* gnu/packages/patches/python-seaborn-kde-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python-xyz.scm (python-seaborn): Use it, and update to
0.11.1.
* gnu/packages/patches/vtk-8-fix-freetypetools-build-failure.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image-processing.scm (vtk-8): Dis-inherit from VTK. Use the
package definition that predated the update to VTK 9, taken from commit
f4dc8ac6df.
Add go@1.16 as a non-default go. Changes from 1.14: Use now-supported GO_LDSO
configuration option for setting the interpreter. Bootstrap with gccgo on
platforms which do not support go-1.4. Fix and re-enable cmd/go script tests.
Fix typo in cgoldflags patch. Break out tests into "check" phase. Remove
references to perl to reduce closure size by ~10%. Set GOCACHE so go doesn't
attempt to access $HOME.
* gnu/packages/patches/go-fix-script-tests.patch: New file.
* local.mk (dist_patch_DATA): Register it.
* gnu/packages/golang.scm (go-1.16): New variable. Use the patch.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* gnu/packages/connman.scm (connman): Update to 1.40.
[source]: Remove upstreamed patch.
[inputs]: Add lz4, rather than propagate it from openconnect.
* gnu/packages/patches/connman-CVE-2021-33833.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Initiate new lisp-check module the same way as other language specific
ones (python-check, haskell-check).
* gnu/local.mk (GNU_SYSTEM_MODULES): Add lisp-check.scm.
* gnu/packages/lisp-check.scm (sbcl-nst, ecl-nst, cl-nst): New variables.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
* gnu/packages/patches/cups-CVE-2020-10001.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cups.scm (cups-minimal/fixed): New variable.
(cups-minimal)[replacement]: Assign it to new field.
* gnu/packages/patches/tlf-support-hamlib-4.2+.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/radio.scm (tlf): New variable.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
* gnu/packages/web.scm (linkchecker): Update to 10.0.1.
[source]: Remove patches.
[inputs]: Add python-beautifulsoup4. Replace python2-dnspython-1.16,
python2-pyxdg and python2-requests with python-dnspython, python-pyxdg and
python-requests respectively.
[native-inputs]: Replace python2-pytest, python2-miniboa and
python2-parameterized with python-pytest, python-miniboa and
python-parameterized respectively.
[arguments]: Use python 3. Replace check phase instead of deleting the
standard phase and adding a custom one. Use add-installed-pythonpath instead
of setting PYTHONPATH directly. Support disabling of tests with tests?.
[home-page]: Update URI.
* gnu/packages/patches/linkchecker-tests-require-network.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Unregister it.
This is a follow-up to 373c7b5791.
* gnu/packages/patches/bsdiff-CVE-2014-9862.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/patches/efivar-gcc-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/linux.scm (efivar)[source](patches, modules, snippet): New
fields.
[arguments]: Use CC-FOR-TARGET while at it.
Fixes <https://bugs.gnu.org/49035>.
* gnu/packages/patches/curl-7.77-tls-priority-string.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/curl.scm (curl-7.77.0)[source]: Use it.
* gnu/packages/patches/hexchat-add-libera-chat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/messaging.scm (hexchat)[source]: Use it.
* gnu/packages/crates-io.scm (rust-ndarray-0.13): New variable.
(rust-ndarray-0.12): Inherit from above.
* gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch: New file.
* gnu/local.mk: Register new file.
* gnu/packages/tor.scm (tor): Update to 0.4.6.5.
[source]: Add a patch to fix building with GCC 7.
* gnu/packages/patches/tor-fix-build-with-gcc-7.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
This fixes the nonreproducibility in gcc documented here:
https://reproducible-builds.org/docs/archives/#gnu-libtool
* gnu/packages/patches/gcc-8-sort-libtool-find-output.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gcc.scm (gcc-8)[source]: Apply it.
* gnu/packages/patches/connman-CVE-2021-33833.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/connman.scm (connman)[source]: Use it.
* gnu/packages/patches/polkit-CVE-2021-3560.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/polkit.scm (polkit/fixed): New variable.
(polkit)[replacement]: New field.
