* gnu/packages/patches/python-cffi-x87-stack-clean.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/libffi.scm (python-cffi)[source](patches): Add it.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.3.0-gnu1.
[source]: Switch back to the normal source URI. Remove patches that
are no longer applicable.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/ceph-skip-unittest_blockdev.patch: Adjust for 13.2.2.
* gnu/packages/patches/ceph-rocksdb-compat.patch: Delete file.
* gnu/packages/patches/ceph-detect-rocksdb.patch,
gnu/packages/patches/ceph-volume-respect-PATH.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/storage.scm (ceph): Update to 13.2.2.
[source]: Don't remove src/dpdk, which has been moved to src/spdk/dpdk and
is purged elsewhere. Drop bundled rapidjson. Adjust patch list.
[arguments]: Add "-DWITH_MGR_DASHBOARD_FRONTEND=OFF" and "-DWITH_SPDK=OFF" to
#:configure-flags. Drop obsolete "-DWITH_EMBEDDED". Add workaround for
<https://bugs.gnu.org/30756>. Remove obsolete test substitution. Rework
'wrap-python-script' to be less verbose and wrap more scripts.
[native-inputs]: Add GCC-7.
[inputs]: Add OATH-TOOLKIT, RAPIDJSON and PYTHON2-SIX.
Debian and Archlinux (at least) force the installation of the
localedata/SUPPORTED file of the glibc. This file lists all the supported
locales of the glibc.
* gnu/packages/patches/glibc-supported-locales.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/base.scm (glibc/linux): Add the previous patch,
(glibc-2.28): ditto.
* gnu/packages/patches/libgit2-oom-test.patch: New file.
* gnu/packages/version-control.scm (libgit2)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
This patch is no longer needed since 7930cfc989
was merged to core-updates.
* gnu/packages/patches/qtbase-glibc-compat.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/qt.scm (qtbase)[source](patches): Drop it.
* gnu/packages/patches/rust-mdbook-support-reproducible-builds-by-forcing-window.search.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add new patch file.
* gnu/packages/rust.scm (rust-1.19): Use system libssh2 library.
during cargo build. Note: libgit2 still bundled, because cargo
tests assume specific libgit2 minor release.
(rust-1.23): Inherit native-inputs from previous package.
(rust-1.25): Switch back to llvm 3.9.1 as workaround for
https://github.com/rust-lang/rust/issues/50556 issue.
(rust-1.27): Apply changes from
https://github.com/rust-lang-nursery/mdBook/pull/692 to make
generation of "searchindex.js" files reproducible. Disable cargo
test that required llvm 6.
* gnu/packages/gnome.scm (soundconverter): New variable.
* gnu/packages/patches/soundconverter-remove-gconf-dependency.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/swig-guile-gc.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/swig.scm (swig)[source](patches): Use it.
This adjust the grafts from a55ebe2e3a and
90aeaee861 to apply to Python 2.7.15 and 3.7.0.
* gnu/packages/patches/python2-CVE-2018-1060.patch,
gnu/packages/patches/python2-CVE-2018-1061.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/python.scm (python-2/fixed): Remove patches that are already
present in 2.7.15.
(python-3/fixed): Remove obsolete phase.
This addresses CVE-2018-{1060,1061,14647,1000802}.
* gnu/packages/patches/python2-CVE-2018-1000802.patch,
gnu/packages/patches/python2-CVE-2018-1060.patch,
gnu/packages/patches/python2-CVE-2018-1061.patch,
gnu/packages/patches/python2-CVE-2018-14647.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-2/fixed): New variable.
(python-2.7)[replacement]: New field.
(python2-minimal): Use PACKAGE/INHERIT.
* gnu/packages/patches/python-CVE-2018-14647.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-3/fixed): New variable.
(python-3.6)[replacement]: New field.
(python-minimal, python-debug, wrap-python3): Use PACKAGE/INHERIT instead of
standard inheritance.
* gnu/packages/llvm.scm (clang-runtime@3.7, clang-runtime@3.8,
clang-runtime@3.9)[patches]: Add patch to work around removed ustat.h.
* gnu/packages/patches/clang-3.5-libsanitizer-ustat-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/video.scm (x265)[source]: Update list of patches.
[arguments]: Change configure flag to ensure PIC for all architectures.
* gnu/packages/patches/x265-arm-asm-primitives.patch: Remove file.
