aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/audio.scm2
-rw-r--r--gnu/packages/base.scm24
-rw-r--r--gnu/packages/boost.scm26
-rw-r--r--gnu/packages/build-tools.scm4
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/cmake.scm4
-rw-r--r--gnu/packages/compression.scm12
-rw-r--r--gnu/packages/cups.scm8
-rw-r--r--gnu/packages/curl.scm18
-rw-r--r--gnu/packages/cyrus-sasl.scm9
-rw-r--r--gnu/packages/databases.scm5
-rw-r--r--gnu/packages/emacs.scm10
-rw-r--r--gnu/packages/freedesktop.scm12
-rw-r--r--gnu/packages/geo.scm3
-rw-r--r--gnu/packages/ghostscript.scm8
-rw-r--r--gnu/packages/gl.scm23
-rw-r--r--gnu/packages/glib.scm15
-rw-r--r--gnu/packages/gnome.scm51
-rw-r--r--gnu/packages/gnuzilla.scm8
-rw-r--r--gnu/packages/gstreamer.scm28
-rw-r--r--gnu/packages/gtk.scm44
-rw-r--r--gnu/packages/icu4c.scm4
-rw-r--r--gnu/packages/image.scm12
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/inkscape.scm19
-rw-r--r--gnu/packages/kerberos.scm4
-rw-r--r--gnu/packages/libevent.scm4
-rw-r--r--gnu/packages/libreoffice.scm42
-rw-r--r--gnu/packages/linux.scm51
-rw-r--r--gnu/packages/llvm.scm20
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/mpd.scm2
-rw-r--r--gnu/packages/nettle.scm4
-rw-r--r--gnu/packages/openldap.scm10
-rw-r--r--gnu/packages/patches/cairo-CVE-2016-9082.patch122
-rw-r--r--gnu/packages/patches/cairo-setjmp-wrapper.patch78
-rw-r--r--gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch130
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2018-16509.patch193
-rw-r--r--gnu/packages/patches/ghostscript-bug-699708.patch160
-rw-r--r--gnu/packages/patches/glib-networking-ssl-cert-file.patch29
-rw-r--r--gnu/packages/patches/gnutls-skip-pkgconfig-test.patch24
-rw-r--r--gnu/packages/patches/inkscape-poppler-compat3.patch499
-rw-r--r--gnu/packages/patches/json-glib-fix-tests-32bit.patch174
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-18013.patch45
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-9935.patch162
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-10963.patch40
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-8905.patch61
-rw-r--r--gnu/packages/patches/poppler-CVE-2018-19149.patch80
-rw-r--r--gnu/packages/patches/postgresql-disable-resolve_symlinks.patch25
-rw-r--r--gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch318
-rw-r--r--gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch188
-rw-r--r--gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch31
-rw-r--r--gnu/packages/pdf.scm13
-rw-r--r--gnu/packages/ruby.scm25
-rw-r--r--gnu/packages/scribus.scm54
-rw-r--r--gnu/packages/spice.scm6
-rw-r--r--gnu/packages/storage.scm2
-rw-r--r--gnu/packages/tex.scm10
-rw-r--r--gnu/packages/tls.scm17
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/vulkan.scm14
-rw-r--r--gnu/packages/web.scm26
-rw-r--r--gnu/packages/xdisorg.scm8
63 files changed, 1431 insertions, 1605 deletions
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 2786f62163..7f72531664 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -2274,7 +2274,7 @@ external_libraries/yaml-cpp/include)"))
("eudev" ,eudev) ;for user interactions with devices
("avahi" ,avahi) ;zeroconf service discovery support
("icu4c" ,icu4c)
- ("boost" ,boost-cxx14)
+ ("boost" ,boost)
("boost-sync" ,boost-sync)
("yaml-cpp" ,yaml-cpp)))
(home-page "https://github.com/supercollider/supercollider")
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index e79d2a987b..0fed144059 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1111,7 +1111,7 @@ command.")
(define-public tzdata
(package
(name "tzdata")
- (version "2018e")
+ (version "2018g")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1119,7 +1119,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "0bk97fv2i5ns42prpmlaadsswdjwv0ifi7whj2s4q6l44rcqwa3b"))))
+ "05kayi3w9pvhj6ljx1hvwd0r8mxfzn436fjmwhx53xkj919xxpq2"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
@@ -1169,7 +1169,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "1kpb02631s58i068mwq63xlamcv1ffj4p6y4wpb9kdl01vr0qd6a"))))))
+ "09y44fzcdq3c06saa8iqqa0a59cyw6ni3p31ps0j1w3hcpxz8lxa"))))))
(home-page "https://www.iana.org/time-zones")
(synopsis "Database of current and historical time zones")
(description "The Time Zone Database (often called tz or zoneinfo)
@@ -1187,23 +1187,7 @@ and daylight-saving rules.")
(define-public tzdata-for-tests
(hidden-package
(package
- (inherit tzdata)
- (version "2018d")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.iana.org/time-zones/repository"
- "/releases/tzdata" version ".tar.gz"))
- (sha256
- (base32
- "0m6020dnk9r40z7k36jp13fa06xip3hn0fdx3nly66jzxgffs1ji"))))
- (inputs `(("tzcode" ,(origin
- (method url-fetch)
- (uri (string-append
- "http://www.iana.org/time-zones/repository/releases/tzcode"
- version ".tar.gz"))
- (sha256
- (base32
- "1nd882yhsazmcfqmcqyfig3axycryl30gmizgqhqsx5dpa2lxr3x")))))))))
+ (inherit tzdata))))
(define-public libiconv
(package
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index f9108b3ad6..2fab703ed2 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -45,16 +45,19 @@
(define-public boost
(package
(name "boost")
- (version "1.68.0")
+ (version "1.69.0")
(source (origin
(method url-fetch)
- (uri (string-append
- "mirror://sourceforge/boost/boost/" version "/boost_"
- (string-map (lambda (x) (if (eq? x #\.) #\_ x)) version)
- ".tar.bz2"))
+ (uri (let ((version-with-underscores
+ (string-map (lambda (x) (if (eq? x #\.) #\_ x)) version)))
+ (list (string-append "mirror://sourceforge/boost/boost/" version
+ "/boost_" version-with-underscores ".tar.bz2")
+ (string-append "https://dl.bintray.com/boostorg/release/"
+ version "/source/boost_"
+ version-with-underscores ".tar.bz2"))))
(sha256
(base32
- "1dyqsr9yb01y0nnjdq9b8q5s2kvhxbayk34832k5cpzn7jy30qbz"))
+ "01j4n142dz20lcgqji8d8hspp04p1nv7m8i6dz8w5lchfdhx8clg"))
(patches (search-patches "boost-fix-icu-build.patch"))))
(build-system gnu-build-system)
(inputs `(("icu4c" ,icu4c)
@@ -67,6 +70,7 @@
`(#:tests? #f
#:make-flags
(list "threading=multi" "link=shared"
+ "cxxflags=-std=c++14"
;; Set the RUNPATH to $libdir so that the libs find each other.
(string-append "linkflags=-Wl,-rpath="
@@ -122,16 +126,6 @@ across a broad spectrum of applications.")
(license (license:x11-style "https://www.boost.org/LICENSE_1_0.txt"
"Some components have other similar licences."))))
-;; Some programs need Boost to be built with C++14 support.
-(define-public boost-cxx14
- (package (inherit boost)
- (arguments
- (substitute-keyword-arguments (package-arguments boost)
- ((#:make-flags flags)
- `(append ,flags
- '("cxxflags=-std=c++14")))))
- (properties '((hidden? . #t)))))
-
(define-public boost-for-mysql
;; Older version for MySQL 5.7.23.
(package
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index a34e7ebff4..628b36fff5 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -158,7 +158,7 @@ files and generates build instructions for the Ninja build system.")
(define-public meson
(package
(name "meson")
- (version "0.47.2")
+ (version "0.49.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/mesonbuild/meson/"
@@ -166,7 +166,7 @@ files and generates build instructions for the Ninja build system.")
version ".tar.gz"))
(sha256
(base32
- "1swmycf6p9p0ag6yiywyyri42ffkxxj38r2ic7in24km47cszn4j"))))
+ "0l8m1v7cl5ybm7psfqmmdqbvmnsbb1qhb8ni3hwap3i0mk29a0zv"))))
(build-system python-build-system)
(arguments
`(;; FIXME: Tests require many additional inputs, a fix for the RUNPATH
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 6af6877423..bb66d27026 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -76,7 +76,7 @@
(define-public nss-certs
(package
(name "nss-certs")
- (version "3.39")
+ (version "3.41")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -87,7 +87,7 @@
"nss-" version ".tar.gz")))
(sha256
(base32
- "0jw6qlfl2g47hhx056nvnj6h92bk3sn46hy3ig61a911dzblvrkb"))))
+ "0bbif42fzz5gk451sv3yphdrl7m4p6zgk5jk0307j06xs3sihbmb"))))
(build-system gnu-build-system)
(outputs '("out"))
(native-inputs
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 5abf087557..7186cf98df 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -44,7 +44,7 @@
(define-public cmake
(package
(name "cmake")
- (version "3.12.2")
+ (version "3.13.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -52,7 +52,7 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "19410mxgcyvk5q42phaclb1hz6rl08z4yj8iriq706p5k5bli5qg"))
+ "04123d7fgnn1fs5p0nwyq397ss89r0y4wkg9a09qiwkjsvk1rzmy"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index e8a50c676c..c87ccda304 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -796,13 +796,13 @@ writing of compressed data created with the zlib and bzip2 libraries.")
(version "1.8.1.2")
(source
(origin
- (method url-fetch)
- (uri (string-append "https://github.com/lz4/lz4/archive/"
- "v" version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/lz4/lz4")
+ (commit (string-append "v" version))))
(sha256
(base32
- "1y93h6dyi3026gvpzdv310ldcylnnhwf32n75mdjf8x9fvkskwqj"))
- (file-name (string-append name "-" version ".tar.gz"))))
+ "1jggv4lvfav53advnj0pwqgxzn868lrj8dc9zp73iwvqlj82mhmx"))
+ (file-name (git-file-name name version))))
(build-system gnu-build-system)
(native-inputs `(("valgrind" ,valgrind))) ; for tests
(arguments
@@ -2263,7 +2263,7 @@ single-member files which can't be decompressed in parallel.")
(build-system cmake-build-system)
(arguments
`(#:tests? #f)) ;; No tests available.
- (inputs `(("boost" ,boost-cxx14)
+ (inputs `(("boost" ,boost)
("libiconv" ,libiconv)
("xz" ,xz)))
(native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 4343910d59..5eb66feed5 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -53,7 +53,7 @@
(define-public cups-filters
(package
(name "cups-filters")
- (version "1.21.0")
+ (version "1.21.5")
(source(origin
(method url-fetch)
(uri
@@ -61,7 +61,7 @@
"cups-filters-" version ".tar.xz"))
(sha256
(base32
- "0fs90xx9i4h8gbpligf5kkh21llv4kf5g3bgfbx4z272xkm7bsfi"))
+ "0azq9j7kqy18g6vgmvrbw8i4mcqdp3cbgh7q79x1b8p92w4si6rq"))
(modules '((guix build utils)))
(snippet
;; install backends, banners and filters to cups-filters output
@@ -176,7 +176,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(define-public cups-minimal
(package
(name "cups-minimal")
- (version "2.2.8")
+ (version "2.2.10")
(source
(origin
(method url-fetch)
@@ -184,7 +184,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
version "/cups-" version "-source.tar.gz"))
(sha256
(base32
- "1r7r7b3nqpzc1a9dczqpj2mr8rkcwf01676v11sp4j7w4qfzqs1r"))))
+ "1fq52aw1mini3ld2czv5gg37wbbvh4n7yc7wzzxvbs3zpfrv5j3p"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 61313af7d2..24180e0073 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -50,15 +50,14 @@
(define-public curl
(package
(name "curl")
- (version "7.61.1")
- (replacement curl-7.62.0)
+ (version "7.63.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
- "148qv1f32290r9pwg07mccawihz4srznkzsdwdl2xllvlgb16n9x"))))
+ "1i38v49233jirzlfqd8fy6jyf80assa953hk7w6qmysbg562604n"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@@ -142,19 +141,6 @@ tunneling, and so on.")
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-(define-public curl-7.62.0
- (package
- (inherit curl)
- (version "7.62.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.xz"))
- (sha256
- (base32
- "1hbm29r3pirhn4gkcnd94ylc4jzgn3v3v7qbay9awxg7bwx69dfs"))))))
-
(define-public kurly
(package
(name "kurly")
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 60c1e0ef94..0a5e464719 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -31,7 +31,7 @@
(define-public cyrus-sasl
(package
(name "cyrus-sasl")
- (version "2.1.26")
+ (version "2.1.27")
(source (origin
(method url-fetch)
(uri (list (string-append
@@ -40,13 +40,14 @@
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
- (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))
(sha256 (base32
- "1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g"))))
+ "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))))
(build-system gnu-build-system)
(inputs `(("gdbm" ,gdbm)
- ("mit-krb5" ,mit-krb5)
("openssl" ,openssl)))
+ (propagated-inputs
+ `(;; cyrus-sasl.pc refers to -lkrb5, so propagate it.
+ ("mit-krb5" ,mit-krb5)))
(arguments
'(#:configure-flags (list (string-append "--with-plugindir="
(assoc-ref %outputs "out")
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 07c6006c3b..551b1bb9c6 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -18,7 +18,7 @@
;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org>
;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017, 2018 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
@@ -811,7 +811,8 @@ as a drop-in replacement of MySQL.")
version "/postgresql-" version ".tar.bz2"))
(sha256
(base32
- "0jv26y3f10svrjxzsgqxg956c86b664azyk2wppzpa5x11pjga38"))))
+ "0jv26y3f10svrjxzsgqxg956c86b664azyk2wppzpa5x11pjga38"))
+ (patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-uuid=e2fs")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 9d16dc3dc6..52c9d478b6 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1634,7 +1634,15 @@ filters, new key bindings and faces. It can be enabled by
(sha256
(base32
"1i4647vax5na73basc5dz4lh9kprir00fh8ps4i0l1y3ippnjs2s"))
- (patches (search-patches "emacs-pdf-tools-poppler.patch"))))
+ (patches (search-patches "emacs-pdf-tools-poppler.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; In addition to the above patch, we need this additional
+ ;; provision for compatibility with Poppler 0.72:
+ (substitute* "server/poppler-hack.cc"
+ (("getCString") "c_str"))
+ #t))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; there are no tests
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 8982c0ec35..536895cba8 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -147,14 +147,14 @@ freedesktop.org project.")
(define-public libinput
(package
(name "libinput")
- (version "1.12.1")
+ (version "1.12.3")
(source (origin
(method url-fetch)
(uri (string-append "https://freedesktop.org/software/libinput/"
name "-" version ".tar.xz"))
(sha256
(base32
- "14l6bvgq76ls63qc9c448r435q9xiig0rv8ilx6rnjvlgg64h32p"))))
+ "0mg2zqbjcgj0aq7d9nwawvyhx43vakilahrc83hrfyif3a3gyrpj"))))
(build-system meson-build-system)
(arguments
`(#:configure-flags '("-Ddocumentation=false")))
@@ -432,7 +432,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
(define-public wayland-protocols
(package
(name "wayland-protocols")
- (version "1.15")
+ (version "1.17")
(source (origin
(method url-fetch)
(uri (string-append
@@ -440,7 +440,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
"wayland-protocols-" version ".tar.xz"))
(sha256
(base32
- "1qlyf9cllr2p339xxplznh023qcwj5iisp02ikx7ps349dx75fys"))))
+ "0bw1sqixqk2a7mqw630cs4dlgcp5yib90vyikzm3lr05jz7ij4yz"))))
(build-system gnu-build-system)
(inputs
`(("wayland" ,wayland)))
@@ -763,7 +763,7 @@ which speak the Mobile Interface Broadband Model (MBIM) protocol.")
(define-public libqmi
(package
(name "libqmi")
- (version "1.20.0")
+ (version "1.20.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -771,7 +771,7 @@ which speak the Mobile Interface Broadband Model (MBIM) protocol.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1d3fca477sdwbv4bsq1cl98qc8sixrzp0gqjcmjj8mlwfk9qqhi1"))))
+ "0i6aw8jyxv84d5x8lj2g9lb8xxf1dyad8n3q0kw164pyig55jd67"))))
(build-system gnu-build-system)
(inputs
`(("libgudev" ,libgudev)))
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index fa2b259d7c..26f566a18b 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -753,7 +753,8 @@ utilities for data translation and processing.")
(synopsis "Spatial database extender for PostgreSQL")
(description "PostGIS is a spatial database extender for PostgreSQL
object-relational database. It adds support for geographic objects allowing
-location queries to be run in SQL.")
+location queries to be run in SQL. This package provides a PostgreSQL
+extension.")
(license (list
;; General license
license:gpl2+
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index b46451d94e..d8c0050513 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -135,7 +135,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.24")
+ (version "9.26")
(source
(origin
(method url-fetch)
@@ -145,10 +145,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "1mk922rnml93w2g42yxiyn8xqanc50cm65irrgh0b6lp4kgifjfl"))
- (patches (search-patches "ghostscript-CVE-2018-16509.patch"
- "ghostscript-bug-699708.patch"
- "ghostscript-no-header-creationdate.patch"
+ "1645f47all5w27bfhiq15vycdm954lmr6agqkrp68ksq6xglgvch"))
+ (patches (search-patches "ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
(modules '((guix build utils)))
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index d7c112928f..1c2632b9aa 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -53,6 +53,7 @@
#:use-module (guix build utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system cmake)
+ #:use-module (guix build-system meson)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix utils)
@@ -220,7 +221,7 @@ also known as DXTn or DXTC) for Mesa.")
(define-public mesa
(package
(name "mesa")
- (version "18.1.8")
+ (version "18.3.1")
(source
(origin
(method url-fetch)
@@ -232,7 +233,7 @@ also known as DXTn or DXTC) for Mesa.")
version "/mesa-" version ".tar.xz")))
(sha256
(base32
- "06y28hpynb8w1qagznr85ml48hf8264w4ji6cmvm2fy7x5zyc6xx"))
+ "0qyw9dj2p9n91qzc4ylck2an7ibssjvzi2bjcpv2ajk851yq47sv"))
(patches
(search-patches "mesa-skip-disk-cache-test.patch"))))
(build-system gnu-build-system)
@@ -252,11 +253,11 @@ also known as DXTn or DXTC) for Mesa.")
("libva" ,(force libva-without-mesa))
("libxml2" ,libxml2)
;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
+ ("libxrandr" ,libxrandr)
("libxvmc" ,libxvmc)
,@(match (%current-system)
((or "x86_64-linux" "i686-linux")
- ;; FIXME: Change to 'llvm' in the next rebuild cycle.
- `(("llvm" ,llvm-without-rtti)))
+ `(("llvm" ,llvm)))
(_
`()))
("makedepend" ,makedepend)
@@ -264,8 +265,8 @@ also known as DXTn or DXTC) for Mesa.")
("wayland-protocols" ,wayland-protocols)))
(native-inputs
`(("pkg-config" ,pkg-config)
- ("python" ,python-2)
- ("python2-mako" ,python2-mako)
+ ("python" ,python)
+ ("python-mako" ,python-mako)
("which" ,(@ (gnu packages base) which))))
(arguments
`(#:configure-flags
@@ -290,9 +291,6 @@ also known as DXTn or DXTC) for Mesa.")