* gnu/packages/patches/nsis-source-date-epoch.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/installers.scm (make-nsis)[source]: Apply it.
* gnu/packages/patches/mosaicatcher-unbundle-htslib.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bioinformatics.scm (mosaicatcher): New variable.
This is a followup to 4ebd4a58ce which
removed the patch, but it was still necessary for some dependents.
* gnu/packages/patches/ucx-tcp-iface-ioctl.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/fabric-management.scm (ucx)[source](patches): New field.
* gnu/packages/games.scm (pinball): Update to 3.1.20201218.
[source]: Tarballs no longer published on sourceforge, so use git-fetch.
[native-inputs]: New field for bootstrapping inputs.
[inputs]: Add libltdl.
[arguments]: Add custom 'bootstrap' phase.
* gnu/packages/patches/pinball-system-ltdl.patch: Adjust to latest source.
* gnu/packages/patches/pinball-const-fix.patch,
gnu/packages/patches/pinball-cstddef.patch,
gnu/packages/patches/pinball-missing-separators.patch,
gnu/packages/patches/pinball-src-deps.patch: Delete upstreamed patches.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/libxml2-xpath0-Add-option-xpath0.patch: New file...
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xml.scm (libxml2-xpath0): New variable.
Signed-off-by: Marius Bakke <marius@gnu.org>
This follows commit 0b1f70d1a7, which inadvertently broke the build of Guix
for i586-pc-gnu (Hurd).
* gnu/packages/patches/disarchive-cross-compilation.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/backup.scm (disarchive)[source]: Apply it.
[phases]{delete-configure}: New phase.
[native-inputs]: Add guile-3.0 and guile-gcrypt.
This will make Mercurial be able to find third-party extensions installed with
Guix, without having to set PYTHONPATH.
* gnu/packages/patches/mercurial-hg-extension-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register the patch.
* gnu/packages/version-control.scm (mercurial)[origin](patches): Apply the
patch.
[native-search-paths]: Add HGEXTENSIONPATH.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/graphviz-CVE-2020-18032.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/graphviz.scm (graphviz)[replacement]: New field.
(graphviz/fixed): New variable.
* gnu/packages/cups.scm (hplip): Update to 3.21.4.
[source]: Remove fussy patch. Replace it with an short snippet
substitution and...
[arguments]: ...the new "--disable-imageProcessor-build" configure flag.
* gnu/packages/patches/hplip-remove-imageprocessor.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/compression.scm (snappy): Update to 1.1.9.
[source]: Add another patch.
[arguments]: Add new #:configure-flags and an
'unpack-third_party-subprojects phase.
[native-inputs]: Add the sources for benchmark and googletests.
* gnu/packages/patches/snappy-add-inline-for-GCC.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/syndication.scm (giara): New variable.
* gnu/packages/patches/giara-fix-login.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/perl-image-exiftool-CVE-2021-22204.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (perl-image-exiftool)[source]: Use it.
This introduces tla2tools.jar, which contains the TLA+ model checker
and simulator (TLC); a TLA+ REPL; a semantic analyzer (SANY); the TLATeX
typesetting system; PlusCal translator; and more. I have added five
wrapper scripts for convenience, rather than invoking `java' manually.
The wrapper scripts are not comprehensive; users who are familiar with
tla2tools.jar, or have read the book Specifying Systems, may still
invoke the commands in the traditional way.
The minimum JDK version is 11. I chose to stick with that rather than
bumping it to 14 (which is the largest version currently in Guix)
because each OpenJDK version in Guix depends on the version before it,
and so it needlessly results in many 100s of MiB of unnecessary
dependencies.
Note that this is _not_ the TLA+ Toolbox, which is the GUI commonly used
with TLA+.
* gnu/packages/java.scm (tla2tools): New variable.
* gnu/packages/patches/tla2tools-build-xml.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/racket.scm (racket)[source](patches): Remove
"racket-store-checksum-override.patch", which is no longer needed since
we stopped injecting store paths into Racket files in commit 834aa48:
see <https://issues.guix.gnu.org/47180>.
