* gnu/packages/patches/dovecot-CVE-2017-15132.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (dovecot)[source]: Use it.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
* gnu/packages/patches/rtags-separate-rct.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/code.scm (rtags): Dependencies no longer bundled.
[source]: Use tarball release. Use the patch to link rct.
Substitute corresponding headers.
[native-inputs]: Add new dependencies.
[inputs]: Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/rct-add-missing-headers.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cpp.scm (rct): Use the patch, enable RTTI.
[source]: Use the patch to add missing headers from installation.
[arguments]: Enable RTTI in configure-flags.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ao-cad-aarch64-support.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/engineering.scm (ao-cad)[source]: Use it. Update snapshot to
fb288c9. Use VCS helpers for version and file-name.
[arguments]: Add 'remove-native-compilation' phase.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
* gnu/packages/patches/python-pillow-fix-failing-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pillow)[source]: Use it.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
See <https://github.com/borgbackup/borg/issues/3444> for more information.
* gnu/packages/patches/borg-fix-archive-corruption-bug.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/video.scm (libvdpau-va-gl): New variable.
* gnu/packages/patches/libvdpau-va-gl-unbundle.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/eigen-arm-neon-fixes.patch: New patch.
* gnu/packages/algebra.scm (eigen): Update to 3.3.4.
[source]: Use patch. Disable svd-preallocation test for BDCSVD.
[arguments]: Set "EIGEN_SEED" environment variable in check phase.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/bootloader/extlinux.scm (install-extlinux): Factorize bootloader
writing in a new procedure write-file-on-device defined in (gnu build
bootloader).
* gnu/build/bootloader.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add new file.
* gnu/system/vm.scm (qemu-img): Adapt to import and use (gnu build bootloader)
module during derivation building.
* gnu/scripts/system.scm (bootloader-installer-derivation): Ditto.
* gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch:
New file.
* gnu/packages/machine-learning.scm (python-scikit-learn)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/jemalloc-arm-address-bits.patch: New patch.
* gnu/packages/jemalloc.scm (jemalloc)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.