* gnu/packages/patches/x265-detect512-all-arches.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update patch registry.
* gnu/packages/lisp.scm (clisp): Update to 2.49.92.
[source]: Switch to git-fetch. Remove unneeded patch.
[arguments]: Remove '--enable-portability' flag, add CFLAGS for
armhf-linux. Update list of files needing substitutions in custom
'patch-sh-and-pwd phase.
[home-page]: Update to new home-page.
* gnu/packages/patches/clisp-glibc-2.26.patch: Remove file.
& gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/borg-respect-storage-quota.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/commencement.scm (mescc-tools-boot): Update to 0.5.2.
* gnu/packages/patches/mescc-tools-boot.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/games.scm (bastet): New public variable.
* gnu/packages/patches/bastet-change-source-of-unordered_set.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/postgresql-disable-resolve_symlinks.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/databases.scm (postgresql)[source]: Use it.
* gnu/packages/patches/quilt-test-fix-regex.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patchutils.scm (quilt)[version]: Upgrade to 0.65.
[source]: Use patch.
[arguments]: Adjust 'patch-tests' phase for new tests. Re-enable "mail"
test.
* gnu/packages/patches/icecat-use-system-media-libs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Add
another hunk to enable removal of libevent.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. In the snippet, add
libevent, libogg, libvorbis, and libtremor to the list of bundled libraries to
remove. Add a comment regarding theora. Remove comments regarding unbundling
cairo, which is no longer supported.
[inputs]: Add libevent, libogg, and libvorbis.
[arguments]: Add --with-system-{libevent,ogg,vorbis} to configure flags.
Add custom bootstrap phase. Add comments.
Includes fixes for CVE-2018-12383 and CVE-2018-12385.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to apply
cleanly to IceCat 60.
* gnu/packages/gnuzilla.scm (mozilla-patch): Update to fetch from
mozilla-esr60.
(icecat): Add selected changesets from upstream mozilla-esr60.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.2.0-gnu1.
[source]: Download pre-release from alpha.gnu.org. Remove obsolete patches.
Comment out the code to delete the bundled copies of libevent, cairo,
harfbuzz, and graphite2.
[inputs]: Use the latest ffmpeg. Comment out libevent, cairo, harfbuzz, and
graphite2.
[native-inputs]: Add rust and cargo.
[arguments]: Remove --enable-gio and --disable-gnomeui. Add --disable-stylo.
Comment out --with-system-{libevent,harfbuzz,graphite2}, --enable-system-cairo.
Import %cargo-build-system-modules. Add 'patch-cargo-checksums' phase.
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch,
gnu/packages/patches/icecat-bug-1413868-pt1.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/xf86-video-ast-remove-mibstore.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/xorg.scm (xf86-video-ast): New public variable.
* gnu/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rust.scm (rust-1.25): Use it.
(rust-1.26): Use it.
(rust): Use it.
This allows (gnu services admin) to remain deeper in the module graph
and to be used by (gnu services web).
* gnu/services/admin.scm (<tailon-configuration-file>)
(tailon-configuration-files-string)
(tailon-configuration-file-compiler, <tailon-configuration>)
(tailon-shepherd-service, %tailon-accounts)
(tailon-service-type): Move to...
* gnu/services/web.scm: ... here.
* gnu/tests/admin.scm: Remove. Move test to...
* gnu/tests/web.scm (%tailon-os)
(run-tailon-test, %test-tailon): ... here.
* gnu/packages/patches/gd-CVE-2018-1000222.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gd.scm (gd/fixed): New variable.
* gnu/packages/php.scm (gd-for-php)[source]: Use 'gd-CVE-2018-1000222.patch'.
* gnu/packages/patches/oath-toolkit-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/authentication.scm (oath-toolkit)[source](patches): New field.
The following CVEs are fixed with this release: CVE-2018-15908,
CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509,
CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539,
CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file.
* gnu/packages/patches/ghostscript-CVE-2018-16509.patch,
gnu/packages/patches/ghostscript-bug-699708.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24.
[source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and
'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and
'ghostscript-bug-699708.patch'.
[arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output
directory.
Fixes <https://bugs.gnu.org/31726>.
Thanks to Jack Hill <jackhill@jackhill.us> for exploring different solutions
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31726>.
* gnu/packages/patches/haskell-mode-unused-variables.patch,
gnu/packages/patches/haskell-mode-make-check.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/emacs.scm (haskell-mode)[source]: Use them.