"--enable-gles2"
"--enable-gbm"
"--enable-shared-glapi"
- ;; Without floating point texture support, drivers such as Nouveau
- ;; are stuck at OpenGL 2.1 instead of OpenGL 3.0+.
- "--enable-texture-float"
;; Enable Vulkan on i686-linux and x86-64-linux.
,@(match (%current-system)
@@ -547,7 +545,7 @@ OpenGL graphics API.")
(define-public libepoxy
(package
(name "libepoxy")
- (version "1.5.2")
+ (version "1.5.3")
(source (origin
(method url-fetch)
(uri (string-append
@@ -555,10 +553,11 @@ OpenGL graphics API.")
version "/libepoxy-" version ".tar.xz"))
(sha256
(base32
- "1n57xj5i6giw4mp5s59w1m9bm33sd6gjg7r00dzzvcwya6326mm9"))))
+ "0ga3qjv50x37my6pw5xr14g5n6z78hy5s8s06kays8c3ab2mha80"))))
(arguments
`(#:phases
(modify-phases %standard-phases
+ (delete 'bootstrap)
(add-before
'configure 'patch-paths
(lambda* (#:key inputs #:allow-other-keys)
@@ -570,7 +569,7 @@ OpenGL graphics API.")
(("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
(("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
#t))))))
- (build-system gnu-build-system)
+ (build-system meson-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("python" ,python)))
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index cd9b48caff..dee349395d 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -79,7 +79,7 @@
(define dbus
(package
(name "dbus")
- (version "1.12.10")
+ (version "1.12.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -87,7 +87,7 @@
version ".tar.gz"))
(sha256
(base32
- "1xywijmgfad4m3cxp0b4l6kvypwc53ckmhwwzbrc6n32jwj3ssab"))
+ "1y7mxhkw2shd9mi9s62k81lz8npjkrafapr4fyfms7hs04kg4ilm"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
@@ -149,7 +149,7 @@ shared NFS home directories.")
(define glib
(package
(name "glib")
- (version "2.56.2")
+ (version "2.56.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@@ -157,7 +157,7 @@ shared NFS home directories.")
name "-" version ".tar.xz"))
(sha256
(base32
- "12d738n1wpvrn39zvy9xazg5h6vzyiwsw8z1qibcj09mh4bbsjnn"))
+ "1cjcqz77m62zrx7224vl3f2cxwqf28r5xpqb2jy7av0vr2scb959"))
(patches (search-patches "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
@@ -184,9 +184,6 @@ shared NFS home directories.")
(modify-phases %standard-phases
(add-before 'build 'pre-build
(lambda* (#:key inputs outputs #:allow-other-keys)
- ;; For building deterministic pyc files
- (setenv "DETERMINISTIC_BUILD" "1")
-
;; For tests/gdatetime.c.
(setenv "TZDIR"
(string-append (assoc-ref inputs "tzdata")
@@ -485,7 +482,7 @@ by GDBus included in Glib.")
(define libsigc++
(package
(name "libsigc++")
- (version "2.10.0")
+ (version "2.10.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/libsigc++/"
@@ -493,7 +490,7 @@ by GDBus included in Glib.")
name "-" version ".tar.xz"))
(sha256
(base32
- "10cd54l4zihss9qxfhd2iip2k7mr292k37i54r2cpgv0c8sdchzq"))))
+ "00v08km4wwzbh6vjxb21388wb9dm6g2xh14rgwabnv4c2wk5z8n9"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("m4" ,m4)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 415398eeee..95bfcaf564 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -360,12 +360,6 @@ formats like PNG, SVG, PDF and EPS.")
(arguments
'(#:phases
(modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t))
(add-before 'check 'disable-failing-tests
(lambda _
;; The PicasaWeb API tests fail with gnome-online-accounts@3.24.2.
@@ -2295,16 +2289,15 @@ configuration storage systems.")
(define-public json-glib
(package
(name "json-glib")
- (version "1.4.2")
+ (version "1.4.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
- (patches (search-patches "json-glib-fix-tests-32bit.patch"))
(sha256
(base32
- "1j3dd2xj1l9fi12m1gpmfgf5p4c1w0i970m6k62k3is98yj0jxrd"))))
+ "0ixwyis47v5bkx6h8a1iqlw3638cxcv57ivxv4gw2gaig51my33j"))))
(build-system meson-build-system)
(native-inputs
`(("gettext" ,gettext-minimal)
@@ -2397,7 +2390,7 @@ library.")
(define-public glib-networking
(package
(name "glib-networking")
- (version "2.54.1")
+ (version "2.58.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2405,29 +2398,17 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0bq16m9nh3gcz9x2fvygr0iwxd2pxcbrm3lj3kihsnh1afv8g9za"))
- (patches
- (search-patches "glib-networking-ssl-cert-file.patch"))))
- (build-system gnu-build-system)
+ "0s006gs9nsq6mg31spqha1jffzmp6qjh10y27h0fxf1iw1ah5ymx"))))
+ (build-system meson-build-system)
(arguments
- `(#:configure-flags
- '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'patch-giomoduledir
- ;; Install GIO modules into $out/lib/gio/modules.
- (lambda _
- (substitute* "configure"
- (("GIO_MODULE_DIR=.*")
- (string-append "GIO_MODULE_DIR=" %output
- "/lib/gio/modules\n")))
- #t))
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t)))))
+ `(#:configure-flags '("-Dlibproxy_support=false")
+ #:phases (modify-phases %standard-phases
+ (add-before 'check 'disable-TLSv1.3
+ (lambda _
+ ;; XXX: One test fails when TLS 1.3 is enabled, fixed in 2.60.0:
+ ;; <https://gitlab.com/gnutls/gnutls/issues/615>.
+ (setenv "G_TLS_GNUTLS_PRIORITY" "NORMAL:-VERS-TLS1.3")
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
@@ -2517,9 +2498,6 @@ libxml to ease remote use of the RESTful API.")
;; The 'check-local' target runs 'env LANG=C sort -u',
;; unset 'LC_ALL' to make 'LANG' working.
(unsetenv "LC_ALL")
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
;; HTTPD in Guix uses mod_event and does not build prefork.
(substitute* "tests/httpd.conf"
(("^LoadModule mpm_prefork_module.*$") "\n"))
@@ -2557,7 +2535,8 @@ libxml to ease remote use of the RESTful API.")
"" ;URI of subject
"127.0.0.1" ;IP address of subject
"" ;signing?
- "" ;encryption?
+ "" ;encryption (RSA)?
+ "" ;data encryption?
"" ;sign OCSP requests?
"" ;sign code?
"" ;time stamping?
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 74845ef239..dc0fce6203 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -365,7 +365,7 @@ in the Mozilla clients.")
(define-public nss
(package
(name "nss")
- (version "3.39")
+ (version "3.41")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -376,7 +376,7 @@ in the Mozilla clients.")
"nss-" version ".tar.gz")))
(sha256
(base32
- "0jw6qlfl2g47hhx056nvnj6h92bk3sn46hy3ig61a911dzblvrkb"))
+ "0bbif42fzz5gk451sv3yphdrl7m4p6zgk5jk0307j06xs3sihbmb"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-increase-test-timeout.patch"))))
@@ -416,7 +416,7 @@ in the Mozilla clients.")
(lambda _
;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
;; The later requires a working DNS or /etc/hosts.
- (setenv "DOMSUF" "(none)")
+ (setenv "DOMSUF" "localdomain")
(setenv "USE_IP" "TRUE")
(setenv "IP_ADDRESS" "127.0.0.1")
@@ -424,7 +424,7 @@ in the Mozilla clients.")
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2018-09-01" "./nss/tests/all.sh")))
+ (invoke "faketime" "2018-12-01" "./nss/tests/all.sh")))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index f43a0fc2f5..755904231b 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -102,7 +102,7 @@ arrays of data.")
(define-public gstreamer
(package
(name "gstreamer")
- (version "1.14.3")
+ (version "1.14.4")
(source
(origin
(method url-fetch)
@@ -111,7 +111,7 @@ arrays of data.")
version ".tar.xz"))
(sha256
(base32
- "0mh4755an4gk0z3ygqhjpdjk0r2cwswbpwfgl0x6qmnln4757bhk"))))
+ "1izzhnlsy83rgr4zl3jcl1sryxqbbigrrqw3j4x3nnphqnb6ckzr"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
@@ -150,7 +150,7 @@ This package provides the core library and elements.")
(define-public gst-plugins-base
(package
(name "gst-plugins-base")
- (version "1.14.3")
+ (version "1.14.4")
(source
(origin
(method url-fetch)
@@ -158,7 +158,7 @@ This package provides the core library and elements.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0lkr1fm3bz21nqq9vi5v74mlxw6dd6i7piw00fhc5zz0dg1ikczh"))))
+ "0qbllw4kphchwhy4p7ivdysigx69i97gyw6q0rvkx1j81r4kjqfa"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(propagated-inputs
@@ -209,7 +209,7 @@ for the GStreamer multimedia library.")
(define-public gst-plugins-good
(package
(name "gst-plugins-good")
- (version "1.14.3")
+ (version "1.14.4")
(source
(origin
(method url-fetch)
@@ -218,7 +218,7 @@ for the GStreamer multimedia library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0pgzgfqbfp8lz2ns68797xfxdr0cr5rpi93wd1h2grhbmzkbq4ji"))))
+ "0y89qynb4b6fry3h43z1r99qslmi3m8xhlq0i5baq2nbc0r5b2sz"))))
(build-system gnu-build-system)
(inputs
`(("aalib" ,aalib)
@@ -271,14 +271,14 @@ developers consider to have good quality code and correct functionality.")
(define-public gst-plugins-bad
(package
(name "gst-plugins-bad")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append "https://gstreamer.freedesktop.org/src/"
name "/" name "-" version ".tar.xz"))
(sha256
(base32
- "1mczcna91f3kkk3yv5fkfa8nmqdr9d93aq9z4d8sv18vkiflw8mj"))))
+ "1r8dma3x127rbx42yab7kwq7q1bhkmvz2ykn0rnqnzl95q74w2wi"))))
(outputs '("out" "doc"))
(build-system gnu-build-system)
(arguments
@@ -346,7 +346,7 @@ par compared to the rest.")
(define-public gst-plugins-ugly
(package
(name "gst-plugins-ugly")
- (version "1.14.3")
+ (version "1.14.4")
(source
(origin
(method url-fetch)
@@ -354,7 +354,7 @@ par compared to the rest.")
name "/" name "-" version ".tar.xz"))
(sha256
(base32
- "01i31g5rvw36rjlyi9w24n0g1xa6053d14vaiba6vqpas727z123"))))
+ "08vd1xgwmapnviah47zv5h2r02qdd20y4f07rvv5zhv6y4vxh0mc"))))
(build-system gnu-build-system)
(inputs
`(("gst-plugins-base" ,gst-plugins-base)
@@ -381,7 +381,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
(define-public gst-libav
(package
(name "gst-libav")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append
@@ -389,7 +389,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0xxnb80yhfa42x4wx1928zydaal35b2mcj0zdcdsv1apnjdm40wv"))
+ "1nk5g24z2xx5kaw5cg8dv8skdc516inahmkymcz8bxqxj28qbmyz"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -417,7 +417,7 @@ compression formats through the use of the libav library.")
(define-public python-gst
(package
(name "python-gst")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append
@@ -425,7 +425,7 @@ compression formats through the use of the libav library.")
"gst-python-" version ".tar.xz"))
(sha256
(base32
- "01w3mpimbm8drifhrkvpns79h15kd9h9v0dynr7yb12kjrnfghsg"))))
+ "06ssx19fs6pg4d32p9ph9w4f0xwmxaw2dxfj17rqkn5njd7v5zfh"))))
(build-system gnu-build-system)
(arguments
;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 08f92df96c..1776d91f33 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -76,7 +76,9 @@
#:use-module (gnu packages cups)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg)
- #:use-module (gnu packages xdisorg))
+ #:use-module (gnu packages xdisorg)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-26))
(define-public atk
(package
@@ -113,16 +115,14 @@ tools have full access to view and control running applications.")
(define-public cairo
(package
(name "cairo")
- (version "1.14.12")
+ (version "1.16.0")
(source (origin
(method url-fetch)
(uri (string-append "https://cairographics.org/releases/cairo-"
version ".tar.xz"))
(sha256
(base32
- "05mzyxkvsfc1annjw2dja8vka01ampp9pp93lg09j8hba06g144c"))
- (patches (search-patches "cairo-CVE-2016-9082.patch"
- "cairo-setjmp-wrapper.patch"))))
+ "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"))))
(build-system gnu-build-system)
(propagated-inputs
`(("fontconfig" ,fontconfig)
@@ -180,7 +180,7 @@ affine transformation (scale, rotation, shear, etc.).")
(define-public harfbuzz
(package
(name "harfbuzz")
- (version "1.8.8")
+ (version "2.2.0")
(source (origin
(method url-fetch)
(uri (string-append "https://www.freedesktop.org/software/"
@@ -188,7 +188,7 @@ affine transformation (scale, rotation, shear, etc.).")
version ".tar.bz2"))
(sha256
(base32
- "1ag3scnm1fcviqgx2p4858y433mr0ndqw6zccnccrqcr9mpcird8"))))
+ "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))
(build-system gnu-build-system)
(outputs '("out"
"bin")) ; 160K, only hb-view depend on cairo
@@ -456,7 +456,7 @@ highlighting and other features typical of a source code editor.")
"0ixfmnxjylx06mjaw116apymwi1a8rnkmkbbvqaxxg2pfwy9fl6x"))))
(build-system meson-build-system)
(arguments
- '(#:configure-flags '("-Dinstalled-tests=false")
+ `(#:configure-flags '("-Dinstalled_tests=false")
#:phases
(modify-phases %standard-phases
(add-after
@@ -471,12 +471,15 @@ highlighting and other features typical of a source code editor.")
;; ERROR:pixbuf-jpeg.c:74:test_type9_rotation_exif_tag:
;; assertion failed (error == NULL): Data differ
;; (gdk-pixbuf-error-quark, 0)
- ((".*'pixbuf-jpeg'.*") "")
- ;; Extend the timeout of the test suite.
- ;; TODO: Check upstreaming effort:
- ;; https://gitlab.gnome.org/GNOME/gdk-pixbuf/merge_requests/21
- (("300") "1800"))
+ ((".*'pixbuf-jpeg'.*") ""))
#t))
+ ;; The slow tests take longer than the specified timeout.
+ ,@(if (any (cute string=? <> (%current-system))
+ '("armhf-linux" "aarch64-linux"))
+ '((replace 'check
+ (lambda _
+ (invoke "meson" "test" "--timeout-multiplier" "5"))))
+ '())
(add-before 'configure 'aid-install-script
(lambda* (#:key outputs #:allow-other-keys)
;; "build-aux/post-install.sh" invokes `gdk-pixbuf-query-loaders`
@@ -688,7 +691,7 @@ application suites.")
(name "gtk+")
;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in
;; mate.scm will also need to be updated.
- (version "3.24.0")
+ (version "3.24.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -696,9 +699,18 @@ application suites.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1a1jbsh9fg5ykmwrcl3svy7xfvx0b87d314qsx9n483pj8w93s82"))
+ "14l8mimdm44r3h5pn5hzigl1z25jna8jxvb16l88v4nc4zj0afsv"))
(patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
- "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
+ "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Version 3.24.2 was released with a typo that broke the build.
+ ;; See upstream commit 2905fc861acda3d134a198e56ef2f6c962ad3061
+ ;; at <https://gitlab.gnome.org/GNOME/gtk/tree/gtk-3-24>
+ (substitute* "docs/tools/shooter.c"
+ (("gdk_screen_get_dfeault") "gdk_screen_get_default"))
+ #t))))
(outputs '("out" "bin" "doc"))
(propagated-inputs
`(("at-spi2-atk" ,at-spi2-atk)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 2d28107e81..6e93d6aed9 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,7 +32,7 @@
(define-public icu4c
(package
(name "icu4c")
- (version "62.1")
+ (version "63.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -42,7 +42,7 @@
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "18ssgnwzzpm1g1fvbm9h1fvryiwxvvn5wc3fdakdsl33cs6qdn9x"))))
+ (base32 "17fbk0lm2clsxbmjzvyp245ayx0n4chji3ky1f3fbz2ljjv91i05"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index e4bcd6a274..08a9f86be6 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -465,7 +465,7 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (version "4.0.9")
+ (version "4.0.10")
(source
(origin
(method url-fetch)
@@ -473,11 +473,7 @@ extracting icontainer icon files.")
version ".tar.gz"))
(sha256
(base32
- "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))
- (patches (search-patches "libtiff-CVE-2017-9935.patch"
- "libtiff-CVE-2017-18013.patch"
- "libtiff-CVE-2018-8905.patch"
- "libtiff-CVE-2018-10963.patch"))))
+ "1r4np635gr6zlc0bic38dzvxia6iqzcrary4n1ylarzpr8fd2lic"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.3 MiB of HTML documentation
@@ -1301,14 +1297,14 @@ PNG, and performs PNG integrity checks and corrections.")
(define-public libjpeg-turbo
(package
(name "libjpeg-turbo")
- (version "2.0.0")
+ (version "2.0.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/" name "/" version "/"
name "-" version ".tar.gz"))
(sha256
(base32
- "0s48zz6awd493hmb200abmsizh68fh1jmz98r41n4c8dbl87d23p"))))
+ "1zv6z093l3x3jzygvni7b819j7xhn6d63jhcdrckj7fz67n6ry75"))))
(build-system cmake-build-system)
(native-inputs
`(("nasm" ,nasm)))
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index fe0923f479..dafe8c76ed 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -48,14 +48,14 @@
;; The 7 release series has an incompatible API, while the 6 series is still
;; maintained. Don't update to 7 until we've made sure that the ImageMagick
;; users are ready for the 7-series API.
- (version "6.9.10-14")
+ (version "6.9.10-16")
(source (origin
(method url-fetch)
(uri (string-append "mirror://imagemagick/ImageMagick-"
version ".tar.xz"))
(sha256
(base32
- "0vcfjvdk9in92x808djvy94l5gylpgds4a7mlr8jrxsv9snx88yi"))))
+ "1ylbv69r8l3d4za4i8q41cs6lq06mnhiq4qm03rvs3vp3gyp1m9x"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm
index 1673cc602e..eae8ac962b 100644
--- a/gnu/packages/inkscape.scm
+++ b/gnu/packages/inkscape.scm
@@ -71,7 +71,24 @@
(file-name "inkscape-poppler-compat2.patch")
(sha256
(base32
- "14k9yrfjz4nx3bz9dk91q74mc0i7rvl2qzkwhcy1br71yqjvngn5")))))))
+ "14k9yrfjz4nx3bz9dk91q74mc0i7rvl2qzkwhcy1br71yqjvngn5")))
+ (search-patch "inkscape-poppler-compat3.patch")
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+ "d047859d90cef3784e2d13e40887a70d8d517897.diff"))
+ (file-name "inkscape-poppler-compat4.patch")
+ (sha256
+ (base32
+ "0xdfg3q4g4m15z7wna4brjn5j4kr15qiqc2f25vcw2nnr6x54qcp")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+ "b3d59cc8106da3bf6020a6c47eeb3b8a7bbae1a9.diff"))
+ (file-name "inkscape-poppler-compat5.patch")
+ (sha256
+ (base32
+ "0haviy66q9szizmvb82msfj80bb3wgi1fnq3ml8fyfp8l90a1217")))))))
(build-system cmake-build-system)
(inputs
`(("aspell" ,aspell)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 508f9c4bd2..ad19f60ec1 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -48,7 +48,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.16.1")
+ (version "1.16.2")
(source (origin
(method url-fetch)
(uri (list
@@ -60,7 +60,7 @@
"/krb5-" version ".tar.gz")))
(sha256
(base32
- "05qis9l93hhxaknbp0a2v5cr24fsy52fqx20aqqcgl1s9qwzwkr1"))))
+ "09zhhzj19bmjjxsvxdrysabql8n72kjivis08wbikhlkwlgiwwlz"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 2de29707ca..c9ed941202 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -122,14 +122,14 @@ limited support for fork events.")
