WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213). I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603). I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. Move the 'patches'
field above the snippet.
* gnu/packages/patches/pidgin-add-search-path.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/messaging.scm (pidgin): New variable.
* gnu/packages/qt.scm (qt): Update to 5.5.0. Update download location.
Drop patch and snippet.
[arguments]: Add configure flag to drop qtwebengine module bundling
chromium.
[native-inputs]: Drop ninja, needed only for qtwebengine.
[inputs]: Add harfbuzz to avoid use of bundled copy.
(qt-4)[inputs]: Remove inherited harfbuzz again.
* gnu/packages/patches/qt5-conflicting-typedefs.patch: Delete file.
* gnu-system.am (dist_patch_DATA): Unregister patch.
* gnu/packages/patches/qt5-runpath.patch: Adapt patch.
* gnu/packages/video.scm (avidemux)[source]: Add patch to install to lib
directory instead of lib64 or lib32 depending on the architecture.
[arguments]: Use the lib instead of the lib64 directory for flags in the
build phase, so that these flags should now also work on i686.
* gnu/packages/patches/avidemux-install-to-lib.patch: New file.
* gnu-system.am (dist_patch_DATA): Register it.
* gnu/packages/mp3.scm (ripperx): Update to 2.8.0. Drop one patch and
add another one.
* gnu/packages/patches/ripperx-libm.patch: Remove file.
* gnu/packages/patches/ripperx-missing-file.patch: New file.
* gnu-system.am (dist_patch_DATA): Register one patch and unregister the
other.
* gnu/packages/fontutils.scm (teckit): Update to 2.5.4. Drop patch.
Use svn-fetch for download.
[arguments]: Add phase to call autogen.
[native-inputs]: New field.
* gnu/packages/patches/teckit-cstdio.patch: Delete file.
* gnu-system.am (dist_patch_DATA): Unregister patch.
* gnu/packages/julia.scm (julia): Update to 0.3.10.
* gnu/packages/patches/julia-0.3.10-fix-empty-array.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
This is a followup to 47f315a.
* gnu/packages/patches/ninja-zero-mtime.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/ninja.scm (ninja)[source]: Reinstate 'patches' field and add
this patch.
[arguments]: Remove 'apply-ninja-tests.patch' phase.
This file should have been added as part of commit cc205da.
* gnu/packages/patches/crda-optional-gcrypt.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/patches/boost-mips-avoid-m32.patch: New file.
* gnu-system.am (dist_patch_DATA): Register patch.
* gnu/packages/boost.scm (boost): Use it.
* gnu/build/linux-container.scm: New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add it.
* .dir-locals.el: Add Scheme indent rules for 'call-with-container', and
'container-excursion'.
* tests/containers.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
* gnu/packages/patches/mutt-store-references.patch: New file.
* gnu/packages/mail.scm (mutt)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (dealii, dealii-openmpi): New variables.
* gnu/packages/patches/dealii-p4est-interface.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (scotch): Update to 6.0.4.
[arguments]: Add -fPIC to CFLAGS.
* gnu/packages/patches/scotch-test-threading.patch: Adjust patch for a
new set of test fixes.
* gnu/packages/patches/pt-scotch-build-parallelism.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/patches/clang-libc-search-path.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/llvm.scm (clang-from-llvm)[source]: Use it.
[inputs]: Add "gcc-lib".
[arguments]. Add -DGCC_INSTALL_PREFIX and -DC_INCLUDE_DIRS to
#:configure-flags. Add #:phases argument.
Fixes <http://bugs.gnu.org/20597>.
Reported by Andrew Patterson <ajpatter@uwaterloo.ca>.
* gnu/packages/patches/tar-skip-unreliable-tests.patch: New file.
* gnu/packages/base.scm (tar)[source](patches): Add it.
* gnu-system.am (dist_patch_DATA): Add it.
Suggested by Alírio Eyng <alirioeyng@gmail.com>.
* gnu/packages/patches/gettext-msgunfmt.patch: New file.
