gnu: nss: Update to 3.30.2 [fixes CVE-2017-5461].
* gnu/packages/gnuzilla.scm (nss): Update to 3.30.2.
gnu: graphite2: Add fixes for CVE-2017-5436 and other bugs.
* gnu/packages/fontutils.scm (graphite2)[replacement]: New field.
(graphite2/fixed): New variable.
* gnu/packages/patches/graphite2-CVE-2017-5436.patch,
gnu/packages/patches/graphite2-check-code-point-limit.patch,
gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch,
gnu/packages/patches/graphite2-non-linear-classes-even-number.patch:
New files.
* gnu/local.mk (dist_patch_DATA): Add them.
gnu: hypre: Delete unused patches.
* gnu/packages/patches/hypre-doc-tables.patch,
gnu/packages/patches/hypre-ldflags.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove them.
gnu: ceph: Disable SSE3 instructions.
Some early 64-bit AMD processors do not support this instruction set.
* gnu/packages/patches/ceph-disable-cpu-optimizations.patch: Disable SSE3.
gnu: nss-certs: Update to 3.30.2.
* gnu/packages/certs.scm (nss-certs): Update to 3.30.2.
gnu: qemu: Update to 2.9.0 [security fixes].
Fixes CVE-2017-{5857,5973,5987,6058,6505,7377,7471,7718}.
* gnu/packages/qemu.scm (qemu): Update to 2.9.0.
[source]: Remove obsolete patches.
* gnu/packages/patches/qemu-CVE-2016-10155.patch,
gnu/packages/patches/qemu-CVE-2017-5525.patch,
gnu/packages/patches/qemu-CVE-2017-5526.patch,
gnu/packages/patches/qemu-CVE-2017-5552.patch,
gnu/packages/patches/qemu-CVE-2017-5578.patch,
gnu/packages/patches/qemu-CVE-2017-5579.patch,
gnu/packages/patches/qemu-CVE-2017-5856.patch,
gnu/packages/patches/qemu-CVE-2017-5898.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
gnu: tuxpaint: Disable parallel build.
* gnu/packages/games.scm (tuxpaint)[arguments]<#:parallel-build?>: New parameter.
gnu: xorg-server: Hide the for-test variant.
* gnu/packages/xorg.scm (xorg-server-1.19.2): Wrap in 'hidden-package'
call.
gnu: Add Meson.
* gnu/packages/build-tools.scm (meson): New variables.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
gnu: gnurl: Update to 7.54.0 [fixes CVE-2017-7468]
* gnu/packages/gnunet.scm (gnurl): Update to 7.54.0.
Signed-off-by: Leo Famulari <leo@famulari.name>
gnu: icu4c: Fix CVE-2017-{7867,7868}.
* gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/icu4c.scm (icu4c/fixed)[source]: Use it.
gnu: python-nbxmpp: Update to 0.5.5.
* gnu/packages/messaging.scm (python-nbxmpp): Update to 0.5.5.
[source]: Use PYPI-URI.
[home-page]: Use HTTPS.
[description]: Fix up.
gnu: moreutils: Update to 0.60.
* gnu/packages/moreutils.scm (moreutils): Update to 0.60.
gnu: ffmpeg: Update to 3.3.
* gnu/packages/video.scm (ffmpeg): Update to 3.3.
[arguments]: Remove 'enable-x11grab' from #:configure-flags.
gnu: icecat: Label patches that have since been assigned CVEs.
Label patches that address the following CVEs: CVE-2017-5429, CVE-2017-5432,
CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438,
CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443,
CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448,
CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, and CVE-2017-5469.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add comments indicating
CVE assignments.
gnu: Delete unused patches.
* gnu/packages/patches/icu4c-CVE-2014-6585.patch,
gnu/packages/patches/icu4c-CVE-2015-1270.patch,
gnu/packages/patches/icu4c-CVE-2015-4760.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
gnu: curl: Replace with curl@7.54.0 [fixes CVE-2017-7468]
* gnu/packages/curl.scm (curl)[replacement]: New field.
(curl-7.54.0): New variable.
gnu: guile: Update to 2.2.1.
* gnu/packages/guile.scm (guile-2.2): Update to 2.2.1.