(define-public libuv
(package
(name "libuv")
- (version "1.23.0")
+ (version "1.24.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "09yf7c71n8b80nbsv4lsmq5nqmb0rylhpx3z9jgkv5za9lr6sx6i"))))
+ "01pg0zsfr8mxlpipkbpw0dpsl26x5s966f5br7dx9ac29abk419q"))))
(build-system gnu-build-system)
(arguments
'(;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 45e2f63767..451adb0eff 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -984,9 +984,47 @@ converting QuarkXPress file format. It supports versions 3.1 to 4.1.")
(file-name "libreoffice-mdds.patch")
(sha256
(base32
- "0apbmammmp4pk473xiv5vk50r4c5gjvqzf9jkficksvz58q6114f"))))
+ "0apbmammmp4pk473xiv5vk50r4c5gjvqzf9jkficksvz58q6114f")))
+ ;; The Poppler API changed rapidly in the versions leading 0.72.
+ ;; Thus, we need several patches from upstream, each adapting to
+ ;; different Poppler changes since version 0.68.
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "1688a395d05125b83eac6cd5c43f0e3f2f66c491"
+ ".patch"))
+ (file-name "libreoffice-poppler-compat.patch")
+ (sha256
+ (base32
+ "0ia5avmj772mrgs6m4qqf01hs8hzpy3nafidj7w7gqx2zz2s5ih9")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "5e8bdd9203dd642111c62a6668ee665a20d4ba19"
+ ".patch"))
+ (file-name "libreoffice-poppler-gbool.patch")
+ (sha256
+ (base32
+ "19kc74h5vnk48l2vny8zmm2lkxpwc7g8n9d3wwpg99748dvbmikd")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "8ff41a26caf51544699863c89598d37d93dc1b21"
+ ".patch"))
+ (file-name "libreoffice-poppler-0.71.patch")
+ (sha256
+ (base32
+ "1dsd0gynjf7d6412dd2sx70xa2s8kld7ibyjdkwg5w9hhi2zxw2f"))))
(search-patches "libreoffice-icu.patch"
- "libreoffice-glm.patch")))))
+ "libreoffice-glm.patch")))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (for-each (lambda (file)
+ ;; Adjust to renamed function in Poppler 0.72.
+ (substitute* file (("getCString") "c_str")))
+ (find-files "sdext/source/pdfimport/xpdfwrapper"))
+ #t))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("bison" ,bison)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index b472a4a0a3..6f0f68b8c0 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -993,7 +993,7 @@ intercept and print the system calls executed by the program.")
(define-public alsa-lib
(package
(name "alsa-lib")
- (version "1.1.6")
+ (version "1.1.7")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1001,7 +1001,7 @@ intercept and print the system calls executed by the program.")
version ".tar.bz2"))
(sha256
(base32
- "096pwrnhj36yndldvs2pj4r871zhcgisks0is78f1jkjn9sd4b2z"))))
+ "02fw7dw202mjid49w9ki3dsfcyvid5fj488561bdzcm3haw00q4x"))))
(build-system gnu-build-system)
(home-page "https://www.alsa-project.org/")
(synopsis "The Advanced Linux Sound Architecture libraries")
@@ -1013,14 +1013,14 @@ MIDI functionality to the Linux-based operating system.")
(define-public alsa-utils
(package
(name "alsa-utils")
- (version "1.1.6")
+ (version "1.1.7")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.alsa-project.org/pub/utils/"
name "-" version ".tar.bz2"))
(sha256
(base32
- "0vnkyymgwj9rfdb11nvab30dnfrylmakdfildxl0y8mj836awp0m"))))
+ "02jlw6a22j2rr7inggfgk2hzx3w0fjhvhs0dn1afpzdp9aspzchx"))))
(build-system gnu-build-system)
(arguments
;; XXX: Disable man page creation until we have DocBook.
@@ -1060,14 +1060,14 @@ MIDI functionality to the Linux-based operating system.")
(define-public alsa-plugins
(package
(name "alsa-plugins")
- (version "1.1.6")
+ (version "1.1.7")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.alsa-project.org/pub/plugins/"
name "-" version ".tar.bz2"))
(sha256
(base32
- "04qcwkisbh0d6lnh0rw1k6n869fbs6zbfq6yvb41rymiwgmk27bg"))))
+ "0iys4zl1davzyg3mn9lvil1n3k1ifrg3v1caj3k4dqyrnrd40jx7"))))
(build-system gnu-build-system)
;; TODO: Split libavcodec and speex if possible. It looks like they can not
;; be split, there are references to both in files.
@@ -1076,7 +1076,12 @@ MIDI functionality to the Linux-based operating system.")
;; obsolete.
(outputs '("out" "pulseaudio" "jack"))
(arguments
- `(#:phases
+ `(#:configure-flags '(;; Do not install a "local" configuration targeted
+ ;; for /etc/alsa. On GuixSD plugins are loaded from
+ ;; the ALSA service, and other distributions likely
+ ;; won't use these files.
+ "--with-alsalconfdir=/tmp/noop")
+ #:phases
(modify-phases %standard-phases
(add-after 'install 'split
(lambda* (#:key inputs outputs #:allow-other-keys)
@@ -1085,27 +1090,17 @@ MIDI functionality to the Linux-based operating system.")
(jack (assoc-ref outputs "jack"))
(jacklib (string-append jack "/lib/alsa-lib"))
(pua (assoc-ref outputs "pulseaudio"))
- (pualib (string-append pua "/lib/alsa-lib"))
- (puaconf (string-append pua "/share/alsa/alsa.conf.d")))
+ (pualib (string-append pua "/lib/alsa-lib")))
;; For jack.
(mkdir-p jacklib)
(for-each (lambda (file)
(rename-file file (string-append jacklib "/" (basename file))))
(find-files out ".*jack\\.(la|so)"))
- ;; For pluseaudio.
- (mkdir-p puaconf)
+ ;; For pulseaudio.
(mkdir-p pualib)
- (chdir (string-append out "/share"))
- (for-each (lambda (file)
- (rename-file file (string-append puaconf "/" (basename file))))
- (find-files out "\\.(conf|example)"))
(for-each (lambda (file)
(rename-file file (string-append pualib "/" (basename file))))
(find-files out ".*pulse\\.(la|so)"))
- (chdir "..")
- ;; We have moved the files to output pulsaudio, the
- ;; directory is now empty.
- (delete-file-recursively (string-append out "/share"))
#t))))))
(inputs
`(("alsa-lib" ,alsa-lib)
@@ -2038,20 +2033,26 @@ from the module-init-tools project.")
;; The post-systemd fork, maintained by Gentoo.
(package
(name "eudev")
- (version "3.2.5")
+ (version "3.2.7")
(source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/gentoo/eudev/archive/v"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/gentoo/eudev")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
(sha256
(base32
- "0dlkcgy7j4fdcksqrpc373zfybiif1bal3n6lpy1kfc5280j02c7"))
+ "1la7x7v7yqb84wnc7w0kj53sa0an0m9xp6wn01ypi8drh02wjjy2"))
(patches (search-patches "eudev-rules-directory.patch"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'make-source-writable
+ (lambda _
+ ;; XXX: Git checkouts are read-only, but this package needs to
+ ;; modify some of its files.
+ (for-each make-file-writable (find-files "."))
+ #t))
(add-before 'bootstrap 'patch-file-names
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "man/make.sh"
diff --git a/gnu/packages/llvm.scm b/gnu/packages/llvm.scm
index 7eb785c364..ec79bcc95c 100644
--- a/gnu/packages/llvm.scm
+++ b/gnu/packages/llvm.scm
@@ -110,26 +110,6 @@ of programming tools as well as libraries with equivalent functionality.")
(base32
"08p27wv1pr9ql2zc3f3qkkymci46q7myvh8r5ijippnbwr2gihcb"))))))
-;; FIXME: This package is here to prevent many rebuilds on x86_64 and i686
-;; from commit fc9dbf41311d99d0fd8befc789ea7c0e35911890. Update users of
-;; this in the next rebuild cycle.
-(define-public llvm-without-rtti
- (package
- (inherit llvm)
- (arguments
- `(#:configure-flags '("-DCMAKE_SKIP_BUILD_RPATH=FALSE"
- "-DCMAKE_BUILD_WITH_INSTALL_RPATH=FALSE"
- "-DBUILD_SHARED_LIBS:BOOL=TRUE"
- "-DLLVM_ENABLE_FFI:BOOL=TRUE"
- "-DLLVM_INSTALL_UTILS=ON")
- #:build-type "Release"
- #:phases (modify-phases %standard-phases
- (add-before 'build 'shared-lib-workaround
- (lambda _
- (setenv "LD_LIBRARY_PATH"
- (string-append (getcwd) "/lib"))
- #t)))))))
-
(define* (clang-runtime-from-llvm llvm hash
#:optional (patches '()))
(package
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9fb02b7385..ec23d6f572 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -2978,7 +2978,7 @@ parts of it.")
(define-public openblas
(package
(name "openblas")
- (version "0.3.3")
+ (version "0.3.4")
(source
(origin
(method url-fetch)
@@ -2987,7 +2987,7 @@ parts of it.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "0cvlixnpc3cdvvn3f30phfvsgnqljqix6wn72ps9rj7xdhvw06jg"))))
+ "1s56lgilyyw86dzmj3jkci9zsg24n60wq4d0zri1hrxlxb6ihimj"))))
(build-system gnu-build-system)
(arguments
`(#:test-target "test"
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 8ddc68a33e..f4a03bb7a9 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -244,7 +244,7 @@ terminal using ncurses.")
"0m0mjb049sl62vx13h9waavysa30mk0rphacksnvf94n13la62v5"))))
(build-system gnu-build-system)
(inputs `(("libmpdclient" ,libmpdclient)
- ("boost" ,boost-cxx14)
+ ("boost" ,boost)
("readline" ,readline)
("ncurses" ,ncurses)
("taglib" ,taglib)
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index 1212f32812..1f91b74d8b 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -75,14 +75,14 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.4")
+ (version "3.4.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "150y8655h629wn946dvzasq16qxsc1m9nf58mifvhl350bgl4ymf"))))
+ "1bcji95n1iz9p9vsgdgr26v6s7zhpsxfbjjwpqcihpfd6lawyhgr"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 850223cd4c..3cba8142bf 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -91,11 +91,15 @@
;; Give -L arguments for cyrus-sasl to avoid propagation.
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
- (sasl (assoc-ref inputs "cyrus-sasl")))
+ (krb5 (assoc-ref inputs "mit-krb5"))) ;propagated from cyrus-sasl
+
+ ;; The ancient Libtool bundled with OpenLDAP copies the linker flags
+ ;; from Cyrus-SASL and embeds them into its own .la files. Add an
+ ;; absolute reference to Kerberos so it does not have to be propagated.
(substitute* (map (lambda (f) (string-append out "/" f))
'("lib/libldap.la" "lib/libldap_r.la"))
- (("-lsasl2" lib)
- (string-append "-L" sasl "/lib " lib)))
+ (("-lkrb5" lib)
+ (string-append "-L" krb5 "/lib " lib)))
#t))))))
(synopsis "Implementation of the Lightweight Directory Access Protocol")
(description
diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch
deleted file mode 100644
index ad83404194..0000000000
--- a/gnu/packages/patches/cairo-CVE-2016-9082.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From: Adrian Johnson <ajohnson@redneon.com>
-Date: Thu, 20 Oct 2016 21:12:30 +1030
-Subject: [PATCH] image: prevent invalid ptr access for > 4GB images
-
-Image data is often accessed using:
-
- image->data + y * image->stride
-
-On 64-bit achitectures if the image data is > 4GB, this computation
-will overflow since both y and stride are 32-bit types.
-
-bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165
-patch: https://bugs.freedesktop.org/attachment.cgi?id=127421
----
- boilerplate/cairo-boilerplate.c | 4 +++-
- src/cairo-image-compositor.c | 4 ++--
- src/cairo-image-surface-private.h | 2 +-
- src/cairo-mesh-pattern-rasterizer.c | 2 +-
- src/cairo-png.c | 2 +-
- src/cairo-script-surface.c | 3 ++-
- 6 files changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
-index 7fdbf79..4804dea 100644
---- a/boilerplate/cairo-boilerplate.c
-+++ b/boilerplate/cairo-boilerplate.c
-@@ -42,6 +42,7 @@
- #undef CAIRO_VERSION_H
- #include "../cairo-version.h"
-
-+#include <stddef.h>
- #include <stdlib.h>
- #include <ctype.h>
- #include <assert.h>
-@@ -976,7 +977,8 @@ cairo_surface_t *
- cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
- {
- char format;
-- int width, height, stride;
-+ int width, height;
-+ ptrdiff_t stride;
- int x, y;
- unsigned char *data;
- cairo_surface_t *image = NULL;
-diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
-index 48072f8..3ca0006 100644
---- a/src/cairo-image-compositor.c
-+++ b/src/cairo-image-compositor.c
-@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer {
- pixman_image_t *src, *mask;
- union {
- struct fill {
-- int stride;
-+ ptrdiff_t stride;
- uint8_t *data;
- uint32_t pixel;
- } fill;
-@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer {
- struct finish {
- cairo_rectangle_int_t extents;
- int src_x, src_y;
-- int stride;
-+ ptrdiff_t stride;
- uint8_t *data;
- } mask;
- } u;
-diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h
-index 8ca694c..7e78d61 100644
---- a/src/cairo-image-surface-private.h
-+++ b/src/cairo-image-surface-private.h
-@@ -71,7 +71,7 @@ struct _cairo_image_surface {
-
- int width;
- int height;
-- int stride;
-+ ptrdiff_t stride;
- int depth;
-
- unsigned owns_data : 1;
-diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c
-index 1b63ca8..e7f0db6 100644
---- a/src/cairo-mesh-pattern-rasterizer.c
-+++ b/src/cairo-mesh-pattern-rasterizer.c
-@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride,
- tg += tg >> 16;
- tb += tb >> 16;
-
-- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
-+ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
- ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
- }
- }
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index 562b743..aa8c227 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure)
- }
-
- for (i = 0; i < png_height; i++)
-- row_pointers[i] = &data[i * stride];
-+ row_pointers[i] = &data[i * (ptrdiff_t)stride];
-
- png_read_image (png, row_pointers);
- png_read_end (png, info);
-diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c
-index ea0117d..91e4baa 100644
---- a/src/cairo-script-surface.c
-+++ b/src/cairo-script-surface.c
-@@ -1202,7 +1202,8 @@ static cairo_status_t
- _write_image_surface (cairo_output_stream_t *output,
- const cairo_image_surface_t *image)
- {
-- int stride, row, width;
-+ int row, width;
-+ ptrdiff_t stride;
- uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
- uint8_t *rowdata;
- uint8_t *data;
---
-2.1.4
-
diff --git a/gnu/packages/patches/cairo-setjmp-wrapper.patch b/gnu/packages/patches/cairo-setjmp-wrapper.patch
deleted file mode 100644
index bffac6e041..0000000000
--- a/gnu/packages/patches/cairo-setjmp-wrapper.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-Revert faulty commit to avoid undefined behaviour:
-https://bugs.freedesktop.org/show_bug.cgi?id=104325
-
-Taken from this upstream commit:
-https://cgit.freedesktop.org/cairo/commit/?h=1.14&id=2acc4382c54bd8239361ceed14423412a343d311
-
-diff --git a/src/cairo-bentley-ottmann-rectangular.c b/src/cairo-bentley-ottmann-rectangular.c
-index cb2e30c..5541bdc 100644
---- a/src/cairo-bentley-ottmann-rectangular.c
-+++ b/src/cairo-bentley-ottmann-rectangular.c
-@@ -593,12 +593,6 @@ sweep_line_insert (sweep_line_t *sweep, rectangle_t *rectangle)
- pqueue_push (sweep, rectangle);
- }
-
--static int
--sweep_line_setjmp (sweep_line_t *sweep_line)
--{
-- return setjmp (sweep_line->unwind);
--}
--
- static cairo_status_t
- _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t **rectangles,
- int num_rectangles,
-@@ -615,7 +609,7 @@ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t **rectangles,
- rectangles, num_rectangles,
- fill_rule,
- do_traps, container);
-- if ((status = sweep_line_setjmp (&sweep_line)))
-+ if ((status = setjmp (sweep_line.unwind)))
- return status;
-
- rectangle = rectangle_pop_start (&sweep_line);
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index e64b14a..068617d 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -158,14 +158,6 @@ png_simple_warning_callback (png_structp png,
- */
- }
-
--static int
--png_setjmp (png_struct *png)
--{
--#ifdef PNG_SETJMP_SUPPORTED
-- return setjmp (png_jmpbuf (png));
--#endif
-- return 0;
--}
-
- /* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
- * Otherwise, we will segfault if we are writing to a stream. */
-@@ -237,8 +229,10 @@ write_png (cairo_surface_t *surface,
- goto BAIL4;
- }
-
-- if (png_setjmp (png))
-+#ifdef PNG_SETJMP_SUPPORTED
-+ if (setjmp (png_jmpbuf (png)))
- goto BAIL4;
-+#endif
-
- png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
-
-@@ -577,11 +571,12 @@ read_png (struct png_read_closure_t *png_closure)
- png_set_read_fn (png, png_closure, stream_read_func);
-
- status = CAIRO_STATUS_SUCCESS;
--
-- if (png_setjmp (png)) {
-+#ifdef PNG_SETJMP_SUPPORTED
-+ if (setjmp (png_jmpbuf (png))) {
- surface = _cairo_surface_create_in_error (status);
- goto BAIL;
- }
-+#endif
-
- png_read_info (png, info);
-
diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
deleted file mode 100644
index fc72e42e03..0000000000
--- a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-Fix CVE-2013-4122.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122
-
-Patch copied from upstream source repository:
-https://github.com/cyrusimap/cyrus-sasl/commit/dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
-
-From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Thu, 11 Jul 2013 10:08:07 +0100
-Subject: Handle NULL returns from glibc 2.17+ crypt()
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Patch by mancha1@hush.com.
