`guix lint` reports two CVEs, both are unrelated:
- CVE-2018-5200: for vendor "pandora" and some 4.2.2.x version
- CVE-2019-9133: windows only (I assume it it alsow relates to the "pandora"
vendor, since the version the CVE refers to as "solving the issue" does not
exist at KDE.)
* gnu/packages/kde-multimedia.scm (kmplayer): New variable.
* gnu/packages/patches/kmplayer-aarch64.patch,
gnu/packages/patches/kmplayer-upstream_Fix-build-with-Qt-5.9.patch: New
files.
* gnu/local.mk: Add them.
Patches should fix all CVEs reported by `guix lint`:
CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829,
CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837,
CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095
Since the patches do not reference to CVEs, it's a bit hard to tell which
patch actually closes which CVE. Debian reports all these to be closed by
the patches below and NixPkgs provides references.
* gnu/packages/audio.scm (audiofile): New variable.
* gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch,
gnu/packages/patches/audiofile-fix-sign-conversion.patch,
gnu/packages/patches/audiofile-CVE-2015-7747.patch,
gnu/packages/patches/audiofile-CVE-2018-13440.patch,
gnu/packages/patches/audiofile-CVE-2018-17095.patch,
gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch,
gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch,
gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch,
gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch,
gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch,
gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch,
gnu/packages/patches/audiofile-hurd.patch,
gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch:
New files.
* gnu/local.mk: Add them.
* gnu/packages/patches/libgeotiff-adapt-test-script-for-proj-6.2.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/geo.scm (libgeotiff): Update to 1.5.1.
[inputs]: Replace proj.4 with proj.
[sources]: Add libgeotiff-adapt-test-script-for-proj-6.2.patch
to patches.
* gnu/packages/embedded.scm (gcc-arm-none-eabi-7-2018-q2-update): New
variable.
* gnu/packages/patches/gcc-7-cross-environment-variables.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add `emacs-next' for building latest Emacs from git.
* gnu/packages/emacs.scm (emacs-next): New variable.
(emacs): make the autoload deletion snippet not fail when eshell/esh-groups.el
does not exist. This enables reuse of the entire snippet field of `emacs' for
`emacs-next'.
* gnu/packages/patches/emacs27-exec-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the above patch file to it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/guile-finalization-crash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-2.2/bug-fix): New variable.
* gnu/packages/patches/websocket-fix-for-boost-1.70.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (websocketpp): Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/mes-remove-store-name.patch: New file, from upstream.
* gnu/packages/mes.scm (mes): Use it. Add `www.' to homepage.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (ncompress): New variable.
* gnu/packages/patches/compress-fix-softlinks.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/local.mk: Include lisp-xyz.scm.
* gnu/packages/lisp-xyz.scm: New file.
* gnu/packages/lisp.scm: Move all lisp libraries to lisp-xyz.scm, uglify-js to
javascript.scm and stumpwm to wm.scm.
* gnu/packages/javascript.scm: Add uglify-js.
* gnu/packages/wm.scm: Add stumpwm.
* gnu/packages/bioinformatics.scm: Find uglify-js in javascript.scm.
* gnu/packages/machine-learning.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* gnu/packages/web.scm: Find uglify-js in javascript.scm.
* gnu/packages/web-browsers.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* guix/build-system/minify.scm (default-uglify-js): Find uglify-js in
javascript module instead of lisp.
* gnu/local.mk: Include lisp-xyz.scm.
* gnu/packages/lisp-xyz.scm: New file.
* gnu/packages/lisp.scm: Move all lisp libraries to lisp-xyz.scm, uglify-js to
javascript.scm and stumpwm to wm.scm.
* gnu/packages/javascript.scm: Add uglify-js.
* gnu/packages/wm.scm: Add stumpwm.
* gnu/packages/bioinformatics.scm: Find uglify-js in javascript.scm.
* gnu/packages/machine-learning.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* gnu/packages/web.scm: Find uglify-js in javascript.scm.
* gnu/packages/web-browsers.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* guix/build-system/minify.scm (default-uglify-js): Find uglify-js in
javascript module instead of lisp.
Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008,
CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash for the firefox source tarball. Update to the
latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove
determinism fix in makeicecat that is now upstream. Tweak a status message.
(icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/patches/handbrake-opt-in-nvenc.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/video.scm (handbrake)[source]: Upgrade to 1.3.0. Remove
patch.
[native-inputs]: Remove cmake and curl.
[inputs]: Add dav1d and numactl.
[arguments]: Add "--disable-nvenc" to configure flags in place of patch.
Adjust "bootstrap" phase in response to upstream changes.
Add "patch-SHELL" and "relax-reqs" phases.
* gnu/packages/python-xyz.scm (python-scikit-image, python2-scikit-image):
Move these two from here...
* gnu/packages/python-science.scm: ...to this new file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/local.mk: Include lisp-xyz.scm.
* gnu/packages/lisp-xyz.scm: New file.
* gnu/packages/lisp.scm: Move all lisp libraries to lisp-xyz.scm, uglify-js to
javascript.scm and stumpwm to wm.scm.
* gnu/packages/javascript.scm: Add uglify-js.
* gnu/packages/wm.scm: Add stumpwm.
* gnu/packages/bioinformatics.scm: Find uglify-js in javascript.scm.
* gnu/packages/machine-learning.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* gnu/packages/web.scm: Find uglify-js in javascript.scm.
* gnu/packages/web-browsers.scm: Depend on lisp-xyz.scm instead of lisp.scm.
* gnu/packages/patches/psm-disable-memory-stats.patch: New file.
* gnu/packages/linux.scm (psm)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/services/pam-mount.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (PAM Mount Service): New subsection.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/feh-fix-tests-for-imlib2-1.6.patch: New file.
* gnu/packages/image-viewers.scm (feh)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
Tobias Geerinckx-Rice
Mathieu Othacehe
Hartmut Goebel
Arun Isaac
Ricardo Wurmus
Amin Bandali
Brett Gilio
Ivan Vilata-i-Balaguer
Mark H Weaver
Ludovic Courtès
Ludovic Courtès
Guillaume Le Vaillant
Evan Straw
Björn Höfling
Andrew Miloradovsky
Kei Kebreau
Jan Nieuwenhuizen
Pierre Neidhardt
Marius Bakke
Eric Bavier
Julien Lepiller
Pierre Langlois