[arguments]: Adjust 'pre-build' phase to embed file name.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/qtbase-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qtbase)[source](patches): Use it.
[arguments]: Remove "--no-feature-renameat2" from #:configure-flags.
* gnu/packages/patches/texinfo-5-perl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/texinfo.scm (texinfo-5)[source](patches): New field.
* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (dropbear)[source]: Use it.
* gnu/packages/patches/grub-binutils-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): Add it.
* gnu/packages/patches/grub-check-error-efibootmgr.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): New field.
This fixes <https://bugs.freedesktop.org/show_bug.cgi?id=104325> which showed
up in Guix as an infinite loop during cairocffi tests.
* gnu/packages/patches/cairo-setjmp-wrapper.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gtk.scm (cairo)[source](patches): Add it.
* gnu/packages/patches/parted-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/disk.scm (parted)[source](patches): New field.
* gnu/packages/patches/findutils-gnulib-libio.patch,
gnu/packages/patches/findutils-makedev.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm (findutils)[source](patches): Use them.
* gnu/packages/patches/m4-gnulib-libio.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/m4.scm (m4)[source](patches): New field.
* gnu/packages/patches/gcc-libsanitizer-ustat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-5)[source](patches): Add it.
* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
Fixes <https://bugs.gnu.org/32397>.
Reported by fis trivial <ybbs.daans@hotmail.com>.
* gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.8)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnupg.scm (libgcrypt)[source]: Use it.
Signed-off-by: Leo Famulari <leo@famulari.name>
It seems a recent version of sqlite broke Clementine's first startup. It turns
out we can patch clementine to fix the problem instead of providing a different
sqlite package:
<https://github.com/clementine-player/Clementine/pull/5669>
* gnu/packages/databases.scm (sqlite-with-fts3): Remove.
* gnu/packages/music.scm (clementine)[inputs]: Replace sqlite-with-fts3 with
sqlite.
[source]: Add clementine-fix-sqlite.patch.
* gnu/packages/patches/clementine-fix-sqlite.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
Also includes a fix for CVE-2018-0732, and a different approach to
fixing CVE-2018-0495.
* gnu/packages/tls.scm (openssl-next): Update to 1.1.0i.
[sources]: Remove CVE patches.
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch: Delete...
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch: ...both files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
* gnu/packages/patches/lxc-CVE-2018-6556.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (lxc)[source]: Use it.
* gnu/packages/patches/mariadb-client-test-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/databases.scm (mariadb)[source](patches): Add it.
[arguments]: Increase retry count and test timeout. Disable test
main.myisampack.
* gnu/packages/patches/libreoffice-glm.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/libreoffice.scm (libreoffice)[source](patches): Add it.
* gnu/packages/patches/gdb-python-3.7.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gdb.scm (gdb)[source](patches): New field.
* gnu/packages/patches/x265-arm-asm-primitives.patch: New file.
* gnu/packages/video.scm (x265)[sources](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
Fixes <https://bugs.freedesktop.org/show_bug.cgi?id=106715>.
* gnu/packages/patches/xorg-server-rotate-fb.patch: New file.
* gnu/packages/xorg.scm (xorg-server)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (python-sip)[arguments]: Don't use '--sip-module'
flag in custom 'configure phase.
(python-pyqt)[sources]: Add patch.
* gnu/packages/patches/pyqt-public-sip.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/openbabel-fix-crash-on-nwchem-output.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chemistry.scm (openbabel)[source]: Use it.
* gnu/packages/patches/texinfo-perl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/texinfo.scm (texinfo)[source](patches): New field.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/twinkle-include-qregexpvalidator-explicity.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (twinkle)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/monero-use-system-miniupnpc.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/finance.scm (monero): Update to 0.12.3.0.
[source]: Add patch. Remove snippet because miniupnpc, rapidjson
and unbound are no longer bundled in-tree.
[inputs]: Add zeromq, cppzmq, libsodium. Use monero-miniupnpc.
[arguments]: Change build-type to "release".
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/xapian-revert-5489fb2f8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/search.scm (xapian)[source](patches): Use it.
* gnu/packages/patches/syncthing-fix-crash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/syncthing.scm (syncthing)[source]: Use it.
* gnu/services/monitoring.scm (prometheus-node-exporter-service-type):
New variable.
(<prometheus-node-exporter-configuration>): New record type.
