`guix lint` reports two CVEs, both are unrelated:
- CVE-2018-5200: for vendor "pandora" and some 4.2.2.x version
- CVE-2019-9133: windows only (I assume it it alsow relates to the "pandora"
vendor, since the version the CVE refers to as "solving the issue" does not
exist at KDE.)
* gnu/packages/kde-multimedia.scm (kmplayer): New variable.
* gnu/packages/patches/kmplayer-aarch64.patch,
gnu/packages/patches/kmplayer-upstream_Fix-build-with-Qt-5.9.patch: New
files.
* gnu/local.mk: Add them.
Patches should fix all CVEs reported by `guix lint`:
CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829,
CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837,
CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095
Since the patches do not reference to CVEs, it's a bit hard to tell which
patch actually closes which CVE. Debian reports all these to be closed by
the patches below and NixPkgs provides references.
* gnu/packages/audio.scm (audiofile): New variable.
* gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch,
gnu/packages/patches/audiofile-fix-sign-conversion.patch,
gnu/packages/patches/audiofile-CVE-2015-7747.patch,
gnu/packages/patches/audiofile-CVE-2018-13440.patch,
gnu/packages/patches/audiofile-CVE-2018-17095.patch,
gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch,
gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch,
gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch,
gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch,
gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch,
gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch,
gnu/packages/patches/audiofile-hurd.patch,
gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch:
New files.
* gnu/local.mk: Add them.
* gnu/packages/patches/libgeotiff-adapt-test-script-for-proj-6.2.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/geo.scm (libgeotiff): Update to 1.5.1.
[inputs]: Replace proj.4 with proj.
[sources]: Add libgeotiff-adapt-test-script-for-proj-6.2.patch
to patches.
* gnu/packages/embedded.scm (gcc-arm-none-eabi-7-2018-q2-update): New
variable.
* gnu/packages/patches/gcc-7-cross-environment-variables.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add `emacs-next' for building latest Emacs from git.
* gnu/packages/emacs.scm (emacs-next): New variable.
(emacs): make the autoload deletion snippet not fail when eshell/esh-groups.el
does not exist. This enables reuse of the entire snippet field of `emacs' for
`emacs-next'.
* gnu/packages/patches/emacs27-exec-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the above patch file to it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/guile-finalization-crash.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/guile.scm (guile-2.2/bug-fix): New variable.
* gnu/packages/patches/websocket-fix-for-boost-1.70.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (websocketpp): Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/patches/mes-remove-store-name.patch: New file, from upstream.
* gnu/packages/mes.scm (mes): Use it. Add `www.' to homepage.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (ncompress): New variable.
* gnu/packages/patches/compress-fix-softlinks.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008,
CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash for the firefox source tarball. Update to the
latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove
determinism fix in makeicecat that is now upstream. Tweak a status message.
(icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/patches/handbrake-opt-in-nvenc.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/video.scm (handbrake)[source]: Upgrade to 1.3.0. Remove
patch.
[native-inputs]: Remove cmake and curl.
[inputs]: Add dav1d and numactl.
[arguments]: Add "--disable-nvenc" to configure flags in place of patch.
Adjust "bootstrap" phase in response to upstream changes.
Add "patch-SHELL" and "relax-reqs" phases.
* gnu/packages/patches/psm-disable-memory-stats.patch: New file.
* gnu/packages/linux.scm (psm)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/feh-fix-tests-for-imlib2-1.6.patch: New file.
* gnu/packages/image-viewers.scm (feh)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This is a followup to d100d5d544.
* gnu/packages/patches/libseccomp-open-aarch64.patch: New file.
* gnu/packages/linux.scm (libseccomp)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/ghc-haddock-api-fix-haddock.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/haskell-xyz.scm (ghc-haddock-api): Update to 2.22.0.
[source]: Use the new patch.
[arguments]: Change the 'update-constraints' phase to allow newer
versions of 'QuickCheck' and 'hspec'.
This package used a patch to update the Cabal version constraints for
'language-glsl'. This is now done in a phase for consistency with
other Haskell packages.
* gnu/packages/elm.scm (elm-compiler): Add a phase that updates the
Cabal file to allow for newer versions of 'ansi-terminal',
'containers', 'http-client', 'language-glsl', and 'network'.
[source]: Remove 'elm-compiler-relax-glsl-bound.patch'.
* gnu/packages/patches/elm-compiler-relax-glsl-bound.patch: Delete file.
* gnu/local.mk: Remove it.
* gnu/packages/patches/ghc-microlens-aeson-fix-tests.patch: New file.
* gnu/local.mk: Add it.
* gnu/packages/haskell-xyz.scm (ghc-microlens-aeson): Use it.
The new source tarball does not have bundled dependencies, so it does
not need to be patched.
* gnu/packages/haskell-xyz.scm (ghc-haddock-library): Update to 1.7.0.
[source]: Remove 'patches', 'modules' and 'snippet'.
[arguments]: Update the 'relax-test-suite-dependencies' phase to allow
newer versions of 'hspec' and 'QuickCheck'; remove the
'add-examples-directory' phase.
* gnu/packages/patches/ghc-haddock-library-unbundle.patch: Delete file.
* gnu/local.mk: Remove it.
