* gnu/packages/fontutils.scm (python-afdko): Update to 3.9.4.
[source]: Remove patch.
[arguments]: Disable a few extra tests in the check phase override.
Delete use-system-libxml2 phase. Update patch-problematic-requirements phase.
* gnu/packages/patches/python-afdko-suppress-copyright-test.patch: Delete
file.
* gnu/local.mk (dist_patch_DATA): De-register it.
* gnu/packages/python-xyz.scm (python-fonttools-next): Update to 4.39.3.
(python-fonttools-full) [arguments]: Skip the MtiTest suite in the check phase
override.
* gnu/packages/ruby.scm (ruby-rubyzip)
[arguments]: Do not patch ruby shebang in the patch-tests phase.
Remove the disable-problematic-tests phase. Add the
unpatch-some-source-shebangs phase.
Includes fixes for CVE-2023-1945, CVE-2023-29531, CVE-2023-29532,
CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539,
CVE-2023-29541, CVE-2023-29542, CVE-2023-29545, CVE-2023-29548,
CVE-2023-29550, and MFSA-TMP-2023-0001.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Remove the vestigial RENAME_CMD environment variable setting.
(icecat-102.9.0-source): New variable.
(icedove-source): Use it.
This is required to allow log file rotations using rottlog, etc.
* gnu/services/web.scm (nginx-shepherd-service): Add reopen shepherd action.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Several recent Heimdal releases are affected by the serious vulnerability
CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]
At the time of writing, the upstream developers had not yet cut any releases
post-7.8.0, which is why the patch is being applied here.
The patch was extracted from Helmut Grohne's public vulnerability
disclosure. [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
[2] https://www.openwall.com/lists/oss-security/2023/02/08/1
* gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/kerberos.scm (heimdal)[source]: Apply it.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/packages/ghostscript.scm (ijs)[arguments]: When building for
riscv64-linux replace config.guess and config.sub.
[native-inputs]: When building for riscv64-linux add config.
* gnu/packages/cups.scm (cups-minimal)[arguments]: When building for
riscv64-linux replace the config.guess and config.sub files.
[native-inputs]: When building for riscv64-linux add config.
Rationale: Even though the section 'X.509 Certificates' is part of the
System Configuration chapter, readers might also come here from a
cross-reference when reading about Application Setup on a foreign
distro.
* doc/guix.texi (System Configuration)[X.509 Certificates]: Clarify.
* gnu/packages/emacs-xyz.scm (emacs-treemacs): Update to 3.1.
[arguments]<#:phases>: Run all tests.
[native-inputs, inputs, propagated-inputs]: Move after arguments.
* gnu/packages/xfce.scm (xfce4-notifyd): Update to 0.8.2.
[arguments]: Patch 'configure' to use 'which' instead of 'pkg-config' for
finding paths for gdbus-codegen, glib-compile-resources and glib-genmarshal.
[native-inputs]: Add glib:bin and which.
