* gnu/packages/patches/qemu-CVE-2015-3209.patch,
gnu/packages/patches/qemu-CVE-2015-4037.patch,
gnu/packages/patches/qemu-CVE-2015-4103.patch,
gnu/packages/patches/qemu-CVE-2015-4104.patch,
gnu/packages/patches/qemu-CVE-2015-4105.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch,
gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch,
gnu/packages/patches/qemu-CVE-2015-5745.patch: Delete files.
* gnu/packages/patches/qemu-CVE-2015-6855.patch: New file.
* gnu-system.am (dist_patch_DATA): Add the new patch and delete the old ones.
* gnu/packages/qemu.scm (qemu-headless): Update to 2.4.0.1. Add the new patch
and delete the old ones.
* gnu/packages/patches/pixman-pointer-arithmetic.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[source]: Use it.
* gnu/packages/patches/valgrind-glibc-2.21.patch: Rename to ...
gnu/packages/patches/valgrind-glibc-2.22.patch: ... this, and add a case for
glibc-2.22.
* gnu/packages/patches/valgrind-linux-libre-4.x.patch: New file.
* gnu-system.am (dist_patch_DATA): Add the new file, and rename the other one.
* gnu/packages/valgrind.scm (valgrind)[source]: Add new patch.
This works around <http://bugs.gnu.org/21460>.
* gnu/packages/patches/coreutils-racy-tail-test.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/base.scm (coreutils): Use it.
* gnu/packages/patches/perl-autosplit-default-time.patch: New patch.
* gnu/packages/perl.scm (perl): Use it.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/web.scm (perl-finance-quote): New variable.
* gnu/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
This shrinks the closure of OpenSSL from 154 MiB to 73 MiB.
* gnu/packages/patches/openssl-c-rehash.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (openssl)[source]: Use it.
[arguments]: Add 'remove-miscellany' phase.
* gnu/packages/certs.scm (nss-certs)[native-inputs]: Add PERL.
* gnu/packages/patches/glibc-o-largefile.patch: New file.
* gnu/packages/base.scm (glibc)[source]: Add it to 'patches'.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gtk.scm (guile-rsvg): New variable.
* gnu/packages/patches/guile-rsvg-pkgconfig.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/patches/gnutls-doc-fix.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (gnutls): Update to 3.4.4.1. Add patch.
[arguments]: Add 'delete-prebuilt-unfixed-info-file' phase.
In 'move-doc' phase, copy man pages to the correct directory.
[native-inputs]: Add 'texinfo'.
* gnu/packages/patches/qemu-CVE-2015-5745.patch: New file.
* gnu/packages/patches/qemu-CVE-2015-3456.patch,
gnu/packages/patches/qemu-CVE-2015-5154-pt1.patch,
gnu/packages/patches/qemu-CVE-2015-5154-pt2.patch,
gnu/packages/patches/qemu-CVE-2015-5154-pt3.patch,
gnu/packages/patches/qemu-CVE-2015-5158.patch: Delete files.
* gnu-system.am (dist_patch_DATA): Add new file and remove the deleted ones.
* gnu/packages/qemu.scm (qemu): Update to 2.3.1. Add new patch and remove the
deleted ones.
This is an improvement over commit af6100f.
* gnu/packages/gnome.scm (glib-networking)[source](patches): New field.
[arguments]: Pass '/etc/ssl/certs/ca-certificates.crt' to configure.
Set 'SSL_CERT_FILE' to '/dev/null' in 'use-empty-ssl-cert-file' phase.
(libsoup)[arguments]: Set 'SSL_CERT_FILE' to '/dev/null' in
'pre-check' phase.
* gnu/packages/patches/glib-networking-ssl-cert-file.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213). I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603). I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. Move the 'patches'
field above the snippet.
* gnu/packages/patches/pidgin-add-search-path.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/messaging.scm (pidgin): New variable.