----
- pwcheck/pwcheck_getpwnam.c | 3 ++-
- pwcheck/pwcheck_getspnam.c | 4 +++-
- saslauthd/auth_getpwent.c | 4 +++-
- saslauthd/auth_shadow.c | 8 +++-----
- 4 files changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
-index 4b34222..400289c 100644
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ char *userid;
- char *password;
- {
- char* r;
-+ char* crpt_passwd;
- struct passwd *pwd;
-
- pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
- else if (pwd->pw_passwd[0] == '*') {
- r = "Account disabled";
- }
-- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- r = "Incorrect password";
- }
- else {
-diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
-index 2b11286..6d607bb 100644
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -32,13 +32,15 @@ char *userid;
- char *password;
- {
- struct spwd *pwd;
-+ char *crpt_passwd;
-
- pwd = getspnam(userid);
- if (!pwd) {
- return "Userid not found";
- }
-
-- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+ crpt_passwd = crypt(password, pwd->sp_pwdp);
-+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- return "Incorrect password";
- }
- else {
-diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
-index fc8029d..d4ebe54 100644
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
- /* VARIABLES */
- struct passwd *pw; /* pointer to passwd file entry */
-+ char *crpt_passwd; /* encrypted password */
- int errnum;
- /* END VARIABLES */
-
-@@ -105,7 +106,8 @@ auth_getpwent (
- }
- }
-
-- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+ crpt_passwd = crypt(password, pw->pw_passwd);
-+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- }
-diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
-index 677131b..1988afd 100644
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,8 @@ auth_shadow (
- RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
- }
-
-- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
-- if (strcmp(sp->sp_pwdp, cpw)) {
-+ cpw = crypt(password, sp->sp_pwdp);
-+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- if (flags & VERBOSE) {
- /*
- * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +221,8 @@ auth_shadow (
- syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- sp->sp_pwdp, cpw);
- }
-- free(cpw);
- RETURN("NO Incorrect password");
- }
-- free(cpw);
-
- /*
- * The following fields will be set to -1 if:
-@@ -286,7 +284,7 @@ auth_shadow (
- RETURN("NO Invalid username");
- }
-
-- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- password, upw->upw_passwd);
---
-cgit v0.12
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch b/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
deleted file mode 100644
index 50ffa3cb98..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-Ghostscript 9.24 was released with an incomplete fix for CVE-2018-16509:
-https://nvd.nist.gov/vuln/detail/CVE-2018-16509
-https://bugs.chromium.org/p/project-zero/issues/detail?id=1640#c19
-https://bugs.ghostscript.com/show_bug.cgi?id=699718
-
-The reproducers no longer work after applying these commits:
-
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e914f1da46e33decc534486598dc3eadf69e6efb
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002fb9c131313253c307cf3951b3d47
-
-This patch is a "squashed" version of those.
-
-diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
-index bba3c8c0e..8fa7c51df 100644
---- a/Resource/Init/gs_setpd.ps
-+++ b/Resource/Init/gs_setpd.ps
-@@ -95,27 +95,41 @@ level2dict begin
- { % Since setpagedevice doesn't create new device objects,
- % we must (carefully) reinstall the old parameters in
- % the same device.
-- .currentpagedevice pop //null currentdevice //null .trysetparams
-+ .currentpagedevice pop //null currentdevice //null
-+ { .trysetparams } .internalstopped
-+ {
-+ //null
-+ } if
- dup type /booleantype eq
- { pop pop }
-- { % This should never happen!
-+ {
- SETPDDEBUG { (Error in .trysetparams!) = pstack flush } if
-- cleartomark pop pop pop
-+ {cleartomark pop pop pop} .internalstopped pop
-+ % if resetting the entire device state failed, at least put back the
-+ % security related key
-+ currentdevice //null //false mark /.LockSafetyParams
-+ currentpagedevice /.LockSafetyParams .knownget not
-+ {systemdict /SAFER .knownget not {//false} } if
-+ .putdeviceparamsonly
- /.installpagedevice cvx /rangecheck signalerror
- }
- ifelse pop pop
- % A careful reading of the Red Book reveals that an erasepage
- % should occur, but *not* an initgraphics.
- erasepage .beginpage
-- } bind def
-+ } bind executeonly def
-
- /.uninstallpagedevice
-- { 2 .endpage { .currentnumcopies //false .outputpage } if
-+ {
-+ {2 .endpage { .currentnumcopies //false .outputpage } if} .internalstopped pop
- nulldevice
- } bind def
-
- (%grestorepagedevice) cvn
-- { .uninstallpagedevice grestore .installpagedevice
-+ {
-+ .uninstallpagedevice
-+ grestore
-+ .installpagedevice
- } bind def
-
- (%grestoreallpagedevice) cvn
-diff --git a/psi/zdevice2.c b/psi/zdevice2.c
-index 0c7080d57..159a0c0d9 100644
---- a/psi/zdevice2.c
-+++ b/psi/zdevice2.c
-@@ -251,8 +251,8 @@ z2currentgstate(i_ctx_t *i_ctx_p)
- /* ------ Wrappers for operators that reset the graphics state. ------ */
-
- /* Check whether we need to call out to restore the page device. */
--static bool
--restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
-+static int
-+restore_page_device(i_ctx_t *i_ctx_p, const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- {
- gx_device *dev_old = gs_currentdevice(pgs_old);
- gx_device *dev_new;
-@@ -260,9 +260,10 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- gx_device *dev_t2;
- bool samepagedevice = obj_eq(dev_old->memory, &gs_int_gstate(pgs_old)->pagedevice,
- &gs_int_gstate(pgs_new)->pagedevice);
-+ bool LockSafetyParams = dev_old->LockSafetyParams;
-
- if ((dev_t1 = (*dev_proc(dev_old, get_page_device)) (dev_old)) == 0)
-- return false;
-+ return 0;
- /* If we are going to putdeviceparams in a callout, we need to */
- /* unlock temporarily. The device will be re-locked as needed */
- /* by putdeviceparams from the pgs_old->pagedevice dict state. */
-@@ -271,23 +272,51 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- dev_new = gs_currentdevice(pgs_new);
- if (dev_old != dev_new) {
- if ((dev_t2 = (*dev_proc(dev_new, get_page_device)) (dev_new)) == 0)
-- return false;
-- if (dev_t1 != dev_t2)
-- return true;
-+ samepagedevice = true;
-+ else if (dev_t1 != dev_t2)
-+ samepagedevice = false;
-+ }
-+
-+ if (LockSafetyParams && !samepagedevice) {
-+ const int required_ops = 512;
-+ const int required_es = 32;
-+
-+ /* The %grestorepagedevice must complete: the biggest danger
-+ is operand stack overflow. As we use get/putdeviceparams
-+ that means pushing all the device params onto the stack,
-+ pdfwrite having by far the largest number of parameters
-+ at (currently) 212 key/value pairs - thus needing (currently)
-+ 424 entries on the op stack. Allowing for working stack
-+ space, and safety margin.....
-+ */
-+ if (required_ops + ref_stack_count(&o_stack) >= ref_stack_max_count(&o_stack)) {
-+ gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+ return_error(gs_error_stackoverflow);
-+ }
-+ /* We also want enough exec stack space - 32 is an overestimate of
-+ what we need to complete the Postscript call out.
-+ */
-+ if (required_es + ref_stack_count(&e_stack) >= ref_stack_max_count(&e_stack)) {
-+ gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+ return_error(gs_error_execstackoverflow);
-+ }
- }
- /*
- * The current implementation of setpagedevice just sets new
- * parameters in the same device object, so we have to check
- * whether the page device dictionaries are the same.
- */
-- return !samepagedevice;
-+ return samepagedevice ? 0 : 1;
- }
-
- /* - grestore - */
- static int
- z2grestore(i_ctx_t *i_ctx_p)
- {
-- if (!restore_page_device(igs, gs_gstate_saved(igs)))
-+ int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+
-+ if (code == 0)
- return gs_grestore(igs);
- return push_callout(i_ctx_p, "%grestorepagedevice");
- }
-@@ -297,7 +326,9 @@ static int
- z2grestoreall(i_ctx_t *i_ctx_p)
- {
- for (;;) {
-- if (!restore_page_device(igs, gs_gstate_saved(igs))) {
-+ int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code == 0) {
- bool done = !gs_gstate_saved(gs_gstate_saved(igs));
-
- gs_grestore(igs);
-@@ -328,11 +359,15 @@ z2restore(i_ctx_t *i_ctx_p)
- if (code < 0) return code;
-
- while (gs_gstate_saved(gs_gstate_saved(igs))) {
-- if (restore_page_device(igs, gs_gstate_saved(igs)))
-+ code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code > 0)
- return push_callout(i_ctx_p, "%restore1pagedevice");
- gs_grestore(igs);
- }
-- if (restore_page_device(igs, gs_gstate_saved(igs)))
-+ code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code > 0)
- return push_callout(i_ctx_p, "%restorepagedevice");
-
- code = dorestore(i_ctx_p, asave);
-@@ -355,9 +390,12 @@ static int
- z2setgstate(i_ctx_t *i_ctx_p)
- {
- os_ptr op = osp;
-+ int code;
-
- check_stype(*op, st_igstate_obj);
-- if (!restore_page_device(igs, igstate_ptr(op)))
-+ code = restore_page_device(i_ctx_p, igs, igstate_ptr(op));
-+ if (code < 0) return code;
-+ if (code == 0)
- return zsetgstate(i_ctx_p);
- return push_callout(i_ctx_p, "%setgstatepagedevice");
- }
diff --git a/gnu/packages/patches/ghostscript-bug-699708.patch b/gnu/packages/patches/ghostscript-bug-699708.patch
deleted file mode 100644
index 1567be1c6f..0000000000
--- a/gnu/packages/patches/ghostscript-bug-699708.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-Additional security fix that missed 9.24.
-
-Taken from upstream:
-http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
-
-From fb713b3818b52d8a6cf62c951eba2e1795ff9624 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 6 Sep 2018 09:16:22 +0100
-Subject: [PATCH] Bug 699708 (part 1): 'Hide' non-replaceable error handlers
- for SAFER
-
-We already had a 'private' dictionary for non-standard errors: gserrordict.
-
-This now includes all the default error handlers, the dictionary is made
-noaccess and all the prodedures are bound and executeonly.
-
-When running with -dSAFER, in the event of a Postscript error, instead of
-pulling the handler from errordict, we'll pull it from gserrordict - thus
-malicious input cannot trigger problems by the use of custom error handlers.
-
-errordict remains open and writeable, so files such as the Quality Logic tests
-that install their own handlers will still 'work', with the exception that the
-custom error handlers will not be called.
-
-This is a 'first pass', 'sledgehammer' approach: a nice addition would to allow
-an integrator to specify a list of errors that are not to be replaced (for
-example, embedded applications would probably want to ensure that VMerror is
-always handled as they intend).
----
- Resource/Init/gs_init.ps | 29 ++++++++++++++++++-----------
- psi/interp.c | 30 +++++++++++++++++++++---------
- 2 files changed, 39 insertions(+), 20 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index 071c39205..bc8b7951c 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -881,7 +881,7 @@ userdict /.currentresourcefile //null put
- { not exch pop exit } { pop } ifelse
- }
- for exch pop .quit
-- } bind def
-+ } bind executeonly def
- /.errorhandler % <command> <errorname> .errorhandler -
- { % Detect an internal 'stopped'.
- 1 .instopped { //null eq { pop pop stop } if } if
-@@ -926,7 +926,7 @@ userdict /.currentresourcefile //null put
- $error /globalmode get $error /.nosetlocal get and .setglobal
- $error /.inerror //false put
- stop
-- } bind def
-+ } bind executeonly def
- % Define the standard handleerror. We break out the printing procedure
- % (.printerror) so that it can be extended for binary output
- % if the Level 2 facilities are present.
-@@ -976,7 +976,7 @@ userdict /.currentresourcefile //null put
- ifelse % newerror
- end
- flush
-- } bind def
-+ } bind executeonly def
- /.printerror_long % long error printout,
- % $error is on the dict stack
- { % Push the (anonymous) stack printing procedure.
-@@ -1053,14 +1053,14 @@ userdict /.currentresourcefile //null put
- { (Current file position is ) print position = }
- if
-
-- } bind def
-+ } bind executeonly def
- % Define a procedure for clearing the error indication.
- /.clearerror
- { $error /newerror //false put
- $error /errorname //null put
- $error /errorinfo //null put
- 0 .setoserrno
-- } bind def
-+ } bind executeonly def
-
- % Define $error. This must be in local VM.
- .currentglobal //false .setglobal
-@@ -1086,11 +1086,15 @@ end
- /errordict ErrorNames length 3 add dict
- .forcedef % errordict is local, systemdict is global
- .setglobal % back to global VM
--% For greater Adobe compatibility, we put all non-standard errors in a
--% separate dictionary, gserrordict. It does not need to be in local VM,
--% because PostScript programs do not access it.
-+% gserrordict contains all the default error handling methods, but unlike
-+% errordict it is noaccess after creation (also it is in global VM).
-+% When running 'SAFER', we'll ignore the contents of errordict, which
-+% may have been tampered with by the running job, and always use gserrordict
-+% gserrordict also contains any non-standard errors, for better compatibility
-+% with Adobe.
-+%
- % NOTE: the name gserrordict is known to the interpreter.
--/gserrordict 5 dict def
-+/gserrordict ErrorNames length 3 add dict def
- % Register an error in errordict. We make this a procedure because we only
- % register the Level 1 errors here: the rest are registered by "feature"
- % files. However, ErrorNames contains all of the error names regardless of
-@@ -1119,8 +1123,11 @@ errordict begin
- } bind def
- end % errordict
-
--% Put non-standard errors in gserrordict.
--gserrordict /unknownerror errordict /unknownerror get put
-+% Put all the default handlers in gserrordict
-+gserrordict
-+errordict {2 index 3 1 roll put} forall
-+noaccess pop
-+% remove the non-standard errors from errordict
- errordict /unknownerror .undef
- % Define a stable private copy of handleerror that we will always use under
- % JOBSERVER mode.
-diff --git a/psi/interp.c b/psi/interp.c
-index c27b70dca..d41a9d3f5 100644
---- a/psi/interp.c
-+++ b/psi/interp.c
-@@ -661,16 +661,28 @@ again:
- return code;
- if (gs_errorname(i_ctx_p, code, &error_name) < 0)
- return code; /* out-of-range error code! */
-- /*
-- * For greater Adobe compatibility, only the standard PostScript errors
-- * are defined in errordict; the rest are in gserrordict.
-+
-+ /* If LockFilePermissions is true, we only refer to gserrordict, which
-+ * is not accessible to Postcript jobs
- */
-- if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
-- (dict_find(perrordict, &error_name, &epref) <= 0 &&
-- (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-- dict_find(perrordict, &error_name, &epref) <= 0))
-- )
-- return code; /* error name not in errordict??? */
-+ if (i_ctx_p->LockFilePermissions) {
-+ if (((dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+ dict_find(perrordict, &error_name, &epref) <= 0))
-+ )
-+ return code; /* error name not in errordict??? */
-+ }
-+ else {
-+ /*
-+ * For greater Adobe compatibility, only the standard PostScript errors
-+ * are defined in errordict; the rest are in gserrordict.
-+ */
-+ if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
-+ (dict_find(perrordict, &error_name, &epref) <= 0 &&
-+ (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+ dict_find(perrordict, &error_name, &epref) <= 0))
-+ )
-+ return code; /* error name not in errordict??? */
-+ }
- doref = *epref;
- epref = &doref;
- /* Push the error object on the operand stack if appropriate. */
---
-2.18.0
-
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
deleted file mode 100644
index 32bdd0790f..0000000000
--- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
-Date: Fri, 14 Aug 2015 17:28:36 +0800
-Subject: [PATCH] gnutls: Allow overriding the anchor file location by
- 'SSL_CERT_FILE'
-
----
- tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
-index 55ec1a5..217d3c8 100644
---- a/tls/gnutls/gtlsbackend-gnutls.c
-+++ b/tls/gnutls/gtlsbackend-gnutls.c
-@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self,
- GError **error)
- {
- const gchar *anchor_file = NULL;
-+ anchor_file = g_getenv ("SSL_CERT_FILE");
- #ifdef GTLS_SYSTEM_CA_FILE
-- anchor_file = GTLS_SYSTEM_CA_FILE;
-+ if (!anchor_file)
-+ anchor_file = GTLS_SYSTEM_CA_FILE;
- #endif
- return g_tls_file_database_new (anchor_file, error);
- }
---
-2.4.3
-
diff --git a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch b/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
deleted file mode 100644
index 1fad7c14e3..0000000000
--- a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-FIXME: The static test fails with an error such as:
-
-/tmp/guix-build-gnutls-3.5.13.drv-0/ccOnGPmc.o: In function `main':
-c.29617.tmp.c:(.text+0x5): undefined reference to `gnutls_global_init'
-collect2: error: ld returned 1 exit status
-FAIL pkgconfig.sh (exit status: 1)
-
-diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh
-index 6bd4e62f9..05aab8278 100755
---- a/tests/pkgconfig.sh
-+++ b/tests/pkgconfig.sh
-@@ -57,11 +57,7 @@ echo "Trying dynamic linking with:"
- echo " * flags: $(${PKGCONFIG} --libs gnutls)"
- echo " * common: ${COMMON}"
- echo " * lib: ${CFLAGS}"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
--
--echo ""
--echo "Trying static linking with $(${PKGCONFIG} --libs --static gnutls)"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-+gcc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-
- rm -f ${TMPFILE} ${TMPFILE_O}
-
diff --git a/gnu/packages/patches/inkscape-poppler-compat3.patch b/gnu/packages/patches/inkscape-poppler-compat3.patch
new file mode 100644
index 0000000000..eaaf7d93f1
--- /dev/null
+++ b/gnu/packages/patches/inkscape-poppler-compat3.patch
@@ -0,0 +1,499 @@
+Fix compatibility with Poppler >= 0.69.
+
+This is a combination of these upstream commits:
+https://gitlab.com/inkscape/inkscape/commit/722e121361d0f784083d10e897155b7d4e44e515
+https://gitlab.com/inkscape/inkscape/commit/402c0274420fe39fd2f3393bc7d8d8879d436358
+
+...with slight adjustments for the 0.92.3 release tarball.
