* gnu/packages/image.scm (openjpeg)[replacement]: New field.
(openjpeg/fixed): New variable, patch against CVE-2016-9850,
CVE-2016-9851.
* gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/libepoxy-gl-null-checks.patch: New file.
* gnu/packages/gl.scm (libepoxy)[source]: Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/shells.scm (tcsh)[replacement]: New field.
(tcsh/fixed): New variable.
* gnu/packages/patches/readline-7.0-mingw.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline): Support MinGW.
* gnu/packages/gnuzilla.scm (icecat): Update to 45.5.1-gnu1.
[source]: Remove temporary URI for 45.3 beta. Fix URI computation. Remove
outdated patches. Add more cherry-picked bug fixes from upstream
mozilla-esr45. Use 'list' instead of quasiquote in 'patches' field.
* gnu/packages/assembly.scm (nasm)[source]: Remove patch.
[arguments]: Disable ps and pdf doc outputs in new phase.
* gnu/packages/patches/nasm-no-ps-pdf.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gtk.scm (cairo)[replacement]: New field.
(cairo/fixed): New variable.
(cairo-xcb)[source]: Use patch.
[replacement]: New field, set false.
* gnu/packages/pdf.scm (poppler)[inputs]: Custom cairo should be
replaced by a new custom patched cairo.
* gnu/packages/patches/cairo-CVE-2016-9082.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[replacement]: New field.
(cyrus-sasl/fixed): New variable.
[source]: Use patch.
* gnu/packages/patches/lvm2-static-link.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (lvm2)[source](patches): New field.
(lvm2-static): New variable.
* gnu/packages/patches/libtiff-CVE-2016-9448.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/guile-repl-server-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-2.0.13)[source]: Use it.
* gnu/packages/video.scm (handbrake): New variable.
* gnu/packages/patches/handbrake-pkg-config-path.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libtiff-uint32-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/libtiff-CVE-2016-9297.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
Includes fixes for CVE-2016-5290, CVE-2016-5291, CVE-2016-5297, CVE-2016-9064,
and CVE-2016-9066.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add fixes for
aforementioned CVEs and other selected fixes from Firefox ESR 45.5.0. Note
that the first six patches of CVE-2016-5290 and the patch for CVE-2016-9066
were already present, but were labeled by mozilla bug number instead of CVE.
* gnu/packages/patches/icecat-CVE-2016-9064.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[replacement]: New field.
(pixman/fixed): New variable.
* gnu/packages/patches/python-2.7-site-prefixes.patch: New file.
* gnu/packages/python.scm (python-2)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline-6.2): Use it.
* gnu/packages/patches/libtiff-CVE-2016-9273.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed): Use it.