Includes fixes for CVE-2018-12383 and CVE-2018-12385.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to apply
cleanly to IceCat 60.
* gnu/packages/gnuzilla.scm (mozilla-patch): Update to fetch from
mozilla-esr60.
(icecat): Add selected changesets from upstream mozilla-esr60.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.2.0-gnu1.
[source]: Download pre-release from alpha.gnu.org. Remove obsolete patches.
Comment out the code to delete the bundled copies of libevent, cairo,
harfbuzz, and graphite2.
[inputs]: Use the latest ffmpeg. Comment out libevent, cairo, harfbuzz, and
graphite2.
[native-inputs]: Add rust and cargo.
[arguments]: Remove --enable-gio and --disable-gnomeui. Add --disable-stylo.
Comment out --with-system-{libevent,harfbuzz,graphite2}, --enable-system-cairo.
Import %cargo-build-system-modules. Add 'patch-cargo-checksums' phase.
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch,
gnu/packages/patches/icecat-bug-1413868-pt1.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/xf86-video-ast-remove-mibstore.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/xorg.scm (xf86-video-ast): New public variable.
* gnu/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rust.scm (rust-1.25): Use it.
(rust-1.26): Use it.
(rust): Use it.
* gnu/packages/patches/gd-CVE-2018-1000222.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gd.scm (gd/fixed): New variable.
* gnu/packages/php.scm (gd-for-php)[source]: Use 'gd-CVE-2018-1000222.patch'.
The following CVEs are fixed with this release: CVE-2018-15908,
CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509,
CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539,
CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: Delete file.
* gnu/packages/patches/ghostscript-CVE-2018-16509.patch,
gnu/packages/patches/ghostscript-bug-699708.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Update to 9.24.
[source](patches): Remove 'ghostscript-CVE-2018-10194.patch' and
'ghostscript-runpath.patch'. Add 'ghostscript-CVE-2018-16509.patch' and
'ghostscript-bug-699708.patch'.
[arguments]: Add LDFLAGS to #:configure-flags, and a phase to create output
directory.
Fixes <https://bugs.gnu.org/31726>.
Thanks to Jack Hill <jackhill@jackhill.us> for exploring different solutions
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31726>.
* gnu/packages/patches/haskell-mode-unused-variables.patch,
gnu/packages/patches/haskell-mode-make-check.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/emacs.scm (haskell-mode)[source]: Use them.
[arguments]: Adjust 'pre-build' phase to embed file name.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/netsurf-message-timestamp.patch: New patch.
* gnu/packages/patches/netsurf-system-utf8proc.patch: Adjust to new source.
* gnu/packages/web.scm (netsurf): Upgrade to 3.8.
[source]: Add the new patch.
* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (dropbear)[source]: Use it.
* gnu/packages/patches/grub-check-error-efibootmgr.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): New field.
* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
Fixes <https://bugs.gnu.org/32397>.
Reported by fis trivial <ybbs.daans@hotmail.com>.
* gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch: New file.
* gnu/packages/gcc.scm (gcc-4.8)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
It seems a recent version of sqlite broke Clementine's first startup. It turns
out we can patch clementine to fix the problem instead of providing a different
sqlite package:
<https://github.com/clementine-player/Clementine/pull/5669>
* gnu/packages/databases.scm (sqlite-with-fts3): Remove.
* gnu/packages/music.scm (clementine)[inputs]: Replace sqlite-with-fts3 with
sqlite.
[source]: Add clementine-fix-sqlite.patch.
* gnu/packages/patches/clementine-fix-sqlite.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <leo@famulari.name>
Also includes a fix for CVE-2018-0732, and a different approach to
fixing CVE-2018-0495.
* gnu/packages/tls.scm (openssl-next): Update to 1.1.0i.
[sources]: Remove CVE patches.
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch: Delete...
* gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch: ...both files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
* gnu/packages/patches/lxc-CVE-2018-6556.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (lxc)[source]: Use it.
* gnu/packages/patches/mariadb-client-test-32bit.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/databases.scm (mariadb)[source](patches): Add it.
[arguments]: Increase retry count and test timeout. Disable test
main.myisampack.
Fixes a regression introduced in a3ed69b694
where dmeventd.static fails to link against libm and breaks "lvm2-static".
* gnu/packages/patches/lvm2-static-link.patch: Patch make.tmpl.in.
* gnu/packages/patches/libreoffice-glm.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/libreoffice.scm (libreoffice)[source](patches): Add it.
* gnu/packages/patches/x265-arm-asm-primitives.patch: New file.
* gnu/packages/video.scm (x265)[sources](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/build-tools.scm (meson): Update to 0.47.1.
* gnu/packages/patches/meson-for-build-rpath.patch: Adjust to file rename and
indendation change.
Fixes <https://bugs.freedesktop.org/show_bug.cgi?id=106715>.
* gnu/packages/patches/xorg-server-rotate-fb.patch: New file.
* gnu/packages/xorg.scm (xorg-server)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/qt.scm (python-sip)[arguments]: Don't use '--sip-module'
flag in custom 'configure phase.
(python-pyqt)[sources]: Add patch.
* gnu/packages/patches/pyqt-public-sip.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/openbabel-fix-crash-on-nwchem-output.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chemistry.scm (openbabel)[source]: Use it.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
* gnu/packages/patches/ghostscript-CVE-2018-10194.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/twinkle-include-qregexpvalidator-explicity.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (twinkle)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/monero-use-system-miniupnpc.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/finance.scm (monero): Update to 0.12.3.0.
[source]: Add patch. Remove snippet because miniupnpc, rapidjson
and unbound are no longer bundled in-tree.
[inputs]: Add zeromq, cppzmq, libsodium. Use monero-miniupnpc.
[arguments]: Change build-type to "release".
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/xapian-revert-5489fb2f8.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/search.scm (xapian)[source](patches): Use it.
* gnu/packages/patches/syncthing-fix-crash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/syncthing.scm (syncthing)[source]: Use it.
* gnu/packages/patches/xf86-video-savage-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-savage)[source](patches): Use it.
* gnu/packages/patches/xf86-video-sis-xorg-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xorg.scm (xf86-video-sis)[source](patches): Use it.
* gnu/packages/compression.scm (zstd): Update to 1.3.5.
[source]: Add two patches to make the test suite pass.
* gnu/packages/patches/zstd-fix-stdin-list-without-tty.patch,
gnu/packages/patches/zstd-fix-stdin-list-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add both.
* gnu/packages/java.scm (icedtea-6)[arguments]: Modify phases to extract
hostspot, as after the patching it becomes an archive.
[native-inputs]: add patch to hotspot-src.
* gnu/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the
remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out
of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.