+
+diff --git a/CMakeScripts/DefineDependsandFlags.cmake b/CMakeScripts/DefineDependsandFlags.cmake
+--- a/CMakeScripts/DefineDependsandFlags.cmake
++++ b/CMakeScripts/DefineDependsandFlags.cmake
+@@ -116,18 +116,6 @@ if(ENABLE_POPPLER)
+ set(HAVE_POPPLER_GLIB ON)
+ endif()
+ endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.26.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.26.0")
+- set(POPPLER_EVEN_NEWER_COLOR_SPACE_API ON)
+- endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.29.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.29.0")
+- set(POPPLER_EVEN_NEWER_NEW_COLOR_SPACE_API ON)
+- endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.58.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.58.0")
+- set(POPPLER_NEW_OBJECT_API ON)
+- endif()
+ else()
+ set(ENABLE_POPPLER_CAIRO OFF)
+ endif()
+diff --git a/src/extension/internal/pdfinput/pdf-input.cpp b/src/extension/internal/pdfinput/pdf-input.cpp
+--- a/src/extension/internal/pdfinput/pdf-input.cpp
++++ b/src/extension/internal/pdfinput/pdf-input.cpp
+@@ -793,7 +793,7 @@ PdfInput::open(::Inkscape::Extension::Input * /*mod*/, const gchar * uri) {
+ dlg->getImportSettings(prefs);
+
+ // Apply crop settings
+- PDFRectangle *clipToBox = NULL;
++ _POPPLER_CONST PDFRectangle *clipToBox = NULL;
+ double crop_setting;
+ sp_repr_get_double(prefs, "cropTo", &crop_setting);
+
+diff --git a/src/extension/internal/pdfinput/pdf-input.h b/src/extension/internal/pdfinput/pdf-input.h
+--- a/src/extension/internal/pdfinput/pdf-input.h
++++ b/src/extension/internal/pdfinput/pdf-input.h
+@@ -15,6 +15,7 @@
+ #endif
+
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+
+ #include <gtkmm/dialog.h>
+
+diff --git a/src/extension/internal/pdfinput/pdf-parser.cpp b/src/extension/internal/pdfinput/pdf-parser.cpp
+--- a/src/extension/internal/pdfinput/pdf-parser.cpp
++++ b/src/extension/internal/pdfinput/pdf-parser.cpp
+@@ -36,6 +36,7 @@ extern "C" {
+ #include "pdf-parser.h"
+ #include "util/units.h"
+
++#include "glib/poppler-features.h"
+ #include "goo/gmem.h"
+ #include "goo/GooString.h"
+ #include "GlobalParams.h"
+@@ -294,8 +295,8 @@ PdfParser::PdfParser(XRef *xrefA,
+ int /*pageNum*/,
+ int rotate,
+ Dict *resDict,
+- PDFRectangle *box,
+- PDFRectangle *cropBox) :
++ _POPPLER_CONST PDFRectangle *box,
++ _POPPLER_CONST PDFRectangle *cropBox) :
+ xref(xrefA),
+ builder(builderA),
+ subPage(gFalse),
+@@ -317,7 +318,7 @@ PdfParser::PdfParser(XRef *xrefA,
+ builder->setDocumentSize(Inkscape::Util::Quantity::convert(state->getPageWidth(), "pt", "px"),
+ Inkscape::Util::Quantity::convert(state->getPageHeight(), "pt", "px"));
+
+- double *ctm = state->getCTM();
++ const double *ctm = state->getCTM();
+ double scaledCTM[6];
+ for (int i = 0; i < 6; ++i) {
+ baseMatrix[i] = ctm[i];
+@@ -352,7 +353,7 @@ PdfParser::PdfParser(XRef *xrefA,
+ PdfParser::PdfParser(XRef *xrefA,
+ Inkscape::Extension::Internal::SvgBuilder *builderA,
+ Dict *resDict,
+- PDFRectangle *box) :
++ _POPPLER_CONST PDFRectangle *box) :
+ xref(xrefA),
+ builder(builderA),
+ subPage(gTrue),
+@@ -571,7 +572,7 @@ const char *PdfParser::getPreviousOperator(unsigned int look_back) {
+
+ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+ PdfOperator *op;
+- char *name;
++ const char *name;
+ Object *argPtr;
+ int i;
+
+@@ -619,7 +620,7 @@ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+ (this->*op->func)(argPtr, numArgs);
+ }
+
+-PdfOperator* PdfParser::findOp(char *name) {
++PdfOperator* PdfParser::findOp(const char *name) {
+ int a = -1;
+ int b = numOps;
+ int cmp = -1;
+@@ -1751,7 +1752,7 @@ void PdfParser::doShadingPatternFillFallback(GfxShadingPattern *sPat,
+ GBool stroke, GBool eoFill) {
+ GfxShading *shading;
+ GfxPath *savedPath;
+- double *ctm, *btm, *ptm;
++ const double *ctm, *btm, *ptm;
+ double m[6], ictm[6], m1[6];
+ double xMin, yMin, xMax, yMax;
+ double det;
+@@ -1993,7 +1994,7 @@ void PdfParser::doFunctionShFill1(GfxFunctionShading *shading,
+ GfxColor color0M, color1M, colorM0, colorM1, colorMM;
+ GfxColor colors2[4];
+ double functionColorDelta = colorDeltas[pdfFunctionShading-1];
+- double *matrix;
++ const double *matrix;
+ double xM, yM;
+ int nComps, i, j;
+
+@@ -2173,7 +2174,7 @@ void PdfParser::doPatchMeshShFill(GfxPatchMeshShading *shading) {
+ }
+ }
+
+-void PdfParser::fillPatch(GfxPatch *patch, int nComps, int depth) {
++void PdfParser::fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth) {
+ GfxPatch patch00 = blankPatch();
+ GfxPatch patch01 = blankPatch();
+ GfxPatch patch10 = blankPatch();
+@@ -2581,7 +2582,11 @@ void PdfParser::opShowSpaceText(Object args[], int /*numArgs*/)
+ }
+ }
+
++#if POPPLER_CHECK_VERSION(0,64,0)
+ void PdfParser::doShowText(const GooString *s) {
++#else
++void PdfParser::doShowText(GooString *s) {
++#endif
+ GfxFont *font;
+ int wMode;
+ double riseX, riseY;
+@@ -2590,11 +2595,15 @@ void PdfParser::doShowText(const GooString *s) {
+ double x, y, dx, dy, tdx, tdy;
+ double originX, originY, tOriginX, tOriginY;
+ double oldCTM[6], newCTM[6];
+- double *mat;
++ const double *mat;
+ Object charProc;
+ Dict *resDict;
+ Parser *oldParser;
++#if POPPLER_CHECK_VERSION(0,64,0)
++ const char *p;
++#else
+ char *p;
++#endif
+ int len, n, uLen;
+
+ font = state->getFont();
+@@ -2630,7 +2639,7 @@ void PdfParser::doShowText(const GooString *s) {
+ double lineX = state->getLineX();
+ double lineY = state->getLineY();
+ oldParser = parser;
+- p = g_strdup(s->getCString());
++ p = s->getCString();
+ len = s->getLength();
+ while (len > 0) {
+ n = font->getNextChar(p, len, &code,
+@@ -2685,7 +2694,7 @@ void PdfParser::doShowText(const GooString *s) {
+
+ } else {
+ state->textTransformDelta(0, state->getRise(), &riseX, &riseY);
+- p = g_strdup(s->getCString());
++ p = s->getCString();
+ len = s->getLength();
+ while (len > 0) {
+ n = font->getNextChar(p, len, &code,
+@@ -2731,7 +2740,11 @@ void PdfParser::opXObject(Object args[], int /*numArgs*/)
+ {
+ Object obj1, obj2, obj3, refObj;
+
+- char *name = g_strdup(args[0].getName());
++#if POPPLER_CHECK_VERSION(0,64,0)
++ const char *name = args[0].getName();
++#else
++ char *name = args[0].getName();
++#endif
+ #if defined(POPPLER_NEW_OBJECT_API)
+ if ((obj1 = res->lookupXObject(name)).isNull()) {
+ #else
+@@ -3656,7 +3669,6 @@ void PdfParser::opBeginImage(Object /*args*/[], int /*numArgs*/)
+ Stream *PdfParser::buildImageStream() {
+ Object dict;
+ Object obj;
+- char *key;
+ Stream *str;
+
+ // build dictionary
+@@ -3674,26 +3686,17 @@ Stream *PdfParser::buildImageStream() {
+ obj.free();
+ #endif
+ } else {
+- key = copyString(obj.getName());
+-#if defined(POPPLER_NEW_OBJECT_API)
+- obj = parser->getObj();
+-#else
+- obj.free();
+- parser->getObj(&obj);
+-#endif
+- if (obj.isEOF() || obj.isError()) {
+- gfree(key);
++ Object obj2;
++ _POPPLER_CALL(obj2, parser->getObj);
++ if (obj2.isEOF() || obj2.isError()) {
++ _POPPLER_FREE(obj);
+ break;
+ }
+-#if defined(POPPLER_NEW_OBJECT_API)
+- dict.dictAdd(key, std::move(obj));
+- }
+- obj = parser->getObj();
+-#else
+- dict.dictAdd(key, &obj);
++ _POPPLER_DICTADD(dict, obj.getName(), obj2);
++ _POPPLER_FREE(obj);
++ _POPPLER_FREE(obj2);
+ }
+- parser->getObj(&obj);
+-#endif
++ _POPPLER_CALL(obj, parser->getObj);
+ }
+ if (obj.isEOF()) {
+ error(errSyntaxError, getPos(), "End of file in inline image");
+diff --git a/src/extension/internal/pdfinput/pdf-parser.h b/src/extension/internal/pdfinput/pdf-parser.h
+--- a/src/extension/internal/pdfinput/pdf-parser.h
++++ b/src/extension/internal/pdfinput/pdf-parser.h
+@@ -9,6 +9,7 @@
+ #define PDF_PARSER_H
+
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma interface
+@@ -25,6 +26,7 @@ namespace Inkscape {
+ // TODO clean up and remove using:
+ using Inkscape::Extension::Internal::SvgBuilder;
+
++#include "glib/poppler-features.h"
+ #include "goo/gtypes.h"
+ #include "Object.h"
+
+@@ -127,11 +129,14 @@ public:
+
+ // Constructor for regular output.
+ PdfParser(XRef *xrefA, SvgBuilder *builderA, int pageNum, int rotate,
+- Dict *resDict, PDFRectangle *box, PDFRectangle *cropBox);
++ Dict *resDict,
++ _POPPLER_CONST PDFRectangle *box,
++ _POPPLER_CONST PDFRectangle *cropBox);
+
+ // Constructor for a sub-page object.
+ PdfParser(XRef *xrefA, Inkscape::Extension::Internal::SvgBuilder *builderA,
+- Dict *resDict, PDFRectangle *box);
++ Dict *resDict,
++ _POPPLER_CONST PDFRectangle *box);
+
+ virtual ~PdfParser();
+
+@@ -185,7 +190,7 @@ private:
+
+ void go(GBool topLevel);
+ void execOp(Object *cmd, Object args[], int numArgs);
+- PdfOperator *findOp(char *name);
++ PdfOperator *findOp(const char *name);
+ GBool checkArg(Object *arg, TchkType type);
+ int getPos();
+
+@@ -256,7 +261,7 @@ private:
+ double x2, double y2, GfxColor *color2,
+ int nComps, int depth);
+ void doPatchMeshShFill(GfxPatchMeshShading *shading);
+- void fillPatch(GfxPatch *patch, int nComps, int depth);
++ void fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth);
+ void doEndPath();
+
+ // path clipping operators
+@@ -287,7 +292,12 @@ private:
+ void opMoveShowText(Object args[], int numArgs);
+ void opMoveSetShowText(Object args[], int numArgs);
+ void opShowSpaceText(Object args[], int numArgs);
++#if POPPLER_CHECK_VERSION(0,64,0)
+ void doShowText(const GooString *s);
++#else
++ void doShowText(GooString *s);
++#endif
++
+
+ // XObject operators
+ void opXObject(Object args[], int numArgs);
+diff --git a/src/extension/internal/pdfinput/poppler-transition-api.h b/src/extension/internal/pdfinput/poppler-transition-api.h
+new file mode 100644
+--- /dev/null
++++ b/src/extension/internal/pdfinput/poppler-transition-api.h
+@@ -0,0 +1,39 @@
++#ifndef SEEN_POPPLER_TRANSITION_API_H
++#define SEEN_POPPLER_TRANSITION_API_H
++
++#include <glib/poppler-features.h>
++
++#if POPPLER_CHECK_VERSION(0,70,0)
++#define _POPPLER_CONST const
++#else
++#define _POPPLER_CONST
++#endif
++
++#if POPPLER_CHECK_VERSION(0,69,0)
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(key, std::move(obj))
++#elif POPPLER_CHECK_VERSION(0,58,0)
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(copyString(key), std::move(obj))
++#else
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(copyString(key), &obj)
++#endif
++
++#if POPPLER_CHECK_VERSION(0,58,0)
++#define POPPLER_NEW_OBJECT_API
++#define _POPPLER_FREE(obj)
++#define _POPPLER_CALL(ret, func) (ret = func())
++#define _POPPLER_CALL_ARGS(ret, func, ...) (ret = func(__VA_ARGS__))
++#else
++#define _POPPLER_FREE(obj) (obj).free()
++#define _POPPLER_CALL(ret, func) (*func(&ret))
++#define _POPPLER_CALL_ARGS(ret, func, ...) (*func(__VA_ARGS__, &ret))
++#endif
++
++#if POPPLER_CHECK_VERSION(0, 29, 0)
++#define POPPLER_EVEN_NEWER_NEW_COLOR_SPACE_API
++#endif
++
++#if POPPLER_CHECK_VERSION(0, 25, 0)
++#define POPPLER_EVEN_NEWER_COLOR_SPACE_API
++#endif
++
++#endif
+diff --git a/src/extension/internal/pdfinput/svg-builder.cpp b/src/extension/internal/pdfinput/svg-builder.cpp
+--- a/src/extension/internal/pdfinput/svg-builder.cpp
++++ b/src/extension/internal/pdfinput/svg-builder.cpp
+@@ -625,7 +625,7 @@ gchar *SvgBuilder::_createPattern(GfxPattern *pattern, GfxState *state, bool is_
+ if ( pattern != NULL ) {
+ if ( pattern->getType() == 2 ) { // Shading pattern
+ GfxShadingPattern *shading_pattern = static_cast<GfxShadingPattern *>(pattern);
+- double *ptm;
++ const double *ptm;
+ double m[6] = {1, 0, 0, 1, 0, 0};
+ double det;
+
+@@ -672,7 +672,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+
+ Inkscape::XML::Node *pattern_node = _xml_doc->createElement("svg:pattern");
+ // Set pattern transform matrix
+- double *p2u = tiling_pattern->getMatrix();
++ const double *p2u = tiling_pattern->getMatrix();
+ double m[6] = {1, 0, 0, 1, 0, 0};
+ double det;
+ det = _ttm[0] * _ttm[3] - _ttm[1] * _ttm[2]; // see LP Bug 1168908
+@@ -698,7 +698,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+ pattern_node->setAttribute("patternUnits", "userSpaceOnUse");
+ // Set pattern tiling
+ // FIXME: don't ignore XStep and YStep
+- double *bbox = tiling_pattern->getBBox();
++ const double *bbox = tiling_pattern->getBBox();
+ sp_repr_set_svg_double(pattern_node, "x", 0.0);
+ sp_repr_set_svg_double(pattern_node, "y", 0.0);
+ sp_repr_set_svg_double(pattern_node, "width", bbox[2] - bbox[0]);
+@@ -751,7 +751,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+ */
+ gchar *SvgBuilder::_createGradient(GfxShading *shading, double *matrix, bool for_shading) {
+ Inkscape::XML::Node *gradient;
+- Function *func;
++ _POPPLER_CONST Function *func;
+ int num_funcs;
+ bool extend0, extend1;
+
+@@ -865,7 +865,7 @@ static bool svgGetShadingColorRGB(GfxShading *shading, double offset, GfxRGB *re
+
+ #define INT_EPSILON 8
+ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *shading,
+- Function *func) {
++ _POPPLER_CONST Function *func) {
+ int type = func->getType();
+ if ( type == 0 || type == 2 ) { // Sampled or exponential function
+ GfxRGB stop1, stop2;
+@@ -877,9 +877,9 @@ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *sh
+ _addStopToGradient(gradient, 1.0, &stop2, 1.0);
+ }
+ } else if ( type == 3 ) { // Stitching
+- StitchingFunction *stitchingFunc = static_cast<StitchingFunction*>(func);
+- double *bounds = stitchingFunc->getBounds();
+- double *encode = stitchingFunc->getEncode();
++ auto stitchingFunc = static_cast<_POPPLER_CONST StitchingFunction*>(func);
++ const double *bounds = stitchingFunc->getBounds();
++ const double *encode = stitchingFunc->getEncode();
+ int num_funcs = stitchingFunc->getNumFuncs();
+
+ // Add stops from all the stitched functions
+@@ -890,7 +890,7 @@ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *sh
+ svgGetShadingColorRGB(shading, bounds[i + 1], &color);
+ // Add stops
+ if (stitchingFunc->getFunc(i)->getType() == 2) { // process exponential fxn
+- double expE = (static_cast<ExponentialFunction*>(stitchingFunc->getFunc(i)))->getE();
++ double expE = (static_cast<_POPPLER_CONST ExponentialFunction*>(stitchingFunc->getFunc(i)))->getE();
+ if (expE > 1.0) {
+ expE = (bounds[i + 1] - bounds[i])/expE; // approximate exponential as a single straight line at x=1
+ if (encode[2*i] == 0) { // normal sequence
+@@ -1020,9 +1020,9 @@ void SvgBuilder::updateFont(GfxState *state) {
+ GfxFont *font = state->getFont();
+ // Store original name
+ if (font->getName()) {
+- _font_specification = g_strdup(font->getName()->getCString());
++ _font_specification = font->getName()->getCString();
+ } else {
+- _font_specification = (char*) "Arial";
++ _font_specification = "Arial";
+ }
+
+ // Prune the font name to get the correct font family name
+@@ -1030,7 +1030,7 @@ void SvgBuilder::updateFont(GfxState *state) {
+ char *font_family = NULL;
+ char *font_style = NULL;
+ char *font_style_lowercase = NULL;
+- char *plus_sign = strstr(_font_specification, "+");
++ const char *plus_sign = strstr(_font_specification, "+");
+ if (plus_sign) {
+ font_family = g_strdup(plus_sign + 1);
+ _font_specification = plus_sign + 1;
+@@ -1148,7 +1148,7 @@ void SvgBuilder::updateFont(GfxState *state) {
+ Inkscape::CSSOStringStream os_font_size;
+ double css_font_size = _font_scaling * state->getFontSize();
+ if ( font->getType() == fontType3 ) {
+- double *font_matrix = font->getFontMatrix();
++ const double *font_matrix = font->getFontMatrix();
+ if ( font_matrix[0] != 0.0 ) {
+ css_font_size *= font_matrix[3] / font_matrix[0];
+ }
+@@ -1193,7 +1193,7 @@ void SvgBuilder::updateTextPosition(double tx, double ty) {
+ void SvgBuilder::updateTextMatrix(GfxState *state) {
+ _flushText();
+ // Update text matrix
+- double *text_matrix = state->getTextMat();
++ const double *text_matrix = state->getTextMat();
+ double w_scale = sqrt( text_matrix[0] * text_matrix[0] + text_matrix[2] * text_matrix[2] );
+ double h_scale = sqrt( text_matrix[1] * text_matrix[1] + text_matrix[3] * text_matrix[3] );
+ double max_scale;
+diff --git a/src/extension/internal/pdfinput/svg-builder.h b/src/extension/internal/pdfinput/svg-builder.h
+--- a/src/extension/internal/pdfinput/svg-builder.h
++++ b/src/extension/internal/pdfinput/svg-builder.h
+@@ -15,6 +15,7 @@
+ #endif
+
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+
+ class SPDocument;
+ namespace Inkscape {
+@@ -80,7 +81,7 @@ struct SvgGlyph {
+ bool style_changed; // Set to true if style has to be reset
+ SPCSSAttr *style;
+ int render_mode; // Text render mode
+- char *font_specification; // Pointer to current font specification
++ const char *font_specification; // Pointer to current font specification
+ };
+
+ /**
+@@ -174,7 +175,7 @@ private:
+ void _addStopToGradient(Inkscape::XML::Node *gradient, double offset,
+ GfxRGB *color, double opacity);
+ bool _addGradientStops(Inkscape::XML::Node *gradient, GfxShading *shading,
+- Function *func);
++ _POPPLER_CONST Function *func);
+ gchar *_createTilingPattern(GfxTilingPattern *tiling_pattern, GfxState *state,
+ bool is_stroke=false);
+ // Image/mask creation
+@@ -202,7 +203,7 @@ private:
+
+ SPCSSAttr *_font_style; // Current font style
+ GfxFont *_current_font;
+- char *_font_specification;
++ const char *_font_specification;
+ double _font_scaling;
+ bool _need_font_update;
+ Geom::Affine _text_matrix;
diff --git a/gnu/packages/patches/json-glib-fix-tests-32bit.patch b/gnu/packages/patches/json-glib-fix-tests-32bit.patch
deleted file mode 100644
index 77ea134915..0000000000
--- a/gnu/packages/patches/json-glib-fix-tests-32bit.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-Fix floating point issues on 32-bit platforms:
-
-https://gitlab.gnome.org/GNOME/json-glib/issues/27
-
-This is an amalgamation of the following upstream commits:
-https://gitlab.gnome.org/GNOME/json-glib/commit/70e2648e02232c1a439a7418388f18fee9afb3fe
-https://gitlab.gnome.org/GNOME/json-glib/commit/675e27505776a1d77fa1ffd1974284890caec1f4
-
-diff --git a/json-glib/tests/json-test-utils.h b/json-glib/tests/json-test-utils.h
-new file mode 100644
-index 0000000..83a02c6
---- /dev/null
-+++ b/json-glib/tests/json-test-utils.h
-@@ -0,0 +1,21 @@
-+#include <string.h>
-+#include <math.h>
-+#include <float.h>
-+#include <glib.h>
-+#include <json-glib/json-glib.h>
-+
-+#define json_fuzzy_equals(n1,n2,epsilon) \
-+ (((n1) > (n2) ? ((n1) - (n2)) : ((n2) - (n1))) < (epsilon))
-+
-+#define json_assert_fuzzy_equals(n1,n2,epsilon) \
-+ G_STMT_START { \