* gnu/packages/gettext.scm (gnu-gettext)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/patches/findutils-localstatedir.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/base.scm (findutils)[source]: Use it.
[arguments]: Pass --localstatedir=/var.
* gnu/packages/webkit.scm (webkitgtk-2.4): Update to 2.8.9, build with gtk3.
Move flex and which to 'native-inputs'. Remove #:configure-flags.
(webkitgtk/gtk+-2): New variable.
* gnu/packages/gnucash.scm (gnucash): Use webkitgtk/gtk+-2.
* gnu/packages/patches/webkitgtk-2.4.8-gmutexlocker.patch: Remove file.
* gnu-system.am (dist_patch_DATA): Remove it.
Co-authored-by: Feng Shu <tumashu@163.com>
* gnu/packages/patches/guix-test-networking.patch: Delete it.
* gnu/packages/patches/libtool-skip-tests.patch: Delete it.
* gnu/packages/patches/python-sqlite-3.8.4-test-fix.patch: Delete it.
* gnu/packages/patches/udev-gir-libtool.patch: Delete it.
* gnu-system.am (dist_patch_DATA): Remove them as well.
* gnu/packages/patches/wicd-template-instantiation.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/wicd.scm (wicd)[source]: Use it.
* gnu/packages/webkit.scm (webkitgtk-2.4): New variable.
* gnu/packages/patches/webkitgtk-2.4.8-gmutexlocker.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/services/colord.scm, gnu/services/dbus.scm,
gnu/services/upower.scm: Remove.
* gnu/services/desktop.scm: New file, with contents taken from the above
files.
* gnu-system.am (GNU_SYSTEM_MODULES): Adjust accordingly.
* doc/guix.texi (Desktop Services): New section.
(Various Services): Move colord-service and upower-service from
here to "Desktop Services".
* gnu/packages/patches/fltk-shared-lib-defines.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/fltk.scm (source)[patches]: New field.
* gnu/packages/patches/gcc-5.0-libvtv-runpath.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gcc.scm (gcc-5.1)[source]: Use it.
See <https://bugreports.qt.io/browse/QTBUG-45205>.
* gnu/packages/patches/qt5-conflicting-typedefs.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qt): Add the patch.
* gnu/packages/gcc.scm (gcc-4.9): Inherit from GCC-4.8.
[source]: Add 'gcc-libvtv-runpath.patch'.
(gcc-5.1): Inherit from GCC-4.9.
[source]: Use patches from GCC-4.9.
* gnu/packages/patches/gcc-libvtv-runpath.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (gitolite): New variable.
* gnu/packages/patches/gitolite-openssh-6.8-compat.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/patches/perl-net-amazon-s3-moose-warning.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/web.scm (perl-net-amazon-s3): New variable.
Suggested by Mark H Weaver.
* gnu/packages/ld-wrapper2.in: New file.
* gnu-system.am (MISC_DISTRO_FILES): Add it.
* gnu/packages/commencement.scm (fixed-ld-wrapper): New procedure.
Fixes the build failure at <http://hydra.gnu.org/build/379884/log/raw>:
g++ -licui18n -Wl,-O1 [...] -o ../../../../bin/assistant [...]
ld: warning: libQtCLucene.so.4, needed by /tmp/nix-build-qt-4.8.6.drv-0/qt-everywhere-opensource-src-4.8.6/lib/libQtHelp.so, not found (try using -rpath or -rpath-link)
/tmp/nix-build-qt-4.8.6.drv-0/qt-everywhere-opensource-src-4.8.6/lib/libQtHelp.so: undefined reference to `QCLucenePhraseQuery::getTerms() const'
[...]
* gnu/packages/patches/qt4-ldflags.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (qt-4)[source]: Use it.
[arguments]: Remove 'setenv' call in 'configure' phase.
This reduces the number of references of the output from 54 to 31,
removing references notably to gcc, expat, glib:bin, ld-wrapper-0,
texinfo, pkg-config, make, gawk, binutils, etc.
Reported by David Thompson.
