* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (evince)[source]: Use it.
* gnu/packages/patches/spice-CVE-2017-7506.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/spice.scm (spice)[source]: Use it.
* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.
* gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch.
* gnu/packages/patches/dblatex-remove-multirow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/docbook.scm (dblatex)[source]: Use patch.
[inputs]: Replace "texlive" with a texlive-union.
This is a followup to commit 95bbaa02aa.
See <https://bugs.gnu.org/27621> for more information.
Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not
possible to graft the newer version in place of the older one.
This change leaves CVE-2017-9775 unfixed for now.
* gnu/packages/patches/poppler-CVE-2017-9776.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler-0.56.0): Replace with ...
(poppler/fixed): ... new variable.
(poppler)[replacement]: Replaced with poppler/fixed.
* gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pyopenssl)[source]: Use it.
* gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.1.0.
[source]: Remove patch.
[native-inputs]: Add PYTHON-PRETEND.
[arguments]<#:phases>: Disable the network test here instead of via a patch.
Also disable one new test.
* gnu/packages/patches/python-pyopenssl-skip-network-test.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
See <http://lists.gnu.org/archive/html/bug-guix/2017-05/msg00015.html> for the
rationale.
* gnu/packages/patches/ansible-wrap-program-hack.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (ansible)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/networking.scm (quagga): New variable.
* gnu/packages/patches/quagga-reproducible-build.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This is followup to 665d6a5916.
Fixes <https://bugs.gnu.org/27489>.
* gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24, glibc-2.23)
(glibc-2.22): Add glibc-vectorized-strcspn-guards.patch to patches.
Move a comment where it belongs.
* gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch: Swap with ...
* gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: ... this.
* gnu/packages/patches/glibc-vectorized-strcspn-guards.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it. Fix formatting.
Based on a patch by Efraim Flashner <efraim@flashner.co.il>.
* gnu/local.mk (dist_patch_DATA): "gnu" -> "%D%" for
guile-ssh-channel-finalization.patch.
* gnu/packages/electronics.scm: New file.
(libserialport): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/packages/patches/exim-CVE-2017-1000369.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (exim)[source]: Use it.
Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.
* gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.
* gnu/packages/embedded.scm (propeller-gcc-4): New variable.
* gnu/packages/patches/gcc-4.6-gnu-inline.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/osip-CVE-2017-7853.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (osip)[source]: Use it.
Partly fixes <https://bugs.gnu.org/26976>.
* gnu/packages/patches/guile-ssh-channel-finalization.patch: New file.
* gnu/packages/ssh.scm (guile-ssh)[source](patches): Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
This update addresses the following security advisories:
GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
See <https://gnutls.org/security.html> and <https://gnutls.org/news.html>.
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register patches.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.13): New variable.
(gnutls/guile-2.2)[replacement]: New field. Set #f.
[source]: Inherit from GNUTLS-3.5.13.
* gnu/packages/perl.scm (perl)[replacement]: New field.
(perl/fixed): New variable.
* gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/graphics.scm (openscenegraph): New variable.
* gnu/packages/patches/openscenegraph-ffmpeg3.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
Marius Bakke