-+ double __n1 = (n1), __n2 = (n2), __epsilon = (epsilon); \
-+ if (json_fuzzy_equals (__n1, __n2, __epsilon)) ; else { \
-+ g_assertion_message_cmpnum (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
-+ #n1 " == " #n2 " (+/- " #epsilon ")", \
-+ __n1, "==", __n2, 'f'); \
-+ } \
-+ } G_STMT_END
-+
-+#define json_assert_almost_equals(n1,n2) \
-+ json_assert_fuzzy_equals (n1, n2, DBL_EPSILON)
-diff --git a/json-glib/tests/array.c b/json-glib/tests/array.c
-index 98afeab..426cd72 100644
---- a/json-glib/tests/array.c
-+++ b/json-glib/tests/array.c
-@@ -1,9 +1,4 @@
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--
--#include <glib.h>
--#include <json-glib/json-glib.h>
-+#include "json-test-utils.h"
-
- static void
- test_empty_array (void)
-@@ -37,7 +32,7 @@ test_add_element (void)
-
- json_array_add_double_element (array, 3.14);
- g_assert_cmpint (json_array_get_length (array), ==, 3);
-- g_assert_cmpfloat (json_array_get_double_element (array, 2), ==, 3.14);
-+ json_assert_fuzzy_equals (json_array_get_double_element (array, 2), 3.14, 0.001);
-
- json_array_add_boolean_element (array, TRUE);
- g_assert_cmpint (json_array_get_length (array), ==, 4);
-diff --git a/json-glib/tests/node.c b/json-glib/tests/node.c
-index 23bda63..80beb78 100644
---- a/json-glib/tests/node.c
-+++ b/json-glib/tests/node.c
-@@ -1,6 +1,4 @@
--#include <glib.h>
--#include <json-glib/json-glib.h>
--#include <string.h>
-+#include "json-test-utils.h"
-
- static void
- test_init_int (void)
-@@ -19,7 +17,7 @@ test_init_double (void)
- JsonNode *node = json_node_new (JSON_NODE_VALUE);
-
- json_node_set_double (node, 3.14159);
-- g_assert_cmpfloat (json_node_get_double (node), ==, 3.14159);
-+ json_assert_fuzzy_equals (json_node_get_double (node), 3.14159, 0.00001);
-
- json_node_free (node);
- }
-@@ -119,13 +117,13 @@ test_get_int (void)
-
- json_node_set_int (node, 0);
- g_assert_cmpint (json_node_get_int (node), ==, 0);
-- g_assert_cmpfloat (json_node_get_double (node), ==, 0.0);
-+ json_assert_almost_equals (json_node_get_double (node), 0.0);
- g_assert (!json_node_get_boolean (node));
- g_assert (!json_node_is_null (node));
-
- json_node_set_int (node, 42);
- g_assert_cmpint (json_node_get_int (node), ==, 42);
-- g_assert_cmpfloat (json_node_get_double (node), ==, 42.0);
-+ json_assert_almost_equals (json_node_get_double (node), 42.0);
- g_assert (json_node_get_boolean (node));
- g_assert (!json_node_is_null (node));
-
-@@ -138,7 +136,7 @@ test_get_double (void)
- JsonNode *node = json_node_new (JSON_NODE_VALUE);
-
- json_node_set_double (node, 3.14);
-- g_assert_cmpfloat (json_node_get_double (node), ==, 3.14);
-+ json_assert_fuzzy_equals (json_node_get_double (node), 3.14, 0.001);
- g_assert_cmpint (json_node_get_int (node), ==, 3);
- g_assert (json_node_get_boolean (node));
-
-@@ -232,9 +230,9 @@ test_gvalue_autopromotion (void)
- g_print ("Expecting a gdouble, got a %s\n", g_type_name (G_VALUE_TYPE (&check)));
-
- g_assert_cmpint (G_VALUE_TYPE (&check), ==, G_TYPE_DOUBLE);
-- g_assert_cmpfloat ((float) g_value_get_double (&check), ==, 3.14159f);
-+ json_assert_fuzzy_equals (g_value_get_double (&check), 3.14159, 0.00001);
- g_assert_cmpint (G_VALUE_TYPE (&value), !=, G_VALUE_TYPE (&check));
-- g_assert_cmpfloat ((gdouble) g_value_get_float (&value), ==, g_value_get_double (&check));
-+ json_assert_almost_equals (g_value_get_float (&value), g_value_get_double (&check));
-
- g_value_unset (&value);
- g_value_unset (&check);
-diff --git a/json-glib/tests/parser.c b/json-glib/tests/parser.c
-index f71584a..8c52a1d 100644
---- a/json-glib/tests/parser.c
-+++ b/json-glib/tests/parser.c
-@@ -1,11 +1,5 @@
--#include "config.h"
--
-+#include "json-test-utils.h"
- #include <stdlib.h>
--#include <stdio.h>
--
--#include <glib.h>
--
--#include <json-glib/json-glib.h>
-
- static const gchar *test_empty_string = "";
- static const gchar *test_empty_array_string = "[ ]";
-@@ -38,13 +32,13 @@ verify_string_value (JsonNode *node)
- static void
- verify_double_value (JsonNode *node)
- {
-- g_assert_cmpfloat (10.2e3, ==, json_node_get_double (node));
-+ json_assert_fuzzy_equals (10.2e3, json_node_get_double (node), 0.1);
- }
-
- static void
- verify_negative_double_value (JsonNode *node)
- {
-- g_assert_cmpfloat (-3.14, ==, json_node_get_double (node));
-+ json_assert_fuzzy_equals (-3.14, json_node_get_double (node), 0.01);
- }
-
- static const struct {
-diff --git a/json-glib/tests/reader.c b/json-glib/tests/reader.c
-index 43a6aac..9bab312 100644
---- a/json-glib/tests/reader.c
-+++ b/json-glib/tests/reader.c
-@@ -1,9 +1,4 @@
--#include <stdlib.h>
--#include <stdio.h>
--
--#include <glib.h>
--
--#include <json-glib/json-glib.h>
-+#include "json-test-utils.h"
-
- static const gchar *test_base_array_data =
- "[ 0, true, null, \"foo\", 3.14, [ false ], { \"bar\" : 42 } ]";
-@@ -78,7 +73,7 @@ test_base_object (void)
- g_assert (json_reader_get_error (reader) == NULL);
-
- json_reader_read_member (reader, "double");
-- g_assert_cmpfloat (json_reader_get_double_value (reader), ==, 42.47);
-+ json_assert_fuzzy_equals (json_reader_get_double_value (reader), 42.47, 0.01);
- json_reader_end_element (reader);
-
- g_object_unref (reader);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-18013.patch b/gnu/packages/patches/libtiff-CVE-2017-18013.patch
deleted file mode 100644
index ba03c83847..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-18013.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-18013:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2770
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
-
-From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 31 Dec 2017 15:09:41 +0100
-Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
- dereference on corrupted file. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2770
-
----
- libtiff/tif_print.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
-index 9959d353..8deceb2b 100644
---- a/libtiff/tif_print.c
-+++ b/libtiff/tif_print.c
-@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
- (unsigned long) s,
-- (unsigned __int64) td->td_stripoffset[s],
-- (unsigned __int64) td->td_stripbytecount[s]);
-+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
-+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
- #else
- fprintf(fd, " %3lu: [%8llu, %8llu]\n",
- (unsigned long) s,
-- (unsigned long long) td->td_stripoffset[s],
-- (unsigned long long) td->td_stripbytecount[s]);
-+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
-+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
- #endif
- }
- }
---
-2.16.1
-
diff --git a/gnu/packages/patches/libtiff-CVE-2017-9935.patch b/gnu/packages/patches/libtiff-CVE-2017-9935.patch
deleted file mode 100644
index 5685d81f68..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-9935.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-Fix CVE-2017-9935
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
-http://bugzilla.maptools.org/show_bug.cgi?id=2704
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
-
-From 3dd8f6a357981a4090f126ab9025056c938b6940 Mon Sep 17 00:00:00 2001
-From: Brian May <brian@linuxpenguins.xyz>
-Date: Thu, 7 Dec 2017 07:46:47 +1100
-Subject: [PATCH] tiff2pdf: Fix CVE-2017-9935
-
-Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704
-
-This vulnerability - at least for the supplied test case - is because we
-assume that a tiff will only have one transfer function that is the same
-for all pages. This is not required by the TIFF standards.
-
-We than read the transfer function for every page. Depending on the
-transfer function, we allocate either 2 or 4 bytes to the XREF buffer.
-We allocate this memory after we read in the transfer function for the
-page.
-
-For the first exploit - POC1, this file has 3 pages. For the first page
-we allocate 2 extra extra XREF entries. Then for the next page 2 more
-entries. Then for the last page the transfer function changes and we
-allocate 4 more entries.
-
-When we read the file into memory, we assume we have 4 bytes extra for
-each and every page (as per the last transfer function we read). Which
-is not correct, we only have 2 bytes extra for the first 2 pages. As a
-result, we end up writing past the end of the buffer.
-
-There are also some related issues that this also fixes. For example,
-TIFFGetField can return uninitalized pointer values, and the logic to
-detect a N=3 vs N=1 transfer function seemed rather strange.
-
-It is also strange that we declare the transfer functions to be of type
-float, when the standard says they are unsigned 16 bit values. This is
-fixed in another patch.
-
-This patch will check to ensure that the N value for every transfer
-function is the same for every page. If this changes, we abort with an
-error. In theory, we should perhaps check that the transfer function
-itself is identical for every page, however we don't do that due to the
-confusion of the type of the data in the transfer function.
----
- libtiff/tif_dir.c | 3 +++
- tools/tiff2pdf.c | 65 +++++++++++++++++++++++++++++++++++++------------------
- 2 files changed, 47 insertions(+), 21 deletions(-)
-
-diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
-index 2ccaf448..cbf2b693 100644
---- a/libtiff/tif_dir.c
-+++ b/libtiff/tif_dir.c
-@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
- if (td->td_samplesperpixel - td->td_extrasamples > 1) {
- *va_arg(ap, uint16**) = td->td_transferfunction[1];
- *va_arg(ap, uint16**) = td->td_transferfunction[2];
-+ } else {
-+ *va_arg(ap, uint16**) = NULL;
-+ *va_arg(ap, uint16**) = NULL;
- }
- break;
- case TIFFTAG_REFERENCEBLACKWHITE:
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index d1a9b095..c3ec0746 100644
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
- uint16 pagen=0;
- uint16 paged=0;
- uint16 xuint16=0;
-+ uint16 tiff_transferfunctioncount=0;
-+ float* tiff_transferfunction[3];
-
- directorycount=TIFFNumberOfDirectories(input);
- t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
-@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
- }
- #endif
- if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
-- &(t2p->tiff_transferfunction[0]),
-- &(t2p->tiff_transferfunction[1]),
-- &(t2p->tiff_transferfunction[2]))) {
-- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[1] !=
-- t2p->tiff_transferfunction[0])) {
-- t2p->tiff_transferfunctioncount = 3;
-- t2p->tiff_pages[i].page_extra += 4;
-- t2p->pdf_xrefcount += 4;
-- } else {
-- t2p->tiff_transferfunctioncount = 1;
-- t2p->tiff_pages[i].page_extra += 2;
-- t2p->pdf_xrefcount += 2;
-- }
-- if(t2p->pdf_minorversion < 2)
-- t2p->pdf_minorversion = 2;
-+ &(tiff_transferfunction[0]),
-+ &(tiff_transferfunction[1]),
-+ &(tiff_transferfunction[2]))) {
-+
-+ if((tiff_transferfunction[1] != (float*) NULL) &&
-+ (tiff_transferfunction[2] != (float*) NULL)
-+ ) {
-+ tiff_transferfunctioncount=3;
-+ } else {
-+ tiff_transferfunctioncount=1;
-+ }
- } else {
-- t2p->tiff_transferfunctioncount=0;
-+ tiff_transferfunctioncount=0;
- }
-+
-+ if (i > 0){
-+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
-+ TIFFError(
-+ TIFF2PDF_MODULE,
-+ "Different transfer function on page %d",
-+ i);
-+ t2p->t2p_error = T2P_ERR_ERROR;
-+ return;
-+ }
-+ }
-+
-+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
-+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
-+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
-+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
-+ if(tiff_transferfunctioncount == 3){
-+ t2p->tiff_pages[i].page_extra += 4;
-+ t2p->pdf_xrefcount += 4;
-+ if(t2p->pdf_minorversion < 2)
-+ t2p->pdf_minorversion = 2;
-+ } else if (tiff_transferfunctioncount == 1){
-+ t2p->tiff_pages[i].page_extra += 2;
-+ t2p->pdf_xrefcount += 2;
-+ if(t2p->pdf_minorversion < 2)
-+ t2p->pdf_minorversion = 2;
-+ }
-+
- if( TIFFGetField(
- input,
- TIFFTAG_ICCPROFILE,
-@@ -1828,9 +1852,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- &(t2p->tiff_transferfunction[1]),
- &(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[1] !=
-- t2p->tiff_transferfunction[0])) {
-+ (t2p->tiff_transferfunction[2] != (float*) NULL)
-+ ) {
- t2p->tiff_transferfunctioncount=3;
- } else {
- t2p->tiff_transferfunctioncount=1;
---
-2.16.1
-
diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
deleted file mode 100644
index d31c12399d..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2018-10963.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2018-10963:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2795
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
-
-From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 14:24:15 +0200
-Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
-
----
- libtiff/tif_dirwrite.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
-index 2430de6d..c15a28db 100644
---- a/libtiff/tif_dirwrite.c
-+++ b/libtiff/tif_dirwrite.c
-@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
- }
- break;
- default:
-- assert(0); /* we should never get here */
-- break;
-+ TIFFErrorExt(tif->tif_clientdata,module,
-+ "Cannot write tag %d (%s)",
-+ TIFFFieldTag(o),
-+ o->field_name ? o->field_name : "unknown");
-+ goto bad;
- }
- }
- }
---
-2.17.0
-
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
deleted file mode 100644
index f49815789e..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2018-8905.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix CVE-2018-8095:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2780
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
-
-From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 15:32:31 +0200
-Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
-
-The fix consists in using the similar code LZWDecode() to validate we
-don't write outside of the output buffer.
----
- libtiff/tif_lzw.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index 4ccb443c..94d85e38 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- char *tp;
- unsigned char *bp;
- int code, nbits;
-+ int len;
- long nextbits, nextdata, nbitsmask;
- code_t *codep, *free_entp, *maxcodep, *oldcodep;
-
-@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- } while (--occ);
- break;
- }
-- assert(occ >= codep->length);
-- op += codep->length;
-- occ -= codep->length;
-- tp = op;
-+ len = codep->length;
-+ tp = op + len;
- do {
-- *--tp = codep->value;
-- } while( (codep = codep->next) != NULL );
-+ int t;
-+ --tp;
-+ t = codep->value;
-+ codep = codep->next;
-+ *tp = (char)t;
-+ } while (codep && tp > op);
-+ assert(occ >= len);
-+ op += len;
-+ occ -= len;
- } else {
- *op++ = (char)code;
- occ--;
---
-2.17.0
-
diff --git a/gnu/packages/patches/poppler-CVE-2018-19149.patch b/gnu/packages/patches/poppler-CVE-2018-19149.patch
deleted file mode 100644
index 3641f5f078..0000000000
--- a/gnu/packages/patches/poppler-CVE-2018-19149.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Fix CVE-2018-19149:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149
-https://gitlab.freedesktop.org/poppler/poppler/issues/664
-
-Patch copied from upstream source repository:
-
-https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
-
-From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
-From: Marek Kasik <mkasik@redhat.com>
-Date: Fri, 20 Apr 2018 11:38:13 +0200
-Subject: [PATCH] Fix crash on missing embedded file
-
-Check whether an embedded file is actually present in the PDF
-and show warning in that case.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=106137
-https://gitlab.freedesktop.org/poppler/poppler/issues/236
----
- glib/poppler-attachment.cc | 26 +++++++++++++++++---------
- glib/poppler-document.cc | 3 ++-
- 2 files changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
-index c6502e9d..11ba5bb5 100644
---- a/glib/poppler-attachment.cc
-+++ b/glib/poppler-attachment.cc
-@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
- attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
-
- embFile = emb_file->getEmbeddedFile();
-- attachment->size = embFile->size ();
-+ if (embFile != NULL && embFile->streamObject()->isStream())
-+ {
-+ attachment->size = embFile->size ();
-
-- if (embFile->createDate ())
-- _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
-- if (embFile->modDate ())
-- _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
-+ if (embFile->createDate ())
-+ _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
-+ if (embFile->modDate ())
-+ _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
-
-- if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
-- attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
-- embFile->checksum ()->getLength ());
-- priv->obj_stream = embFile->streamObject()->copy();
-+ if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
-+ attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
-+ embFile->checksum ()->getLength ());
-+ priv->obj_stream = embFile->streamObject()->copy();
-+ }
-+ else
-+ {
-+ g_warning ("Missing stream object for embedded file");
-+ g_clear_object (&attachment);
-+ }
-
- return attachment;
- }
-diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
-index 83f6aea6..ea319344 100644
---- a/glib/poppler-document.cc
-+++ b/glib/poppler-document.cc
-@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
- attachment = _poppler_attachment_new (emb_file);
- delete emb_file;
-
-- retval = g_list_prepend (retval, attachment);
-+ if (attachment != NULL)
-+ retval = g_list_prepend (retval, attachment);
- }
- return g_list_reverse (retval);
- }
---
-2.19.1
-
diff --git a/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch b/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch
new file mode 100644
index 0000000000..97ef6928fe
--- /dev/null
+++ b/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch
@@ -0,0 +1,25 @@
+From 223c82d1d6ed1f29f26307249827ff679e09c780 Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 28 Jul 2018 12:22:12 +0200
+Subject: [PATCH] disable resolve_symlink
+
+---
+ src/common/exec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/common/exec.c b/src/common/exec.c
+index 878fc29..6b3e283 100644
+--- a/src/common/exec.c
++++ b/src/common/exec.c
+@@ -218,6 +218,8 @@ find_my_exec(const char *argv0, char *retpath)
+ static int
+ resolve_symlinks(char *path)
+ {
++ // On GuixSD we *want* stuff relative to symlinks.