* gnu/packages/patches/racket-store-checksum-override.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The previous workaround stopped the preboot phase from loading USB
support, which makes it impossible to use a USB keyboard to select a
generation from the boot menu without using a serial console.
* gnu/packages/patches/u-boot-rockchip-inno-usb.patch: New File.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/bootloaders.scm (%u-boot-rockchip-inno-usb-patch): New variable.
(u-boot)[source]: Add patch.
(u-boot-rockpro64-rk3399, u-boot-pinebook-pro-rk3399): Remove obsolete phase.
* gnu/packages/patches/emacs-geiser-guile-auto-activate.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it here.
* gnu/packages/emacs-xyz.scm (emacs-geiser-guile): New variable.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
* gnu/packages/patches/emacs-geiser-autoload-activate-implementation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it here.
* gnu/packages/emacs-xyz.scm (emacs-geiser): Update to 0.13.
[source]: Change upstream URL.
[build-system]: Change to emacs-build-system.
[arguments]: Adjust accordingly.
[native-inputs]: Remove emacs, autoconf, and automake.
[description]: State that other packages are needed for geiser to be useful.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
support for Pinebook Pro.
* gnu/packages/linux.scm (linux-libre-5.11-source): Add Pinebook Pro
lcd patch.
(linux-libre-arm64-generic): Enable audio and battery modules for
Pinebook Pro.
* gnu/packages/patches/linux-libre-arm64-generic-pinebook-lcd.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/patches/ungoogled-chromium-system-nspr.patch,
gnu/packages/patches/ungoogled-chromium-system-opus.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 90.
(debian-patch): Make REVISION optional, default to %DEBIAN-REVISION.
(%chromium-version): New variable.
(%ungoogled-revision): Set to 90.0.4430.85-1-11-g3184907.
(%debian-revision): Set to debian/90.0.4430.85-1.
(%debian-patches): Add more patches; update hashes.
(%ungoogled-origin): Update hash.
(%guix-patches): Remove obsolete patches.
(libvpx/chromium): Update to 1.9.0-147-g61edec1ef.
(ungoogled-chromium)[version]: Base on %CHROMIUM-REVISION and the last
component of %UNGOOGLED-REVISION, a 'git describe --long' style ID.
[arguments]: Add build_with_flite_lib in #:configure-flags. Add openjpeg
substitution in #:phases.
* gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-plugins-ugly)[source]: Use it.
* gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-plugins-base)[source]: Use it.
* gnu/packages/patches/gst-plugins-bad-fix-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-plugins-bad)[source]: Use it.
* gnu/packages/patches/gst-libav-64channels-stack-corruption.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-libav)[source]: Use it.
Apparently, during grafting, Guix can somehow mangle compiled
Racket CS files (.zo) such that Racket will refuse to load them.
(Maybe it has something to do with compression?)
So, we stop patching Racket sources with absolute paths to store
files (i.e. for foreign libraries to dlopen).
Instead, we put them in a data file that doesn't get compiled or,
in one case, embed it in C.
Fixes https://issues.guix.gnu.org/47064
* gnu/packages/patches/racket-sh-via-rktio.patch: New file.
Adds a special case at the C level, controlled by a preprocessor macro,
to handle attempts to execute "/bin/sh".
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/scheme.scm (racket)[source](patches): Apply it.
(racket)[arguments](#:configure-flags): Add the CPP flag to enable it.
(racket)[arguments](#:modules): Use srfi-1.
(racket)[arguments](#:phases): Remove 'patch-/bin/sh and 'pre-configure.
Change 'pre-configure-minimal to just change directory.
Add 'patch-config.rktd-lib-search-dirs after 'build and before 'install
to configure Racket's "lib-search-dirs".
(racket, racket-minimal)[inputs]: Add bash-minimal as an explicit input.
(racket-minimal)[source]: Adjust to inherit patches from racket.
(racket-minimal)[arguments]: Inherit from racket: changes no longer needed.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch:
New file.
* gnu/local.mk[patches]: Add it.
* gnu/packages/networking.scm(/lksctp-tools)[source]: Use this patch.
* gnu/packages/virtualization.scm (libvirt): Update to 7.2.0.
[arguemnts]: Switch to meson, only build system supported by upstream.
