This fixes CVE-2012-{4409,4527}.
This is a followup to commit fd1461879c.
* gnu/packages/patches/mcrypt-CVE-2012-4409.patch,
gnu/packages/patches/mcrypt-CVE-2012-4527.patch: Apply the patches to the mcrypt
source code.
* gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file.
* gnu/local.mk (dist_patch_DATA): Use it.
* gnu/packages/scheme.scm (chicken)[source]: Use it.
* gnu/packages/bioinformatics.scm (python-dendropy): Update to 4.2.0.
[source]: Remove patch.
(python2-dendropy)[source]: Use the same source as python-dendropy.
* gnu/packages/patches/python-dendropy-exclude-failing-tests.patch: Remove
file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libpng)[replacement]: New field.
(libpng/fixed): New variable.
* gnu/packages/patches/libxml2-CVE-2016-5131.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Add it.
* gnu/packages/xml.scm (libxml2)[replacement]: New field.
(libxml2/fixed): New variable.
* gnu/packages/patches/libxml2-CVE-2016-4658.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gnupg.scm (gnupg)[source]: Use it.
kdbusaddons needs to know the location of the kdeinit5 executable,
provided by kinit. kinit depends on kdbusaddons, so we add bootstrap
versions of all packages in the dependency chain from kinit to
kdbusaddons to avoid cyclic dependencies.
* gnu/packages/kde-frameworks.scm (kinit-bootstrap,
kdbusaddons-bootstrap): New variables.
(kdbusaddons)[inputs]: Add kinit-bootstrap.
[source,arguments]: Add patch and substitution to embed
kinit-bootstrap's store directory in the code.
* gnu/packages/patches/kdbusaddons-kinit-file-name.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/libupnp-CVE-2016-8863.patch: New file.
* gnu/local.mk (dist_patch_DATA): Use it.
* gnu/packages/libupnp.scm (libupnp)[source]: Use it.
* gnu/packages/patches/python-pyopenssl-skip-network-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl)[source]: Use it.
[arguments]: Replace 'check' with custom phase.
* gnu/packages/image.scm (openjpeg)[replacement]: New field.
(openjpeg/fixed): New variable, patch against CVE-2016-9850,
CVE-2016-9851.
* gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/libepoxy-gl-null-checks.patch: New file.
* gnu/packages/gl.scm (libepoxy)[source]: Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/shells.scm (tcsh)[replacement]: New field.
(tcsh/fixed): New variable.
* gnu/packages/patches/readline-7.0-mingw.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline): Support MinGW.
* gnu/packages/gnuzilla.scm (icecat): Update to 45.5.1-gnu1.
[source]: Remove temporary URI for 45.3 beta. Fix URI computation. Remove
outdated patches. Add more cherry-picked bug fixes from upstream
mozilla-esr45. Use 'list' instead of quasiquote in 'patches' field.
* gnu/packages/assembly.scm (nasm)[source]: Remove patch.
[arguments]: Disable ps and pdf doc outputs in new phase.
* gnu/packages/patches/nasm-no-ps-pdf.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gtk.scm (cairo)[replacement]: New field.
(cairo/fixed): New variable.
(cairo-xcb)[source]: Use patch.
[replacement]: New field, set false.
* gnu/packages/pdf.scm (poppler)[inputs]: Custom cairo should be
replaced by a new custom patched cairo.
* gnu/packages/patches/cairo-CVE-2016-9082.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[replacement]: New field.
(cyrus-sasl/fixed): New variable.
[source]: Use patch.
* gnu/packages/patches/lvm2-static-link.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (lvm2)[source](patches): New field.
(lvm2-static): New variable.
* gnu/packages/patches/libtiff-CVE-2016-9448.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/guile-repl-server-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-2.0.13)[source]: Use it.
* gnu/packages/video.scm (handbrake): New variable.
* gnu/packages/patches/handbrake-pkg-config-path.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libtiff-uint32-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/libtiff-CVE-2016-9297.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
Includes fixes for CVE-2016-5290, CVE-2016-5291, CVE-2016-5297, CVE-2016-9064,
and CVE-2016-9066.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add fixes for
aforementioned CVEs and other selected fixes from Firefox ESR 45.5.0. Note
that the first six patches of CVE-2016-5290 and the patch for CVE-2016-9066
were already present, but were labeled by mozilla bug number instead of CVE.
* gnu/packages/patches/icecat-CVE-2016-9064.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[replacement]: New field.
(pixman/fixed): New variable.
* gnu/packages/patches/python-2.7-site-prefixes.patch: New file.
* gnu/packages/python.scm (python-2)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline-6.2): Use it.
* gnu/packages/patches/libtiff-CVE-2016-9273.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed): Use it.
Partly addresses <http://bugs.gnu.org/24703>.
Reported by Mark H Weaver <mhw@netris.org>.
* gnu/packages/patches/gcc-strmov-store-file-names.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gcc.scm (gcc-5)[sources](patches): Add it.
(gcc-6)[sources](patches): Add it.
* gnu/packages/patches/libxslt-CVE-2016-4738.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/lua52-liblua-so.patch: Rename to ...
* gnu/packages/patches/lua-liblua-so.patch: ... this. Add version comment.
* gnu/local.mk (dist_patch_DATA): Adjust patch name.
* gnu/packages/lua.scm (lua): Update to 5.3.3.
[source]: Use https URL. Use new patch name.
[home-page]: Use https URL.
(lua-5.2): New variable.
(lua-5.1)[source]: Use https URL.
* gnu/packages/python.scm (python-ipython): Update to 4.0.0.
[inputs]: Keep only "readline" and "which"; move the remaining inputs
to propagated-inputs, except for "python-requests" and "python-nose"
which are moved to native-inputs.
[propagated-inputs]: Add "python-pexpect", "python-pickleshare",
"python-simplegeneric", "python-traitlets", "python-ipykernel".
[native-inputs]: Add "python-testpath".
[arguments]: Enable building of HTML documentation.
[source]: Remove patch.
* gnu/packages/patches/python-ipython-inputhook-ctype.patch: Remove
patch.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/icecat-binutils.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Use it.
* gnu/packages/patches/libtiff-CVE-2016-5652.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff-fixed)[source]: Use it.
* gnu/packages/embedded.scm (openocd): New variable.
* gnu/packages/patches/openocd-nrf52.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the patch.
* gnu/packages/patches/libwebp-CVE-2016-9085.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libwebp)[source]: Use it.
* gnu/packages/patches/perl-www-curl-remove-symbol.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (perl-www-curl)[source]: Use it.
The fix from upstream did not apply cleanly due to many context changes.
This was adapted by cloning mupdf 1.9a from git and fixing conflicts
after applying our patches and cherry-picking upstream commit 1e03c06.
This is a follow-up to 47a04fca99.
* gnu/packages/patches/mupdf-CVE-2016-8674.patch: Adapt to 1.9a.
* gnu/packages/patches/mesa-wayland-egl-symbols-check-mips.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gl.scm (mesa)[source]: Add patch when building on MIPS.