(prometheus-node-exporter-shepherd-service): New procedure.
* gnu/doc/guix.texi (Monitoring Services): Document it.
* gnu/tests/monitoring.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add test module.
* gnu/packages/patches/xf86-video-savage-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-savage)[source](patches): Use it.
* gnu/packages/patches/xf86-video-sis-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-sis)[source](patches): Use it.
* gnu/packages/compression.scm (zstd): Update to 1.3.5.
[source]: Add two patches to make the test suite pass.
* gnu/packages/patches/zstd-fix-stdin-list-without-tty.patch,
gnu/packages/patches/zstd-fix-stdin-list-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add both.
* gnu/packages/java.scm (icedtea-6)[arguments]: Modify phases to extract
hostspot, as after the patching it becomes an archive.
[native-inputs]: add patch to hotspot-src.
* gnu/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the
remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out
of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/gcc-8-strmov-store-file-names.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-8): New public variable.
This is a follow-up to commit 18ab54d4a2
and fixes a regression introduced by Nyx 2.0.4 + Python 3.
* gnu/packages/tor.scm (nyx)[source]: Add patch.
* gnu/packages/patches/nyx-show-header-stats-with-python3.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch: New
file.
* gnu/packages/ocaml.scm (ocaml)[origin]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/openblas-fix-tests-i686.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/maths.scm (openblas)[native-inputs]: Add it.
[arguments]: Add phase to apply it on i686 systems only.
* gnu/packages/games.scm (mrrescue)[arguments]: Extract & patch the game
data, and point ‘love’ to this modified copy. Minor cosmetic tweaks.
[native-inputs]: Add unzip, patch, and the love-11.patch which is...
* gnu/packages/patches/mrrescue-support-love-11.patch: ...a new file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/qemu-CVE-2018-11806.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (qemu)[source]: Use it.
* gnu/packages/patches/upx-protect-against-bad-crafted-input.patch: New file.
* gnu/packages/compression.scm (upx)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/perl.scm (perl-5.26.2)[source](patches): Use it.
* gnu/packages/patches/binutils-aarch64-symbol-relocation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm (binutils/fixed): New public variable.
* gnu/packages/linux.scm (make-linux-libre)[native-inputs]: On aarch64, define
new ld-wrapper with the above binutils and use it.
* gnu/packages/patches/bind-CVE-2018-5738.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/dns.scm (isc-bind)[source]: Use it.
Previously, due to issues in the erlang package, many tests would fail, and
the package would also nondeterministically fail to build. This is now
fixed (by patching occurrences of /bin/sh in the erlang package), so all the
tests can be run.
* gnu/packages/elixir.scm (elixir)[source]: Remove patches.
[arguments]: Remove the fix-or-disable-tests phase. Add a new set-home phase
to set the HOME environment variable prior to running the tests.
* gnu/packages/patches/elixir-disable-failing-tests.patch: Delete this file.
* gnu/local.mk: Remove now deleted patch.
* gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnupg.scm (gnupg-1)[source]: Use it.
Reported by Mark H Weaver <mhw@netris.org>
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31708#10>.
* gnu/packages/patches/doxygen-gcc-ice.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/documentation.scm (doxygen)[inputs]: Add "gcc-ice-patch"
on armhf-* only.
[arguments]: Add 'apply-gcc-patch' phase on armhf-* only.
* gnu/packages/patches/opensmtpd-fix-crash.patch: New patch.
* gnu/packages/mail.scm (opensmtpd)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
Works around <https://bugs.gnu.org/31708>.
* gnu/packages/patches/perf-gcc-ice.patch: New patch.
* gnu/packages/linux.scm (perf)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
The update to Qt 5.11.0 broke libmygpo-qt. It turned it was using a deprecated
CMake function (qt5_use_moduldes). Let's pick up two upstream patches that
fix the issue: https://github.com/gpodder/libmygpo-qt/pull/15
As mentioned in the the pull request, there is now a test failure but it looks
harmless.
* gnu/packages/patches/libmygpo-qt-fix-qt-5.11.patch,
gnu/packages/patches/libmygpo-qt-missing-qt5-modules.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/music.scm (libmygpo-qt)[source]: Add patches.
[arguments]: Build tests but do not run them.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* gnu/packages/patches/alsa-lib-add-environment-variable.patch: New
file.
* gnu/packages/linux.scm (alsa-lib)[source]: Use it.