++ return 0;
+ #ifdef HAVE_READLINK
+ struct stat buf;
+ char orig_wd[MAXPGPATH],
+--
+2.18.0
+
diff --git a/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
new file mode 100644
index 0000000000..d8b9bf172a
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
@@ -0,0 +1,318 @@
+Fix LuaTeX compatibility with Poppler 0.72.
+
+Upstream LuaTeX have moved from Poppler to "pplib" and thus upstream
+fixes are unavailable. This is based on Arch Linux patches, with minor
+changes for Poppler 0.72:
+https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/texlive-bin&id=f1b424435c8fa31d9296c7a6dc17f939a8332780
+
+diff --git a/texk/web2c/luatexdir/image/pdftoepdf.w b/texk/web2c/luatexdir/image/pdftoepdf.w
+--- a/texk/web2c/luatexdir/image/pdftoepdf.w
++++ b/texk/web2c/luatexdir/image/pdftoepdf.w
+@@ -35,7 +35,7 @@
+
+ extern void md5(Guchar *msg, int msgLen, Guchar *digest);
+
+-static GBool isInit = gFalse;
++static bool isInit = false;
+
+ /* Maintain AVL tree of all PDF files for embedding */
+
+@@ -363,10 +363,10 @@ void copyReal(PDF pdf, double d)
+
+ static void copyString(PDF pdf, GooString * string)
+ {
+- char *p;
++ const char *p;
+ unsigned char c;
+ size_t i, l;
+- p = string->getCString();
++ p = string->c_str();
+ l = (size_t) string->getLength();
+ if (pdf->cave)
+ pdf_out(pdf, ' ');
+@@ -393,7 +393,7 @@ static void copyString(PDF pdf, GooString * string)
+ pdf->cave = true;
+ }
+
+-static void copyName(PDF pdf, char *s)
++static void copyName(PDF pdf, const char *s)
+ {
+ pdf_out(pdf, '/');
+ for (; *s != 0; s++) {
+@@ -468,14 +468,14 @@ static void copyObject(PDF pdf, PdfDocument * pdf_doc, Object * obj)
+ break;
+ /*
+ case objNum:
+- GBool isNum() { return type == objInt || type == objReal; }
++ bool isNum() { return type == objInt || type == objReal; }
+ break;
+ */
+ case objString:
+ copyString(pdf, (GooString *)obj->getString());
+ break;
+ case objName:
+- copyName(pdf, (char *)obj->getName());
++ copyName(pdf, obj->getName());
+ break;
+ case objNull:
+ pdf_add_null(pdf);
+@@ -531,22 +531,22 @@ static PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
+ {
+ switch (pagebox_spec) {
+ case PDF_BOX_SPEC_MEDIA:
+- return page->getMediaBox();
++ return (PDFRectangle *) page->getMediaBox();
+ break;
+ case PDF_BOX_SPEC_CROP:
+- return page->getCropBox();
++ return (PDFRectangle *) page->getCropBox();
+ break;
+ case PDF_BOX_SPEC_BLEED:
+- return page->getBleedBox();
++ return (PDFRectangle *) page->getBleedBox();
+ break;
+ case PDF_BOX_SPEC_TRIM:
+- return page->getTrimBox();
++ return (PDFRectangle *) page->getTrimBox();
+ break;
+ case PDF_BOX_SPEC_ART:
+- return page->getArtBox();
++ return (PDFRectangle *) page->getArtBox();
+ break;
+ default:
+- return page->getMediaBox();
++ return (PDFRectangle *) page->getMediaBox();
+ break;
+ }
+ }
+@@ -587,11 +587,11 @@ void read_pdf_info(image_dict * idict)
+ PDFRectangle *pagebox;
+ int pdf_major_version_found, pdf_minor_version_found;
+ float xsize, ysize, xorig, yorig;
+- if (isInit == gFalse) {
++ if (isInit == false) {
+ if (!(globalParams))
+ globalParams = new GlobalParams();
+- globalParams->setErrQuiet(gFalse);
+- isInit = gTrue;
++ globalParams->setErrQuiet(false);
++ isInit = true;
+ }
+ if (img_type(idict) == IMG_TYPE_PDF)
+ pdf_doc = refPdfDocument(img_filepath(idict), FE_FAIL);
+@@ -966,7 +966,7 @@ void epdf_free()
+ if (PdfDocumentTree != NULL)
+ avl_destroy(PdfDocumentTree, destroyPdfDocument);
+ PdfDocumentTree = NULL;
+- if (isInit == gTrue)
++ if (isInit == true)
+ delete globalParams;
+- isInit = gFalse;
++ isInit = false;
+ }
+diff --git a/texk/web2c/luatexdir/lua/lepdflib.cc b/texk/web2c/luatexdir/lua/lepdflib.cc
+--- a/texk/web2c/luatexdir/lua/lepdflib.cc
++++ b/texk/web2c/luatexdir/lua/lepdflib.cc
+@@ -240,7 +240,7 @@ static int l_new_Attribute(lua_State * L)
+ if (uobj->pd != NULL && uobj->pd->pc != uobj->pc)
+ pdfdoc_changed_error(L);
+ uout = new_Attribute_userdata(L);
+- uout->d = new Attribute(n, nlen, (Object *)uobj->d);
++ uout->d = new Attribute((GooString)n, (Object *)uobj->d);
+ uout->atype = ALLOC_LEPDF;
+ uout->pc = uobj->pc;
+ uout->pd = uobj->pd;
+@@ -439,7 +439,7 @@ static int l_new_Object(lua_State * L)
+ break;
+ case 1:
+ if (lua_isboolean (L,1)) {
+- uout->d = new Object(lua_toboolean(L, 1)? gTrue : gFalse);
++ uout->d = new Object(lua_toboolean(L, 1)? true : false);
+ uout->atype = ALLOC_LEPDF;
+ uout->pc = 0;
+ uout->pd = NULL;
+@@ -596,7 +596,7 @@ static int m_##in##_##function(lua_State * L) \
+ uin = (udstruct *) luaL_checkudata(L, 1, M_##in); \
+ if (uin->pd != NULL && uin->pd->pc != uin->pc) \
+ pdfdoc_changed_error(L); \
+- o = ((in *) uin->d)->function(); \
++ o = (out *) ((in *) uin->d)->function(); \
+ if (o != NULL) { \
+ uout = new_##out##_userdata(L); \
+ uout->d = o; \
+@@ -676,7 +676,7 @@ static int m_##in##_##function(lua_State * L) \
+ pdfdoc_changed_error(L); \
+ gs = (GooString *)((in *) uin->d)->function(); \
+ if (gs != NULL) \
+- lua_pushlstring(L, gs->getCString(), gs->getLength()); \
++ lua_pushlstring(L, gs->c_str(), gs->getLength()); \
+ else \
+ lua_pushnil(L); \
+ return 1; \
+@@ -911,7 +911,7 @@ static int m_Array_getString(lua_State * L)
+ if (i > 0 && i <= len) {
+ gs = new GooString();
+ if (((Array *) uin->d)->getString(i - 1, gs))
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ else
+ lua_pushnil(L);
+ delete gs;
+@@ -1063,7 +1063,7 @@ static int m_Catalog_getJS(lua_State * L)
+ if (i > 0 && i <= len) {
+ gs = ((Catalog *) uin->d)->getJS(i - 1);
+ if (gs != NULL)
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ else
+ lua_pushnil(L);
+ delete gs;
+@@ -1125,12 +1125,12 @@ m_poppler_get_INT(Dict, getLength);
+
+ static int m_Dict_add(lua_State * L)
+ {
+- char *s;
++ const char *s;
+ udstruct *uin, *uobj;
+ uin = (udstruct *) luaL_checkudata(L, 1, M_Dict);
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+- s = copyString(luaL_checkstring(L, 2));
++ s = luaL_checkstring(L, 2);
+ uobj = (udstruct *) luaL_checkudata(L, 3, M_Object);
+ ((Dict *) uin->d)->add(s, std::move(*((Object *) uobj->d)));
+ return 0;
+@@ -1378,7 +1378,7 @@ static int m_GooString__tostring(lua_State * L)
+ uin = (udstruct *) luaL_checkudata(L, 1, M_GooString);
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+- lua_pushlstring(L, ((GooString *) uin->d)->getCString(),
++ lua_pushlstring(L, ((GooString *) uin->d)->c_str(),
+ ((GooString *) uin->d)->getLength());
+ return 1;
+ }
+@@ -1527,9 +1527,9 @@ static int m_Object_initBool(lua_State * L)
+ pdfdoc_changed_error(L);
+ luaL_checktype(L, 2, LUA_TBOOLEAN);
+ if (lua_toboolean(L, 2) != 0)
+- *((Object *) uin->d) = Object(gTrue);
++ *((Object *) uin->d) = Object(true);
+ else
+- *((Object *) uin->d) = Object(gFalse);
++ *((Object *) uin->d) = Object(false);
+ return 0;
+ }
+
+@@ -1814,7 +1814,7 @@ static int m_Object_getString(lua_State * L)
+ pdfdoc_changed_error(L);
+ if (((Object *) uin->d)->isString()) {
+ gs = (GooString *)((Object *) uin->d)->getString();
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ } else
+ lua_pushnil(L);
+ return 1;
+@@ -2051,7 +2051,7 @@ static int m_Object_dictAdd(lua_State * L)
+ pdfdoc_changed_error(L);
+ if (!((Object *) uin->d)->isDict())
+ luaL_error(L, "Object is not a Dict");
+- ((Object *) uin->d)->dictAdd(copyString(s), std::move(*((Object *) uobj->d)));
++ ((Object *) uin->d)->dictAdd(s, std::move(*((Object *) uobj->d)));
+ return 0;
+ }
+
+@@ -2470,9 +2470,9 @@ static int m_PDFDoc_getFileName(lua_State * L)
+ uin = (udstruct *) luaL_checkudata(L, 1, M_PDFDoc);
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+- gs = ((PdfDocument *) uin->d)->doc->getFileName();
++ gs = (GooString *) ((PdfDocument *) uin->d)->doc->getFileName();
+ if (gs != NULL)
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ else
+ lua_pushnil(L);
+ return 1;
+@@ -2559,9 +2559,9 @@ static int m_PDFDoc_readMetadata(lua_State * L)
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+ if (((PdfDocument *) uin->d)->doc->getCatalog()->isOk()) {
+- gs = ((PdfDocument *) uin->d)->doc->readMetadata();
++ gs = (GooString *) ((PdfDocument *) uin->d)->doc->readMetadata();
+ if (gs != NULL)
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ else
+ lua_pushnil(L);
+ } else
+@@ -2577,7 +2577,7 @@ static int m_PDFDoc_getStructTreeRoot(lua_State * L)
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+ if (((PdfDocument *) uin->d)->doc->getCatalog()->isOk()) {
+- obj = ((PdfDocument *) uin->d)->doc->getStructTreeRoot();
++ obj = (StructTreeRoot *) ((PdfDocument *) uin->d)->doc->getStructTreeRoot();
+ uout = new_StructTreeRoot_userdata(L);
+ uout->d = obj;
+ uout->pc = uin->pc;
+@@ -3038,12 +3038,12 @@ m_poppler_get_BOOL(Attribute, isHidden);
+
+ static int m_Attribute_setHidden(lua_State * L)
+ {
+- GBool i;
++ bool i;
+ udstruct *uin;
+ uin = (udstruct *) luaL_checkudata(L, 1, M_Attribute);
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+- i = (GBool) lua_toboolean(L, 2);
++ i = (bool) lua_toboolean(L, 2);
+ ((Attribute *) uin->d)->setHidden(i);
+ return 0;
+ }
+@@ -3180,7 +3180,7 @@ static int m_StructElement_getParentRef(lua_State * L)
+ // Ref is false if the C++ functione return false
+ static int m_StructElement_getPageRef(lua_State * L)
+ {
+- GBool b;
++ bool b;
+ Ref *r;
+ udstruct *uin, *uout;
+ uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+@@ -3226,16 +3226,16 @@ static int m_StructElement_setRevision(lua_State * L)
+
+ static int m_StructElement_getText(lua_State * L)
+ {
+- GBool i;
++ bool i;
+ GooString *gs;
+ udstruct *uin;
+ uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+ if (uin->pd != NULL && uin->pd->pc != uin->pc)
+ pdfdoc_changed_error(L);
+- i = (GBool) lua_toboolean(L, 2);
++ i = (bool) lua_toboolean(L, 2);
+ gs = ((StructElement *) uin->d)->getText(i);
+ if (gs != NULL)
+- lua_pushlstring(L, gs->getCString(), gs->getLength());
++ lua_pushlstring(L, gs->c_str(), gs->getLength());
+ else
+ lua_pushnil(L);
+ return 1;
+@@ -3321,7 +3321,7 @@ static int m_StructElement_findAttribute(lua_State * L)
+ {
+ Attribute::Type t;
+ Attribute::Owner o;
+- GBool g;
++ bool g;
+ udstruct *uin, *uout;
+ const Attribute *a;
+ uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+@@ -3329,7 +3329,7 @@ static int m_StructElement_findAttribute(lua_State * L)
+ pdfdoc_changed_error(L);
+ t = (Attribute::Type) luaL_checkint(L,1);
+ o = (Attribute::Owner) luaL_checkint(L,2);
+- g = (GBool) lua_toboolean(L, 3);
++ g = (bool) lua_toboolean(L, 3);
+ a = ((StructElement *) uin->d)->findAttribute(t,g,o);
+
+ if (a!=NULL){
diff --git a/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
new file mode 100644
index 0000000000..eba4733f32
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
@@ -0,0 +1,188 @@
+Fix compatibility with Poppler 0.72.
+
+These files are taken from the upstream "poppler0.72.0.cc" variants and
+diffed against the "newpoppler" files from the 20180414 distribution.
+
+See revision 49336:
+https://tug.org/svn/texlive/trunk/Build/source/texk/web2c/pdftexdir/
+
+--- a/texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc 1970-01-01 01:00:00.000000000 +0100
++++ b/texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc 2018-12-09 21:14:58.479732695 +0100
+@@ -22,7 +22,7 @@
+ https://git.archlinux.org/svntogit/packages.git/plain/texlive-bin/trunk
+ by Arch Linux. A little modifications are made to avoid a crash for
+ some kind of pdf images, such as figure_missing.pdf in gnuplot.
+-The poppler should be 0.59.0 or newer versions.
++The poppler should be 0.72.0 or newer versions.
+ POPPLER_VERSION should be defined.
+ */
+
+@@ -120,7 +120,7 @@
+
+ static InObj *inObjList;
+ static UsedEncoding *encodingList;
+-static GBool isInit = gFalse;
++static bool isInit = false;
+
+ // --------------------------------------------------------------------
+ // Maintain list of open embedded PDF files
+@@ -317,7 +317,7 @@
+ pdf_puts("<<\n");
+ assert(r->type == objFont); // FontDescriptor is in fd_tree
+ for (i = 0, l = obj->dictGetLength(); i < l; ++i) {
+- key = obj->dictGetKey(i);
++ key = (char *)obj->dictGetKey(i);
+ if (strncmp("FontDescriptor", key, strlen("FontDescriptor")) == 0
+ || strncmp("BaseFont", key, strlen("BaseFont")) == 0
+ || strncmp("Encoding", key, strlen("Encoding")) == 0)
+@@ -427,7 +427,7 @@
+ charset = fontdesc.dictLookup("CharSet");
+ if (!charset.isNull() &&
+ charset.isString() && is_subsetable(fontmap))
+- epdf_mark_glyphs(fd, (char *)charset.getString()->getCString());
++ epdf_mark_glyphs(fd, (char *)charset.getString()->c_str());
+ else
+ embed_whole_font(fd);
+ addFontDesc(fontdescRef.getRef(), fd);
+@@ -454,7 +454,7 @@
+ for (i = 0, l = obj->dictGetLength(); i < l; ++i) {
+ fontRef = obj->dictGetValNF(i);
+ if (fontRef.isRef())
+- copyFont(obj->dictGetKey(i), &fontRef);
++ copyFont((char *)obj->dictGetKey(i), &fontRef);
+ else if (fontRef.isDict()) { // some programs generate pdf with embedded font object
+ copyName((char *)obj->dictGetKey(i));
+ pdf_puts(" ");
+@@ -566,7 +566,7 @@
+ pdf_printf("%s", convertNumToPDF(obj->getNum()));
+ } else if (obj->isString()) {
+ s = (GooString *)obj->getString();
+- p = s->getCString();
++ p = (char *)s->c_str();
+ l = s->getLength();
+ if (strlen(p) == (unsigned int) l) {
+ pdf_puts("(");
+@@ -664,7 +664,7 @@
+ ("PDF inclusion: CID fonts are not supported"
+ " (try to disable font replacement to fix this)");
+ }
+- if ((s = ((Gfx8BitFont *) r->font)->getCharName(i)) != 0)
++ if ((s = (char *)((Gfx8BitFont *) r->font)->getCharName(i)) != 0)
+ glyphNames[i] = s;
+ else
+ glyphNames[i] = notdef;
+@@ -683,7 +683,7 @@
+ }
+
+ // get the pagebox according to the pagebox_spec
+-static PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
++static const PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
+ {
+ if (pagebox_spec == pdfboxspecmedia)
+ return page->getMediaBox();
+@@ -715,7 +715,7 @@
+ {
+ PdfDocument *pdf_doc;
+ Page *page;
+- PDFRectangle *pagebox;
++ const PDFRectangle *pagebox;
+ #ifdef POPPLER_VERSION
+ int pdf_major_version_found, pdf_minor_version_found;
+ #else
+@@ -724,8 +724,8 @@
+ // initialize
+ if (!isInit) {
+ globalParams = new GlobalParams();
+- globalParams->setErrQuiet(gFalse);
+- isInit = gTrue;
++ globalParams->setErrQuiet(false);
++ isInit = true;
+ }
+ // open PDF file
+ pdf_doc = find_add_document(image_name);
+@@ -849,7 +849,7 @@
+ pageObj = xref->fetch(pageRef->num, pageRef->gen);
+ pageDict = pageObj.getDict();
+ rotate = page->getRotate();
+- PDFRectangle *pagebox;
++ const PDFRectangle *pagebox;
+ // write the Page header
+ pdf_puts("/Type /XObject\n");
+ pdf_puts("/Subtype /Form\n");
+@@ -977,7 +977,7 @@
+ }
+ l = dic1.getLength();
+ for (i = 0; i < l; i++) {
+- groupDict.dictAdd(copyString(dic1.getKey(i)),
++ groupDict.dictAdd((const char *)copyString(dic1.getKey(i)),
+ dic1.getValNF(i));
+ }
+ // end modification
+@@ -1001,14 +1001,14 @@
+ pdf_puts("/Resources <<\n");
+ for (i = 0, l = obj1->dictGetLength(); i < l; ++i) {
+ obj2 = obj1->dictGetVal(i);
+- key = obj1->dictGetKey(i);
++ key = (char *)obj1->dictGetKey(i);
+ if (strcmp("Font", key) == 0)
+ copyFontResources(&obj2);
+ else if (strcmp("ProcSet", key) == 0)
+ copyProcSet(&obj2);
+ else
+- copyOtherResources(&obj2, key);
++ copyOtherResources(&obj2, (char *)key);
+ }
+ pdf_puts(">>\n");
+ }
+
+--- a/texk/web2c/pdftexdir/pdftosrc-newpoppler.cc 1970-01-01 01:00:00.000000000 +0100
++++ b/texk/web2c/pdftexdir/pdftosrc-newpoppler.cc 2018-12-09 21:14:58.479732695 +0100
+@@ -20,7 +20,7 @@
+ /*
+ This is based on the patch texlive-poppler-0.59.patch <2017-09-19> at
+ https://git.archlinux.org/svntogit/packages.git/plain/texlive-bin/trunk
+-by Arch Linux. The poppler should be 0.59.0 or newer versions.