[inputs]: Add libssh2 and readline.
[native-inputs]: Add bash-completion, gettext, python-docutils and
rpcsvc-proto.
* gnu/packages/patches/libvirt-add-install-prefix.patch: New file...
* gnu/local.mk: ...add it.
* gnu/packages/patches/libvirt-create-machine-cgroup.patch: Delete file,
merged by upstream.
Tested-by: Pierre Langlois <pierre.langlois@gmx.com>
Take advantage of patches that have been accepted upstream.
These changes lay a foundation for reusing more of Chez's
build process for Racket.
* gnu/packages/patches/chez-scheme-build-util-paths-backport.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/chez.scm (chez-scheme)[source](patches): Use it.
[source](snippet): Remove bundled libraries here, not in configure phase.
[inputs]: Organize. Move "nanopass", "stex", and "xorg-rgb" to ...
[native-inputs]: ... this field.
[arguments]: Add (ice-9 ftw) to #:modules. Remove unneeded
'patch-processor-detection' phase. Add 'unpack-nanopass+stex' phase
(refactored from 'configure'). Simplify 'configure' phase by removing
patches that have been upstreamed. Add "--nogzip-man-pages" flag so we can
remove 'make-manpages-writable' phase. Stop ignoring #:configure-flags,
move "--threads" there, and remove unneeded workaround. Add 'prepare-stex'
phase (refactored from 'install-doc'). Use it to streamline 'install-doc'
phase, installing all of the right files into the right places.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
* gnu/packages/virtualization.scm (runc): Update to 1.0.0-rc93.
[source]: Remove the patches field.
[phases]{unpack}: Remove override.
{build}: Add the man target.
{check}: Make conditional based on TESTS?.
{install}: Add the install-man target.
[native-inputs]: Add go-github-com-go-md2man.
[home-page]: Update.
* gnu/packages/patches/runc-CVE-2019-5736.patch: Delete file.
* gnu/local.mk: Un-register it.
* gnu/packages/docker.scm (containerd): Update to 1.4.4. Delete
trailing #t.
[arguments]: Set a MAKE-FLAGS binding.
[phases]{patch-paths}: Patch the reference to 'unpigz'.
{build, install}: Use the MAKE-FLAGS variable.
[inputs]: Add pigz.
* gnu/packages/patches/containerd-test-with-go1.13.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Un-register it.
Fixes CVE-2021-22876 and CVE-2021-22890.
* gnu/packages/curl.scm (curl/fixed): New variable.
(curl)[replacement]: New field.
* gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/node.scm (llhttp-bootstrap): New variable.
As Ludo' rightly points out, GitHub's patches are probably as stable
as their tarballs.
* gnu/packages/gimp.scm (gimp)[source]:
Use SEARCH-PATCHES instead of an origin.
* gnu/packages/patches/gimp-make-gegl-introspect-optional.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/virtualization.scm (libvirt): Update to 7.1.0.
[source]: Remove libvirt-create-machine-cgroup.patch, add
libvirt-do-not-create-var-dirs.patch.
[build-system]: Switch to meson-build-system.
[arguments]: Use meson-0.55. Adapt #:configure-flags for meson, there is no
need for --docdir anymore. Remove fix-BOURNE_SHELL-definition phase. Add
fix-sysconfdir-and-localstatedir phase. Adapt disable-broken-tests to meson.
[native-inputs]: Add python-docutils and rpcsvc-proto.
* gnu/packages/patches/libvirt-create-machine-cgroup.patch: Delete.
* gnu/packages/patches/libvirt-do-not-create-var-dirs.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add new patch, remove the other.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This should avoid some problems, such as "not a dynamic executable" errors.
* gnu/packages/patches/glibc-ldd-powerpc.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm: (glibc)[native-inputs]: Add it.
[arguments]: When building for powerpc* apply it.
* gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash,
glibc-final)[native-inputs]: Add patch conditionally.
This patch has been adjusted to apply to master.
Signed-off-by: Chris Marusich <cmmarusich@gmail.com>
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
Those tests don't make sense anymore as the Cuirass 1.0 version has removed
the possibility to execute a custom registration procedure.