[native-search-paths]: Add ALSA_PLUGIN_DIR.
* gnu/local.mk (dist_patch_DATA): Add it.
Document the fact that we include fixes for CVE-2018-5154, CVE-2018-5155,
CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
and 9/10 changesets for CVE-2018-5150.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
* gnu/packages/patches/icecat-bug-1452075.patch: Rename to...
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch: ...this.
* gnu/local.mk (dist_patch_DATA): Rename it.
* gnu/packages/patches/libutils-add-includes.patch: New file.
* gnu/packages/patches/libutils-remove-damaging-includes.patch: New file.
* gnu/packages/android.scm (android-platform-system-core): Use them.
(android-libutils): New variable.
* gnu/local.mk: Add them.
* gnu/packages/android.scm (android-libziparchive): New variable.
* gnu/packages/patches/libziparchive-add-includes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/wesnoth-fix-std-bad-cast.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/games.scm (wesnoth): Update to 1.14.0.
[source]: Add wesnoth-fix-std-bad-cast.patch to patches.
[arguments]: Remove "-DENABLE_STRICT_COMPILATION=OFF" configure flag.
[inputs]: Remove sdl-image, sdl-mixer, sdl-net and sdl-ttf. Add openssl and
sdl-union of sdl2, sdl2-image, sdl2-mixer and sdl2-ttf.
[home-page]: Use HTTPS URI.
(wesnoth-server)[inputs]: Remove sdl-net. Add icu4c, openssl and sdl2.
[arguments]: Remove delete-data phase. Since wesnoth 1.14.0, configure flag
"-DENABLE_GAME=OFF" disables installation of game assets.
* gnu/packages/patches/strace-kernel-4.16.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/linux.scm (strace)][source](patches): New field.
* gnu/packages/cups.scm (cups-minimal): Update to 2.2.7.
[source]: Add patch to build without LINUX-PAM.
* gnu/packages/patches/cups-fix-builds-without-PAM.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gimp.scm (gegl): Update to 0.4.
[inputs]: Move babl and glib to propagated-inputs.
[propagated-inputs]: Add json-glib.
[arguments]: Re-enable the tests and remove the obsolete 'pre-build'
phase.
[source]: Use HTTPS URL.
* gnu/packages/patches/gegl-CVE-2012-4433.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/networking.scm (amule): New public variable.
* gnu/packages/patches/amule_crypto-6.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes
from the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1452075.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/package/java.scm (java-apache-ivy): New variable.
* gnu/packages/patches/java-apache-ivy-port-to-latest-bouncycastle.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/qemu-CVE-2018-7550.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (qemu)[source]: Use it.
* gnu/packages/music.scm (libmygpo-qt): Update to 1.1.0.
[source]: Remove 'patches'.
[arguments]: Do not set BUILD_WITH_QT4=OFF, it is the default.
* gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch: Remove.
* gnu/local.mk (dist_patch_DATA): Adjust.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/packages/patches/sharutils-CVE-2018-1000097.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/compression.scm (sharutils)[source](patches): Use it.
* gnu/packages/patches/mupen64plus-video-z64-glew-correct-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emulators.scm (mupen64plus-video-z64)[source]: Use it.
* gnu/packages/patches/datamash-arm-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/datamash.scm (datamash)[source]: Use it.
* gnu/packages/patches/boost-fix-icu-build.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/boost.scm (boost)[source]: Add the patch.
[arguments]: In the custom configure phase, pass --with-icu=[...]
to ./bootstrap.sh
* gnu/packages/patches/glibc-reinstate-prlimit64-fallback.patch: New file.
* gnu/packages/base.scm (glibc/linux)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bioinformatics.scm (delly): New variable.
* gnu/packages/patches/delly-use-system-libraries.patch: New file.
* gnu/local.mk: Include delly-use-system-libraries.patch.
Signed-off-by: Leo Famulari <leo@famulari.name>
* gnu/packages/patches/elogind-glibc-2.27.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/freedesktop.scm (elogind)[source]: Add patch.
[arguments]: Replace the bootstrap phase with what was previously the
autogen phase.
* gnu/packages/patches/make-glibc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm (gnu-make)[source](patches): Use it.
* gnu/packages/patches/guile-gdbm-ffi-support-gdbm-1.14.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-gdbm-ffi)[inputs]: Move above arguments. Add
the patch, and the 'patch' program.
