* gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[replacement]: New field.
(cyrus-sasl/fixed): New variable.
[source]: Use patch.
* gnu/packages/patches/lvm2-static-link.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (lvm2)[source](patches): New field.
(lvm2-static): New variable.
* gnu/packages/patches/libtiff-CVE-2016-9448.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/guile-repl-server-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-2.0.13)[source]: Use it.
* gnu/packages/video.scm (handbrake): New variable.
* gnu/packages/patches/handbrake-pkg-config-path.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/libtiff-uint32-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
* gnu/packages/patches/libtiff-CVE-2016-9297.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed)[source]: Use it.
Includes fixes for CVE-2016-5290, CVE-2016-5291, CVE-2016-5297, CVE-2016-9064,
and CVE-2016-9066.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add fixes for
aforementioned CVEs and other selected fixes from Firefox ESR 45.5.0. Note
that the first six patches of CVE-2016-5290 and the patch for CVE-2016-9066
were already present, but were labeled by mozilla bug number instead of CVE.
* gnu/packages/patches/icecat-CVE-2016-9064.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[replacement]: New field.
(pixman/fixed): New variable.
* gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline-6.2): Use it.
* gnu/packages/patches/libtiff-CVE-2016-9273.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff/fixed): Use it.
Partly addresses <http://bugs.gnu.org/24703>.
Reported by Mark H Weaver <mhw@netris.org>.
* gnu/packages/patches/gcc-strmov-store-file-names.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gcc.scm (gcc-5)[sources](patches): Add it.
(gcc-6)[sources](patches): Add it.
* gnu/packages/patches/libxslt-CVE-2016-4738.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/lua52-liblua-so.patch: Rename to ...
* gnu/packages/patches/lua-liblua-so.patch: ... this. Add version comment.
* gnu/local.mk (dist_patch_DATA): Adjust patch name.
* gnu/packages/lua.scm (lua): Update to 5.3.3.
[source]: Use https URL. Use new patch name.
[home-page]: Use https URL.
(lua-5.2): New variable.
(lua-5.1)[source]: Use https URL.
* gnu/packages/python.scm (python-ipython): Update to 4.0.0.
[inputs]: Keep only "readline" and "which"; move the remaining inputs
to propagated-inputs, except for "python-requests" and "python-nose"
which are moved to native-inputs.
[propagated-inputs]: Add "python-pexpect", "python-pickleshare",
"python-simplegeneric", "python-traitlets", "python-ipykernel".
[native-inputs]: Add "python-testpath".
[arguments]: Enable building of HTML documentation.
[source]: Remove patch.
* gnu/packages/patches/python-ipython-inputhook-ctype.patch: Remove
patch.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/patches/icecat-binutils.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Use it.
* gnu/packages/patches/libtiff-CVE-2016-5652.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libtiff-fixed)[source]: Use it.
* gnu/packages/embedded.scm (openocd): New variable.
* gnu/packages/patches/openocd-nrf52.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the patch.
* gnu/packages/patches/libwebp-CVE-2016-9085.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (libwebp)[source]: Use it.
* gnu/packages/patches/perl-www-curl-remove-symbol.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (perl-www-curl)[source]: Use it.
The fix from upstream did not apply cleanly due to many context changes.
This was adapted by cloning mupdf 1.9a from git and fixing conflicts
after applying our patches and cherry-picking upstream commit 1e03c06.
This is a follow-up to 47a04fca99.
* gnu/packages/patches/mupdf-CVE-2016-8674.patch: Adapt to 1.9a.