* gnu/tests/cuirass.scm: Remove it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Ditto.
* gnu/packages/linux.scm (efibootmgr): Update to 17.
[source]: Use GIT-FETCH and GIT-FILE-NAME.
Add a patch to build against efivar@37.
* gnu/packages/patches/efibootmgr-remove-extra-decl.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/busybox-CVE-2021-28831.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/busybox.scm (busybox): Apply it.
* gnu/packages/patches/ungoogled-chromium-system-opus.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 89.
(%chromium-version): Remove variable.
(%ungoogled-revision): Set to 89.0.4389.90-1.
(%ungoogled-origin): Conditionally set file name based on commit/tag.
(%guix-patches): Add the new file.
(libvpx/chromium): Update to 1.9.0-104-gb5d77a48d.
(ungoogled-chromium)[version]: Use %UNGOOGLED-REVISION.
[source]: Update hash.
[arguments]: Adjust #:configure-flags for build system changes. Don't build
with external WebRTC SSL library. Remove obsolete substitution.
[inputs]: Remove OPENSSL. Change from PIPEWIRE to PIPEWIRE-0.3.
* gnu/packages/patches/mpg321-CVE-2019-14247.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/mp3.scm (mpg321)[source]: Apply it.
Signed-off-by: Léo Le Bouter <lle-bout@zaclys.net>
Signed-off-by: Leo Famulari <leo@famulari.name>
This is a followup to commit 31d289a475,
which added, but did not use, "unzip-symlink.patch", which is
redundant with the pre-existing "unzip-initialize-symlink-flag.patch".
* gnu/packages/patches/unzip-symlink.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gtk.scm (gdk-pixbuf)[replacement]: New field.
(gdk-pixbuf/fixed): New variable.
(gdk-pixbuf+svg): Use package/inherit.
* gnu/packages/patches/glib-CVE-2021-28153.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/glib.scm (glib/fixed): Add the new patch.
* gnu/packages/patches/geary-CVE-2020-24661.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (geary): Apply it.
* gnu/packages/patches/evolution-CVE-2020-11879.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnome.scm (evolution): Apply it.
Unmaintained upstream and its only dependent (python-gssapi) dropped it.
* gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch: Remove.
* gnu/local.mk: Drop patch file.
* gnu/packages/python-xyz.scm (python-shouldbe): Remove.
* gnu/packages/patches/bsdiff-CVE-2014-9862.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/compression.scm (bsdiff): Apply it.
* gnu/packages/patches/cgal-security-pr-5371.patch: New patch. Downloaded from
<https://patch-diff.githubusercontent.com/raw/CGAL/cgal/pull/5371.patch>, with
hunks on files matching pattern "*Convex_decomposition_3*" removed because
they don't exist in cgal's released sources.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/graphics.scm (cgal): Update to 5.2.
[source]: Apply patch.
* gnu/packages/patches/python-2.7-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-2.7)[replacement]: New field.
(python-2.7/fixed): New variable.
TALOS-2020-1222 has yet to be disclosed and has no known CVE number.
TALOS-2020-1223 has CVE-2020-28599 assigned.
* gnu/packages/engineering.scm (openscad): Update to 2021.01.
[patches]: Remove. Boost 1.72 is supported now upstream.
[arguments]: In replacement 'check phase, disable some tests requiring
experimental "lazy-union" feature. Also disable PDF-related tests requiring
ghostscript and failing either way.
* gnu/local.mk (dist_patch_DATA): Remove patch.
* gnu/packages/patches/openscad-parser-boost-1.72.patch: Ditto.
* gnu/packages/patches/qemu-CVE-2021-20203.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/virtualization.scm (qemu): Apply it.
* gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch: Remove it.
* gnu/local.mk (dist_patch_DATA): Update it.
* gnu/packages/web.scm (http-parser)[source]: Remove a test assertion failing
on i686-linux.
[arguments]: Remove the "assertion.patch" that is merged upstream.
[native-inputs]: Ditto.
[synopsis]: Wrap it.
* gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-3.8)[replacement]: New field.
(python-3.8/fixed): New variable.