gnu/packages/patches/dblatex-remove-multirow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/docbook.scm (dblatex)[source]: Use patch.
[inputs]: Replace "texlive" with a texlive-union.
This is a followup to commit 95bbaa02aa.
See <https://bugs.gnu.org/27621> for more information.
Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not
possible to graft the newer version in place of the older one.
This change leaves CVE-2017-9775 unfixed for now.
* gnu/packages/patches/poppler-CVE-2017-9776.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler-0.56.0): Replace with ...
(poppler/fixed): ... new variable.
(poppler)[replacement]: Replaced with poppler/fixed.
* gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pyopenssl)[source]: Use it.
* gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.1.0.
[source]: Remove patch.
[native-inputs]: Add PYTHON-PRETEND.
[arguments]<#:phases>: Disable the network test here instead of via a patch.
Also disable one new test.
* gnu/packages/patches/python-pyopenssl-skip-network-test.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Fixes <https://bugs.gnu.org/27551>.
Reported by Leo Famulari <leo@famulari.name>.
This reinstates the following commits:
e3ddb1e83 * gnu: guile-cairo: Switch to Guile 2.2.
ae5c6ef39 * gnu: guile-gnome: Update to 2.16.5.
0fd8013fc * gnu: guile-rsvg: Update to commit 05c6a2fd.
66b9183c4 * gnu: guile-lib: Switch to Guile 2.2.
and adds the following changes:
* gnu/bootloader/grub.scm (svg->png): Add 'package->derivation' call for
GUILE-2.2. Pass #:guile-for-build to 'gexp->derivation'.
* gnu/build/svg.scm (svg->png): Add 'em' and 'ex' to the 'let-values'
form to account for all the values returned by
'rsvg-handle-get-dimensions', which Guile 2.2 does not truncate.