++by Arch Linux. The poppler should be 0.72.0 or newer versions.
+ POPPLER_VERSION should be defined.
+ */
+
+@@ -109,7 +109,7 @@
+ fprintf(stderr, "No SourceName found\n");
+ exit(1);
+ }
+- outname = (char *)srcName.getString()->getCString();
++ outname = (char *)srcName.getString()->c_str();
+ // We cannot free srcName, as objname shares its string.
+ // srcName.free();
+ } else if (objnum > 0) {
+@@ -118,7 +118,7 @@
+ fprintf(stderr, "Not a Stream object\n");
+ exit(1);
+ }
+- sprintf(buf, "%s", fileName->getCString());
++ sprintf(buf, "%s", fileName->c_str());
+ if ((p = strrchr(buf, '.')) == 0)
+ p = strchr(buf, 0);
+ if (objgen == 0)
+@@ -128,7 +128,7 @@
+ outname = buf;
+ } else { // objnum < 0 means we are extracting the XRef table
+ extract_xref_table = true;
+- sprintf(buf, "%s", fileName->getCString());
++ sprintf(buf, "%s", fileName->c_str());
+ if ((p = strrchr(buf, '.')) == 0)
+ p = strchr(buf, 0);
+ sprintf(p, ".xref");
+@@ -173,9 +173,9 @@
+
+ // parse the header: object numbers and offsets
+ objStr.streamReset();
+- str = new EmbedStream(objStr.getStream(), Object(objNull), gTrue, first);
++ str = new EmbedStream(objStr.getStream(), Object(objNull), true, first);
+ lexer = new Lexer(xref, str);
+- parser = new Parser(xref, lexer, gFalse);
++ parser = new Parser(xref, lexer, false);
+ for (n = 0; n < nObjects; ++n) {
+ obj1 = parser->getObj();
+ obj2 = parser->getObj();
+
diff --git a/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch
new file mode 100644
index 0000000000..cac716cc59
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch
@@ -0,0 +1,31 @@
+Fix compatibility with Poppler 0.72.
+
+Patch taken from upstream:
+https://tug.org/svn/texlive/trunk/Build/source/texk/web2c/xetexdir/pdfimage.cpp?r1=44964&r2=48969&diff_format=u
+
+--- a/texk/web2c/xetexdir/pdfimage.cpp 2017/08/06 07:12:02 44964
++++ b/texk/web2c/xetexdir/pdfimage.cpp 2018/10/22 04:01:42 48969
+@@ -82,19 +82,19 @@
+ switch (pdf_box) {
+ default:
+ case pdfbox_crop:
+- r = page->getCropBox();
++ r = (PDFRectangle *)page->getCropBox();
+ break;
+ case pdfbox_media:
+- r = page->getMediaBox();
++ r = (PDFRectangle *)page->getMediaBox();
+ break;
+ case pdfbox_bleed:
+- r = page->getBleedBox();
++ r = (PDFRectangle *)page->getBleedBox();
+ break;
+ case pdfbox_trim:
+- r = page->getTrimBox();
++ r = (PDFRectangle *)page->getTrimBox();
+ break;
+ case pdfbox_art:
+- r = page->getArtBox();
++ r = (PDFRectangle *)page->getArtBox();
+ break;
+ }
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 64bfda489e..a53e22f8b3 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -82,15 +82,14 @@
(define-public poppler
(package
(name "poppler")
- (replacement poppler/fixed)
- (version "0.68.0")
+ (version "0.72.0")
(source (origin
(method url-fetch)
(uri (string-append "https://poppler.freedesktop.org/poppler-"
version ".tar.xz"))
(sha256
(base32
- "0n0f7mv24lzv9p3dlzakpdhqg7ygcvl6l40grcz95xldzgq083gr"))))
+ "0lfs1b1jfamxl13zbl5n448dqvl9n8frbv8180y7b7kfyaw7wx61"))))
(build-system cmake-build-system)
;; FIXME:
;; use libcurl: no
@@ -132,14 +131,6 @@
(license license:gpl2+)
(home-page "https://poppler.freedesktop.org/")))
-(define poppler/fixed
- (package
- (inherit poppler)
- (source (origin
- (inherit (package-source poppler))
- (patches (append (origin-patches (package-source poppler))
- (search-patches "poppler-CVE-2018-19149.patch")))))))
-
(define-public poppler-data
(package
(name "poppler-data")
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 52832eeeb8..6a2eece734 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -55,7 +55,7 @@
(define-public ruby
(package
(name "ruby")
- (version "2.4.3")
+ (version "2.5.3")
(source
(origin
(method url-fetch)
@@ -64,8 +64,7 @@
"/ruby-" version ".tar.xz"))
(sha256
(base32
- "0l9bv67dgsphk42lmiskhrnh47hbyj6rfg2rcjx22xivpx07srr3"))
- (patches (search-patches "ruby-rubygems-276-for-ruby24.patch"))
+ "0vrhrw7kcz9mg0jkqnihkcxqy5k05v8k1j0y2735z8wfk8sx1j8w"))
(modules '((guix build utils)))
(snippet `(begin
;; Remove bundled libffi
@@ -107,6 +106,26 @@ a focus on simplicity and productivity.")
(home-page "https://www.ruby-lang.org")
(license license:ruby)))
+(define-public ruby-2.4
+ (package
+ (inherit ruby)
+ (version "2.4.3")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
+ (version-major+minor version)
+ "/ruby-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0l9bv67dgsphk42lmiskhrnh47hbyj6rfg2rcjx22xivpx07srr3"))
+ (patches (search-patches "ruby-rubygems-276-for-ruby24.patch"))
+ (modules '((guix build utils)))
+ (snippet `(begin
+ ;; Remove bundled libffi
+ (delete-file-recursively "ext/fiddle/libffi-3.2.1")
+ #t))))))
+
(define-public ruby-2.3
(package
(inherit ruby)
diff --git a/gnu/packages/scribus.scm b/gnu/packages/scribus.scm
index 615d7e23a2..20795da275 100644
--- a/gnu/packages/scribus.scm
+++ b/gnu/packages/scribus.scm
@@ -56,7 +56,59 @@
(sha256
(base32
"00ys0p6h3iq77kh72dkl0qrf7qvznq18qdrgiq10gfxja1995034"))
- (patches (search-patches "scribus-poppler.patch"))))
+ (patches (append
+ ;; Scribus relies heavily on Poppler internals, which have
+ ;; changed a lot since the latest Scribus release (2018-04).
+ ;; Thus, we require a bunch of patches to stay compatible.
+ (search-patches "scribus-poppler.patch")
+ (list (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/scribusproject/scribus/commit/"
+ "7d4ceeb5cac32287769e3c0238699e0b3e56c24d.patch"))
+ (file-name "scribus-poppler-0.64.patch")
+ (sha256
+ (base32
+ "1kr27bfzkpabrh42nsrrvlqyycdg9isbavpaa5spgmrhidcg02xj")))
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/scribusproject/scribus/commit/"
+ "76561c1a55cd07c268f8f2b2fea888532933700b.patch"))
+ (file-name "scribus-poppler-config.patch")
+ (sha256
+ (base32
+ "01k18xjj82c3ndzp89dlpfhhdccc8z0acf8b04r592jyr5y9rc19")))
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/scribusproject/scribus/commit/"
+ "8e05d26c19097ac2ad5b4ebbf40a3771ee6faf9c.patch"))
+ (file-name "scribus-poppler-0.69.patch")
+ (sha256
+ (base32
+ "1avdmsj5l543j0irq18nxgiw99n395jj56ih5dsal59fn0wbqk42")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://git.archlinux.org/svntogit/"
+ "community.git/plain/trunk/scribus-"
+ "poppler-0.70.patch?h=packages/scribus&id="
+ "8ef43ee2fceb0753ed5a76bb0a11c84775898ffc"))
+ (file-name "scribus-poppler-0.70.patch")
+ (sha256
+ (base32
+ "0dw7ix3jaj0y1q97cmmqwb2qgdx760yhxx86wa8rnx0xhfi5x6qr"))))))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (for-each (lambda (file)
+ (substitute* file
+ ;; These are required for compatibility with Poppler 0.71.
+ (("GBool") "bool") (("gTrue") "true") (("gFalse") "false")
+ ;; ...and this for Poppler 0.72.
+ (("getCString") "c_str")))
+ (find-files "scribus/plugins/import/pdf"))
+ #t))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ;no test target
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 94e6aa8438..8ab5a335c8 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -213,11 +213,7 @@ which allows users to view a desktop computing environment.")
"--enable-automated-tests")
;; Several tests appear to be opening the same sockets concurrently.
- #:parallel-tests? #f
-
- #:phases (modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _ (setenv "SSL_CERT_FILE" "/dev/null") #t)))))
+ #:parallel-tests? #f))
(synopsis "Server implementation of the SPICE protocol")
(description "SPICE is a remote display system built for virtual
environments which allows you to view a computing 'desktop' environment
diff --git a/gnu/packages/storage.scm b/gnu/packages/storage.scm
index 4eae37815e..5051ccd986 100644
--- a/gnu/packages/storage.scm
+++ b/gnu/packages/storage.scm
@@ -321,7 +321,7 @@
("python2-testtools" ,python2-testtools)
("python2-tox" ,python2-tox)))
(inputs
- `(("boost" ,boost-cxx14)
+ `(("boost" ,boost)
("curl" ,curl)
("cryptsetup" ,cryptsetup)
("expat" ,expat)
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 765f6aa849..54544c24f5 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -102,15 +102,19 @@
(patches
(list
;; This is required for compatibility with Poppler 0.64.0 and to fix a
- ;; segmentation fault in dvipdfm-x from XeTeX.
+ ;; segmentation fault in dvipdfm-x from XeTeX, and also contains a fix
+ ;; for CVE-2018-17407.
(origin
(method url-fetch)
(uri (string-append "http://www.linuxfromscratch.org/patches/blfs/"
- "svn/texlive-" version "-source-upstream_fixes-1.patch"))
+ "svn/texlive-" version "-source-upstream_fixes-2.patch"))
(file-name "texlive-poppler-compat.patch")
(sha256
(base32
- "0f8vhyj167y4xj0jx47vkybrcacfpxw0wdn1b777yq3xmhlahhlg")))))))
+ "04sxy1qv9y575mxwyg3y7rx7mh540pfjqx7yni7ncb5wjbq9pq1a")))
+ (search-patch "texlive-bin-luatex-poppler-compat.patch")
+ (search-patch "texlive-bin-pdftex-poppler-compat.patch")
+ (search-patch "texlive-bin-xetex-poppler-compat.patch")))))
(build-system gnu-build-system)
(inputs
`(("texlive-extra-src" ,texlive-extra-src)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f9e21e1e3f..acd175fe09 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -162,7 +162,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.18")
+ (version "3.6.5")
(source (origin
(method url-fetch)
(uri
@@ -171,12 +171,19 @@ living in the same process.")
(string-append "mirror://gnupg/gnutls/v"
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
- (patches
- (search-patches "gnutls-skip-trust-store-test.patch"
- "gnutls-skip-pkgconfig-test.patch"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
+ "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; XXX: The generated configure script in GnuTLS 3.6.5
+ ;; apparently does not know about Guile 2.2.
+ (substitute* "configure"
+ (("guile_versions_to_search=\"2\\.0 1\\.8\"")
+ "guile_versions_to_search=\"2.2 2.0 1.8\""))
+ #t))))
(build-system gnu-build-system)
(arguments
`(; Ensure we don't keep a reference to this buggy software.
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index c327c9bc5c..ba03205484 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -624,7 +624,7 @@ libebml is a C++ library to read and write EBML files.")
(define-public libva
(package
(name "libva")
- (version "2.2.0")
+ (version "2.3.0")
(source
(origin
(method url-fetch)
@@ -636,7 +636,7 @@ libebml is a C++ library to read and write EBML files.")
(string-append "https://www.freedesktop.org/software/vaapi/releases/"
"libva/libva-" version "/libva-" version ".tar.bz2")))
(sha256
- (base32 "1wjfrs261fp9wkhgpmrlz5smnhxrmsk31way646x6i2mg16a0v3g"))))
+ (base32 "1r6wiw4k044cpb39rfqqdw6qmzw0268whpz124hywck9v980x130"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/vulkan.scm b/gnu/packages/vulkan.scm
index ff1088d2e1..f346d155dc 100644
--- a/gnu/packages/vulkan.scm
+++ b/gnu/packages/vulkan.scm
@@ -163,16 +163,16 @@ interpretation of the specifications for these languages.")
(define-public vulkan-headers
(package
(name "vulkan-headers")
- (version "1.1.85.0")
+ (version "1.1.96")
(source
(origin
(method url-fetch)
(uri (string-append
"https://github.com/KhronosGroup/Vulkan-Headers/"
- "archive/sdk-" version ".tar.gz"))
+ "archive/v" version ".tar.gz"))
(sha256
(base32
- "166hqqb97kjg6h9vp8yxb1cq02i1kqaxvl693482gf8v21fl7ink"))))
+ "1mr15v7d7lxi7qjkgwyvy2s3a5k2xd7y8x40dd2al3a3c4chl2y2"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f)) ; No tests.
@@ -192,10 +192,10 @@ interpretation of the specifications for these languages.")
(method url-fetch)
(uri (string-append
"https://github.com/KhronosGroup/Vulkan-Loader/"
- "archive/sdk-" version ".tar.gz"))
+ "archive/v" version ".tar.gz"))
(sha256
(base32
- "04d53ynlc0ww8r67hv4sxwg5sirjhpr1laaa9hc6j4niliw0166n"))))
+ "11jg678sj8yykr3n1km0638l6737iyhsl4x4q1zwbwyiifm0w89z"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ;FIXME: 23/39 tests fail. Try "tests/run_all_tests.sh".
@@ -248,10 +248,10 @@ and the ICD.")
(method url-fetch)
(uri (string-append
"https://github.com/KhronosGroup/Vulkan-Tools/"
- "archive/sdk-" version ".tar.gz"))
+ "archive/v" version ".tar.gz"))
(sha256
(base32
- "0r26px9rh09giddajlmafv21rx1la1y3bbnjgnpai8aw98wvq9mm"))))
+ "066v0vfhcqcwzlijvvs3jrbldp5kdqgwydkn7k2wrbcgynr77h8q"))))
(build-system cmake-build-system)
(inputs
`(("glslang" ,glslang)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 84bd795a85..7f43762a93 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -79,6 +79,7 @@
#:use-module (gnu packages flex)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages kerberos)
+ #:use-module (gnu packages gcc)
#:use-module (gnu packages gd)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
@@ -509,16 +510,18 @@ libraries for working with JNLP applets.")
(define-public jansson
(package
(name "jansson")
- (version "2.11")
+ (version "2.12")
(source (origin
(method url-fetch)
(uri
(string-append "http://www.digip.org/jansson/releases/jansson-"
- version ".tar.gz"))
+ version ".tar.bz2"))
(sha256
(base32
- "1x5jllzzqamq6kahx9d9a5mrarm9m3f30vfxvcqpi6p4mcnz91bf"))))
+ "1lp1mv8pjp5yziws66cy0dhpcam4bbjqhffk13v4vgdybp674pb4"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--disable-static")))
(home-page "http://www.digip.org/jansson/")
(synopsis "JSON C library")
(description
@@ -4240,15 +4243,6 @@ you'd expect.")
(base32
"163py4klka423x7li2b685gmg3a6hjf074mlff2ajhmi3l0lm8x6"))))
(build-system glib-or-gtk-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; Search for ca-certificates.crt files
- ;; during the check phase.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t)))))
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
;; For check phase.
@@ -6696,7 +6690,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
(define-public nghttp2
(package
(name "nghttp2")
- (version "1.32.0")
+ (version "1.35.1")
(source
(origin
(method url-fetch)
@@ -6705,12 +6699,13 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0zbgp8f80h2zlfn8cd2ldrmgl81jzcdh1141n71aqmfckzaqj2kh"))))
+ "0fi6qg2w82636wixwkqy7bclpgxslmvg82r431hs8h6aqc4mnzwv"))))
(build-system gnu-build-system)
(outputs (list "out"
"lib")) ; only libnghttp2
(native-inputs
`(("pkg-config" ,pkg-config)
+ ("gcc" ,gcc-7) ; 1.35.0 requires GCC6 or later
;; Required by tests.
("cunit" ,cunit)
@@ -6742,6 +6737,9 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
(("@prefix@")
(assoc-ref outputs "lib")))
#t))
+ (add-before 'configure 'work-around-bug-30756
+ (lambda _
+ (for-each unsetenv '("C_INCLUDE_PATH" "CPLUS_INCLUDE_PATH")) #t))
(add-before 'check 'set-timezone-directory
(lambda* (#:key inputs #:allow-other-keys)
(setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index dc729229f3..86a1d58185 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -295,7 +295,7 @@ following the mouse.")
(define-public pixman
(package
(name "pixman")
- (version "0.34.0")
+ (version "0.36.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -303,7 +303,7 @@ following the mouse.")
version ".tar.gz"))
(sha256
(base32
- "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1"))
+ "1blzrx50ssdv0pn56hcv2v0zw0vrjwj1sx22pkgjls1p9n6rr88w"))
(patches (search-patches "pixman-CVE-2016-5296.patch"))))
(build-system gnu-build-system)
(inputs
@@ -321,7 +321,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.93")
+ (version "2.4.96")
(source
(origin
(method url-fetch)
@@ -331,7 +331,7 @@ rasterisation.")
".tar.bz2"))
(sha256
(base32
- "0g6d9wsnb7lx8r1m4kq8js0wsc5jl20cz1csnlh6z9s8jpfd313f"))
+ "14xkip83qgljjaahzq40qgl60j54q7k00la1hbf5kk5lgg7ilmhd"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(arguments