* gnu/packages/patches/osip-CVE-2017-7853.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (osip)[source]: Use it.
This adds fixes for CVE-2017-7757, CVE-2017-7758, and the remaining
5 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository, through ESR 52.2.
This documents that we include fixes for the following CVEs: CVE-2017-5472,
CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,
CVE-2017-7756, CVE-2017-7764, CVE-2017-7765, CVE-2017-7778, and that we
include 15 out of 20 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename existing patches to
indicate their CVE assignments.
Partly fixes <https://bugs.gnu.org/26976>.
* gnu/packages/patches/guile-ssh-channel-finalization.patch: New file.
* gnu/packages/ssh.scm (guile-ssh)[source](patches): Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/build/marionette.scm (wait-for-file): New procedure.
* gnu/tests/base.scm (run-mcron-test)[test](wait-for-file): Remove.
Pass second argument in 'wait-for-file' calls.
* gnu/tests/ssh.scm (run-ssh-test)[test](wait-for-file): Remove.
Pass second argument in 'wait-for-file' calls.
* gnu/tests/messaging.scm (run-xmpp-test)[test](guest-wait-for-file):
Remove.
Use 'wait-for-file' instead, with second argument.
* gnu/services/admin.scm (<log-rotation>): New record type.
(syslog-rotation-config, simple-rotation-config): Remove.
(%default-rotations): Define as a list of <log-rotation> objects.
(log-rotation->config, log-rotations->/etc-entries): New procedures.
(<rottlog-configuration>)[periodic-rotations]: Remove.
[rotations]: New field.
(rottlog-etc): Use 'log-rotations->/etc-entries'.
* doc/guix.texi (Log Rotation): Update accordingly.
* gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
Trying to boot GuixSD when an audio CD is in the drive will die with an
"input/output error" when trying to read the superblock from the cd
drive.
This patch catches and warns in this case rather than dying.
* gnu/build/file-systems.scm (ENOENT-safe): Handle EIO.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages.scm (specifications->manifest): New procedure.
* doc/guix.texi (Invoking guix package): Change example from using
'(compose list specification->package+output)' to using
'specifications->manifest'.
This update addresses the following security advisories:
GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
See <https://gnutls.org/security.html> and <https://gnutls.org/news.html>.
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register patches.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.13): New variable.
(gnutls/guile-2.2)[replacement]: New field. Set #f.
[source]: Inherit from GNUTLS-3.5.13.