[propagated-inputs]: Move above arguments.
[arguments]: In the builder, add code to apply the patch.
* gnu/packages/patches/util-linux-CVE-2018-7738.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (util-linux)[replacement]: New field.
(util-linux/fixed): New variable.
* gnu/packages/patches/shadow-CVE-2018-7169.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shadow)[source]: Use it.
* gnu/packages/patches/java-jeromq-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/java.scm (java-jeromq)[source](patches): Add it.
[arguments](#test-exclude): Disable more failing tests.
Rename the function and move the declaration from gif_lib.h to
gif_lib_private.h to solve conflicts when some .c-file #includes
both stdlib.h and gif_lib.h.
See also https://sourceforge.net/p/giflib/bugs/110/
* gnu/packages/patches/giflib-make-reallocarray-private.patch: New
file
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/image.scm(giflib)[source](patches): New field.
* gnu/packages/patches/gnome-todo-libical-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (gnome-todo)[source](patches): Use it.
* gnu/packages/php.scm (php)[inputs]: Use gd-for-php.
(gd-for-php): New private variable.
* gnu/packages/patches/gd-CVE-2018-5711.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/glibc-allow-kernel-2.6.32.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field.
(glibc-2.26-patched): New variable.
* gnu/packages/patches/wavpack-CVE-2018-6767.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/audio.scm (wavpack)[source](patches): Add it.
* gnu/packages/patches/json-glib-fix-tests-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (json-glib)[source](patches): New field.
* gnu/packages/patches/password-store-gnupg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/password-utils.scm (password-store)[source]: Use it.
This release claims to fix 2 vulnerabilities:
- ‘an integer overflow vulnerability in the TIFF decoder’
(CVE-2017-1000229, previously patched in Guix), and
- ‘a buffer overflow vulnerability in the GIF decoder’.
* gnu/packages/image.scm (optipng): Update to 0.7.7.
[source]: Remove patch.
[arguments]: Substitute INVOKE for SYSTEM* and end phase with #t.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/htop-fix-process-tree.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (htop)[source]: Use it.
* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (freetype)[replacement]: New field.
(freetype/fixed): New variable.
Transfer the applicable NixOS patches as of 2018-01-19:
- Not adopted: We don't change the .cmake.in and .prf, but use config
mechanisms provided by th Qt build system.
- src/corelib/tools/qtimezoneprivate_tz.cpp: Adopted patch: Use $TZDIR to
search for time-zone data. Thus avoid depending on package "tzdata", which
often introduces changes with near-immediate effects, so it's important to
be able to update it fast.
- src/corelib/kernel/qcoreapplication.cpp: Not adopted: NixOS adds plugin
paths derived from PATH. We do not need this, since we already have
native-search-path QT_PLUGIN_PATH.
- src/network/kernel/qdnslookup_unix.cpp,
src/network/kernel/qhostinfo_unix.cpp: Transferred: Use hard-coded path to
libresolv.
- src/network/ssl/qsslcontext_openssl.cpp: Not adopted: NixOS changes a
conditional compilation for Qt 5.9 (but leaves it unchanged for Qt 5.10) to
fix compilation with libressl. But Qt does not support libressl anway, see
config.tests/openssl/openssl.cpp in qtbase 5.9.4.
- src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp:
Transferred: Use hard-coded path to libx11.
- src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp:
Transferred: Use hard-coded path to mess's libGL, no need for a fall-back.
- src/plugins/platforms/xcb/qxcbcursor.cpp: Transferred: Use hard-coded path
to Xcursor.
- src/plugins/platformthemes/gtk3/main.cpp: Not adopted: NixOS changes
$XDG_DATA_DIRS and $GIO_EXTRA_MODULES in the code. We already have a
search-path-specification for this.
- src/testlib/qtestassert.h: Decided not to adopt this for guix.
* gnu/packages/patches/qtbase-use-TZDIR.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qtbase): Add comment. [source]: Use new patch.
[arguments]<#:phases>'patch-paths': New phase.
This was causing segfaults in the MH test suite when building with
glibc 2.26 on x86_64.
* gnu/packages/patches/mailutils-uninitialized-memory.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mailutils)[source](patches, snippet): New
fields.
[native-inputs]: New field.
* gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.9)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/python-waitress-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-waitress): Update to 1.1.0.
[source](patches): New field.
This fixes the security issues described at
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-
rubygems/
* gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch: New file.