* gnu/packages/patches/emacs-exec-path.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (emacs)[source]: Use it.
* gnu/packages/patches/gnutls-fix-duplicate-manpages.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gnutls.scm (gnutls)[source]: Update to 3.4.0. Add patch.
[arguments]: Pass --without-p11-kit to 'configure'.
[propagated-inputs]: Use 'nettle' instead of 'nettle-2'. Add 'libidn'.
* gnu/packages/patches/elfutils-tests-ptrace.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/elf.scm (elfutils)[source]: Use it.
They are no longer needed since the latest ld-wrapper changes (commit
51d0cd9.)
* gnu/packages/patches/libtool-skip-tests2.patch: New file.
* gnu/packages/autotools.scm (libtool)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
Fixes <http://bugs.gnu.org/20121>.
* gnu/packages/patches/curl-gss-api-fix.patch: Delete file.
* gnu/packages/patches/curl-support-capath-on-gnutls.patch,
gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch: New files.
* gnu-system.am (dist_patch_DATA): Add new patches and remove old one.
* gnu/packages/curl.scm (curl): Update to 7.41.0. Add new patches and remove
old one. Disable one unit test.
Modified-By: Mark H Weaver <mhw@netris.org>
This patch was removed in 08c045091e,
but it's still needed for python-2.
* gnu/packages/patches/python-libffi-mips-n32-fix.patch: Restore it.
* gnu-system.am (dist_patch_DATA): Add it back.
* gnu/packages/python.scm (python): Update from 3.3.5 to 3.4.3.
* gnu/packages/patches/python-fix-tests.patch: Update the required test fixes.
* gnu/packages/patches/python-libffi-mips-n32-fix.patch: Remove it...
* gnu-system.am (dist_patch_DATA): ... and do not reference it here.
* gnu/packages/patches/inetutils-syslogd.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (inetutils)[source]: Use it.
[native-inputs]: New field.
Fixes <http://bugs.gnu.org/20050>.
Reported by taylanbayirli@gmail.com (Taylan Ulrich Bayırlı/Kammer).
* gnu/packages/patches/ghostscript-runpath.patch: New file.
* gnu/packages/ghostscript.scm (ghostscript)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
Fixes <http://bugs.gnu.org/20041>.
Reported by taylanbayirli@gmail.com (Taylan Ulrich Bayırlı/Kammer).
* gnu/packages/patches/openssl-runpath.patch: New file.
* gnu/packages/openssl.scm (openssl)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
This is a temporary fix to enable hydra to complete evaluations, which were
broken by f7ee7a9b06 due to a missing patch
file. The real patch will be put into place in a later commit.
* gnu/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch:
New file. This is just a stub.
* gnu-system.am (dist_patch_DATA): Add it.
This should have been done in a952b10c23.
* gnu/packages/patches/source-highlight-regexrange-test.patch: Remove.
* gnu-system.am (dist_patch_DATA): Remove it.
* gnu/packages/pretty-print.scm (source-highlight)[source]: Remove patch.
* gnu/packages/patches/xf86-video-sis-fix-exa-crash.patch: New file.
* gnu/packages/xorg.scm (xf86-video-sis): Use it.
* gnu-system.am (dist_patch_DATA): Add it.
Actually, CVE-2015-0801 and CVE-2015-0816 were already patched in
4c153a9125, but the corresponding CVEs
were not yet announced.
* gnu/packages/patches/icecat-bug-1146339.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0801.patch: ... this.
* gnu/packages/patches/icecat-bug-1144991.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0816.patch: ... this.
* gnu/packages/patches/icecat-CVE-2015-0807.patch,
gnu/packages/patches/icecat-CVE-2015-0815-pt1.patch,
gnu/packages/patches/icecat-CVE-2015-0815-pt2.patch,
gnu/packages/patches/icecat-CVE-2015-0815-pt3.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them, and adapt to renamed files.
* gnu/packages/gnuzilla.scm (icecat): Add patches, and adapt to renamed files.