Includes fixes for CVE-2018-18500, CVE-2018-18501, and CVE-2018-18505.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.5.0-guix1.
[version]: Use %icecat-version.
[source]: Inherit from 'icecat-source'. Remove obsolete patches.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch,
gnu/packages/patches/icecat-use-system-graphite2+harfbuzz.patch,
gnu/packages/patches/icecat-use-system-media-libs.patch: Adapt to 60.5.0.
* gnu/packages/gnuzilla.scm (computed-origin-method): New variable.
(%icecat-version, icecat-source): New variables.
* gnu/packages/patches/icecat-makeicecat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add a patch to skip more tests that require the network. Along with some other
changes, this gets all but of one of the tests passing.
The remaining test is broken due to a problem with the Python package in Guix,
which is fixed by [1] which is currently on the core-updates branch. This
patch doesn't work on core-updates due to python2-miniboa not being present.
1: d453b0e11d
* gnu/packages/python.scm (linkchecker)[source]: Add patch.
[native-inputs]: Add more inputs required for the tests.
[arguments]: Enable the tests, move the 'check phase after 'install. Test
using the installed software, and use py.test.
* gnu/packages/patches/superlu-dist-awpm-grid.patch: New file.
* gnu/packages/maths.scm (superlu-dist)[source]: Upgrade to 6.0.0. Remove
extraneous 'use-modules' in snippet.
[build-system]: Change to cmake-build-system.
[propagated-inputs]: Replace pt-scotch with pt-scotch32 to match integer
sizes. Add "parmetis" input, from pt-scotch32. Move lapack to ...
[inputs]: ...here. Add openblas and combinatorial-blas.
[arguments]: Replace 'configure' phase with #:configure-flags. Add
'set-c++-standard' and 'omp-setup' phases. Remove
'create-install-directories, 'check', and 'install' phases, which are now
handled by cmake.
* gnu/local.mk (dist_patch_DATA): Add patch.
The qof test is also reinstated; it was failing because the needed locales
were not installed.
* gnu/packages/patches/gnucash-disable-failing-tests.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Unregister it.
* gnu/packages/gnucash.scm (gnucash)[patches]: Remove it.
[phases]{disable-stress-options-test}: Implement it using SUBSTITUTES*.
{install-locales}: New phase.
* gnu/packages/patches/gnucash-price-quotes-perl.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Unregister it.
* gnu/packages/gnucash.scm (gnucash)[patches]: Remove it.
[phases]{fix-finance-quote-check}: Implement it using SUBSTITUTES*.
* gnu/packages/patches/openssh-CVE-2018-20685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
Using LIBRARY_PATH was introduced in
16b8aff85b, but is wrong since
this variable is used by the compiler (gcc) at link time.
* gnu/packages/patches/kinit-kdeinit-libpath.patch: Change
LIBRARY_PATH to KDEINIT5_LIBRARY_PATH.
* gnu/packages/kde-frameworks.scm (kinit)[native-search-paths]:
New field.
* gnu/packages/patches/aria2-CVE-2019-3500.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (aria2)[source]: Use it.
Transfer the NixOS patches for kpackage as of 2018-02-17:
- Allow external paths.
- Make QDirIterator follow symlinks.
Decided to use a patch for one of the "allow external paths" changes since
'substitute*' seems not to be robust enough.
* gnu/packages/patches/kpackage-allow-external-paths.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/kde-frameworks.scm(kpackage)[source]: Use it. <patch>: New
phase.
Transfer the NixOS "kdeinit-libpath" patch for kinit as of
2018-02-17.
* gnu/packages/patches/kinit-kdeinit-libpath.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/kde-frameworks.scm (kinit)[source]: Use it.
Transfer the NixOS "kdeinit-extra_libs" patch for kinit as of
2018-02-17.
* gnu/packages/patches/kinit-kdeinit-extra_libs.patch: New filee.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/kde-frameworks.scm (kinit)[source]: Use it.
<patch-paths>: New phase.
[inputs]: Add kparts, plasma-framework.
Transfer the remaining NixOS patch for kio as of 2018-02-17.
* gnu/packages/patches/kio-search-smbd-on-PATH.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/kde-frameworks.scm(kio)<source>: Use it.
Fixes issue #32057 (see: https://issues.guix.info/issue/32057).
* gnu/packages/patches/gnucash-fix-test-transaction-failure.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnucash.scm (gnucash): Use it.
* gnu/packages/patches/file-CVE-2018-10360.patch: New file.
* gnu/packages/file.scm (file)[replacement]: New field.
(file/fixed): New variable.
* gnu/packages/commencement.scm (file-boot0): Use 'package/inherit' to
receive security fixes.
* gnu/local.mk (dist_patch_DATA): Register it.
The new release of StumpWM broken the interactive 'gnew' command. It was
fixed upstream [0] and will be part of the next release.
0: https://github.com/stumpwm/stumpwm/pull/538
* gnu/packages/patches/stumpwm-fix-broken-read-one-line.patch: New file.
* gnu/packages/lisp.scm (stumpwm)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
This patch is missing from glibc 2.28 and is needed to support
/proc/self lookup when using the Hurd's procfs, which in turn is needed
for our 'guile-relocatable.patch'.
See <https://lists.gnu.org/archive/html/bug-hurd/2018-12/msg00024.html>.
* gnu/packages/patches/glibc-hurd-magic-pid.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/base.scm (glibc)[arguments]: Add 'apply-hurd-patch'
phase.
[native-inputs]: Add "hurd-magic-pid-patch" input.
* gnu/packages/cross-base.scm (cross-libc)[arguments]: Duplicate
'apply-hurd-patch' phase.
* gnu/packages/patches/openjdk-10-idlj-reproducibility.patch: New file.
* gnu/packages/java.scm (openjdk10)[source]: Use it.
* gnu/locale.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/polkit-CVE-2018-19788.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/polkit.scm (polkit)[source]: Use it.