* gnu/packages/ruby.scm (ruby-2.4.3)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
* gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/haskell.scm (ghc-8): Use it.
Add a patch by Ludovic Courtès <ludo@gnu.org> from the upstream
shepherd repository to partially fix <https://bugs.gnu.org/30299>.
* gnu/packages/patches/shepherd-herd-status-sorted.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Add patch.
* gnu/packages/patches/libtasn1-CVE-2018-6003.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
* gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (emacs-browse-at-remote)[source](patches): Use it.
Clementine has a button in the preference menu that allows downloading a
binary blob to add support for Spofify. Let's remove this button. It turns
out this is the only part of the code base that uses crypto++, let's remove
this dependency too.
* gnu/packages/music.scm (clementine)[arguments]: Remove crypto++ support. Set
HAVE_SPOTIFY_DOWNLOADER to FALSE.
[inputs]: Remove crypto++ input.
* gnu/packages/patches/clementine-remove-crypto++-dependency.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
* gnu/packages/patches/icecat-use-system-harfbuzz.patch,
gnu/packages/patches/icecat-use-system-graphite2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. Delete
"gfx/harfbuzz" and "gfx/graphite2" in the snippet.
[inputs]: Add harfbuzz and graphite2.
[arguments]: Add "--with-system-harfbuzz" and "--with-system-graphite2" to
configure-flags.
* gnu/packages/mpi.scm (hwloc-2.0): New variable.
* gnu/packages/patches/hwloc-tests-without-sysfs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/p7zip-CVE-2017-17969.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (p7zip)[source]: Use it.
python-axolotl has been failing since March,
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
This also fixes the OMEMO and OTR plugins for Gajim work.
* gnu/packages/patches/python-axolotl-AES-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python-crypto.scm (python-axolotl): Upgrade to 0.1.39.
[source]: Use the patch.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/version-control.scm (reposurgeon): Update to 3.43.
[source]: Add a patch needed to build the package.
[arguments]: Add ‘patch-inputs’ phase.
[native-inputs]: Replace docbook-xml-4.1.2 with the latest docbook-xml.
[inputs]: Add tzdata.
* gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dovecot-CVE-2017-15132.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (dovecot)[source]: Use it.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
* gnu/packages/patches/rtags-separate-rct.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/code.scm (rtags): Dependencies no longer bundled.
[source]: Use tarball release. Use the patch to link rct.
Substitute corresponding headers.
[native-inputs]: Add new dependencies.
[inputs]: Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/rct-add-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cpp.scm (rct): Use the patch, enable RTTI.
[source]: Use the patch to add missing headers from installation.
[arguments]: Enable RTTI in configure-flags.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to commit e074a655dd.
* gnu/local.mk (dist_patch_DATA): Remove ninja-zero-mtime.patch and
node-test-http2-server-rst-stream.patch, which no longer exist.
* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/opencascade-oce-glibc-2.26.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (opencascade-oce)[source]: Use it.
* gnu/packages/patches/libgnomeui-utf8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgnomeui)[source]: Use it.
* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libgnome-encoding.patch: New file.
* gnu/packages/gnome.scm (libgnome)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
* gnu/packages/patches/nfs-utils-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nfs.scm (nfs-utils)[source]: Use it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/potrace-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/fontutils.scm (potrace)[source]: Use it.
* gnu/packages/gcc.scm (gcc@6)[source]: Add snippet to adjust
linux-unwind.h to changes in glibc@2.26. Add patch.
* gnu/packages/patches/gcc-libsanitizer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/ao-cad-aarch64-support.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/engineering.scm (ao-cad)[source]: Use it. Update snapshot to
fb288c9. Use VCS helpers for version and file-name.
[arguments]: Add 'remove-native-compilation' phase.
This patch is modified from the original patch targeting gcc@5.
* gnu/packages/patches/gcc-asan-missing-include.patch: New file.
* gnu/packages/gcc.scm (gcc@4.8)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
Fixes <https://bugs.gnu.org/29782>.
Reported by Gábor Boskovits.
* gnu/packages/patches/docbook-xsl-nonrecursive-string-subst.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/docbook.scm (docbook-xsl)[source](patches): Use it.
[native-inputs]: Add XZ.
[arguments]: Adjust PATH accordingly.
* gnu/packages/patches/python-pillow-fix-failing-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pillow)[source]: Use it.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.