* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
This is a followup to commit 2663c38826.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
See <https://github.com/borgbackup/borg/issues/3444> for more information.
* gnu/packages/patches/borg-fix-archive-corruption-bug.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (borg)[source]: Use it.
* gnu/packages/video.scm (libvdpau-va-gl): New variable.
* gnu/packages/patches/libvdpau-va-gl-unbundle.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/eigen-arm-neon-fixes.patch: New patch.
* gnu/packages/algebra.scm (eigen): Update to 3.3.4.
[source]: Use patch. Disable svd-preallocation test for BDCSVD.
[arguments]: Set "EIGEN_SEED" environment variable in check phase.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/bootloader/extlinux.scm (install-extlinux): Factorize bootloader
writing in a new procedure write-file-on-device defined in (gnu build
bootloader).
* gnu/build/bootloader.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add new file.
* gnu/system/vm.scm (qemu-img): Adapt to import and use (gnu build bootloader)
module during derivation building.
* gnu/scripts/system.scm (bootloader-installer-derivation): Ditto.
* gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch:
New file.
* gnu/packages/machine-learning.scm (python-scikit-learn)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/jemalloc-arm-address-bits.patch: New patch.
* gnu/packages/jemalloc.scm (jemalloc)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/picprog-non-intel-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/embedded.scm (picprog)[source]: Add patch.
[arguments]: Skip building the 'testport' binary.
This is a follow-up to commit 9a187b39b7.
* gnu/packages/spice.scm (spice): Update to 0.14.0.
[source]: Remove obsolete patches. Use HTTPS URL.
[inputs]: Add orc.
[home-page]: Update to use https.
* gnu/packages/patches/spice-CVE-2016-9577.patch,
gnu/packages/patches/spice-CVE-2016-9578-1.patch,
gnu/packages/patches/spice-CVE-2016-9578-2.patch,
gnu/packages/patches/spice-CVE-2017-7506.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/bazaar-CVE-2017-14176.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (bazaar)[source]: Use it.
* gnu/packages/patches/shepherd-close-fds.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (shepherd)[source]: Use it.
* gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/file-systems.scm (glusterfs)[source]: Use it.
* gnu/packages/bootloaders.scm (dtc)[patches]: Add dtc-32-bits-check.patch and
dtc-format-modifier.patch to fix build and tests on 32 bits platforms.
* gnu/packages/patches/dtc-32-bits-check.patch : New file.
* gnu/packages/patches/dtc-format-modifier.patch : New file.
* gnu/local.mk (dist_patch_DATA): Add two above patches.
* gnu/packages/mail.scm (exim): Update to 4.89.1.
[source]: Remove patches for fixed CVEs (all of them).
* gnu/packages/patches/exim-CVE-2017-16943.patch: Delete file...
* gnu/packages/patches/exim-CVE-2017-16944.patch: ...as well as this file...
* gnu/packages/patches/exim-CVE-2017-1000369.patch: ...and this file.
* gnu/local.mk (dist_patch_DATA): Remove all of them.
* gnu/packages/image.scm (optipng)[source](patches): New field.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/guile-emacs-fix-configure.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (guile-emacs): Use it. Add workaround for src/deps
dir creation. Fixes#29186.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Arch Linux.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/lxde.scm (pcmanfm)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/procmail-CVE-2017-16844.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (procmail)[source]: Use it.
* gnu/packages/patches/audacity-build-with-system-portaudio.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/audio.scm (audacity): Update to 2.2.0.
[source]: Add patch to build with system portaudio; add snippet to remove most
bundled libraries.
[inputs]: Replace "gtk+-2" with "gtk+", replace "wxwidgets-gtk2" with
"wxwidgets"; remove "libsbsms"; add "suil" and "portmidi".
[arguments]: Adjust configure flags to avoid using bundled libraries; remove
phase "autoreconf"; add phases "fix-sbsms-check" and "use-upstream-headers".
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.