| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bytevector->hash-data from (gcrypt pk-crypto) returns a bytevector, symbol
or #f and currently when checking narinfo signatures Guix only handles the
bytevector case.
If the hash value represented as a string happens to contain only characters
that Guile recognises as letters, digits or some symbols,
bytevector->hash-data will return a symbol, and this would be treated as a
hash mismatch since the symbol doesn't equal? the computed hash
bytevector. This seems to be quite unlikely for real life narinfos, but can
happen.
To handle this, detect when a symbol is returned, and convert the symbol to
the equivalent bytevector before making the comparision. This can be fixed
upstream in guile-gcrypt by always returning a bytevector from
bytevector->hash-data.
This commit also adds a test which demonstrates this behaviour using the hash
value I was initially investigating when debugging substituting [1] from
data.guix.gnu.org.
1: /gnu/store/4rc8c5mzfj4j13yb002zd21s10z7yxgb-cl-spatial-trees-0-1.81fdad0-builder
* guix/pki.scm (%signature-status): Handle when hash-data->bytevector returns
a symbol.
* tests/pki.scm ("signature-case valid-signature for non bytevector hash
data"): New test case.
Change-Id: Ie1de05efa20b33128dbb7ab098fb9fb8e22ea407
|
| |
|
|
|
|
|
|
|
|
|
| |
Delete autogen.sh as it calls autoreconf that is called by guix itself,
with additional checks that are unnecesary as the build environment
is determined.
* gnu/packages/code.scm (universal-ctags)[source]{snippet}: Delete autoconf.sh.
Change-Id: Ib2a71ca3d59d70e13eee349bda197be363efc19f
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
|
| |
|
|
|
|
|
| |
* gnu/packages/wm.scm (niri)[arguments]: When cross-compiling find the
niri binary to create the shell completions.
Change-Id: I0a2b230f90b0cec55f5be54e98f20735407ec453
|
| |
|
|
|
|
| |
* etc/news.scm: Add entry.
Change-Id: I80ff646272361ba0f897a94f57b0830f30e608e6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-6.16-version,
linux-libre-6.16-gnu-revision, deblob-scripts-6.16,
linux-libre-6.16-pristine-source, linux-libre-6.16-source,
linux-libre-headers-6.16, linux-libre-6.16): New variables.
(linux-libre-headers-latest): Use linux-libre-headers-6.16.
* gnu/packages/aux-files/linux-libre/6.16-arm64.conf,
gnu/packages/aux-files/linux-libre/6.16-i686.conf,
gnu/packages/aux-files/linux-libre/6.16-riscv.conf,
gnu/packages/aux-files/linux-libre/6.16-x86_64.conf: New files.
* Makefile.am (AUX_FILES): Add them.
Co-authored-by: Dariqq <dariqq@posteo.net>
Change-Id: I2ec0b54aa3b6ba509cb80daaf8175ddc822da382
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.297.
(linux-libre-5.4-pristine-source): Update hash.
Change-Id: I25ac8d8662b0617267fe3810b42dcbd6eb27c0ae
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.241.
(linux-libre-5.10-pristine-source): Update hash.
Change-Id: I3e535dc4446eb812ea01d955a5fabe35546495ee
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-5.15-version): Update to 5.15.190.
(linux-libre-5.15-pristine-source): Update hash.
Change-Id: I90d9e574f0a91deb2e15f2072511b215d6deff67
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.149.
(linux-libre-6.1-pristine-source): Update hash.
Change-Id: I5c652eb0dbbc87d25656da49d56bdb08aac3f656
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.103.
(linux-libre-6.6-pristine-source): Update hash.
Change-Id: I0f72a9baee4a7c7c32bafa63558b5e3bfb7963e5
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (linux-libre-6.12-version): Update to 6.12.44.
(linux-libre-6.12-pristine-source): Update hash.
Change-Id: Ibf82d7d0896c7aadfd6431e9a967cd1a71af712e
|
| |
|
|
|
|
| |
* etc/news.scm: Fix comma.
Change-Id: I9dee44460887879745e6fc2fb738ed27c9027749
|
| |
|
|
|
|
| |
* etc/news.scm: Add German translation of new vulnerability entry.
Change-Id: Ia9e700ca3e297761d0957bfd37123ef7423c4493
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* po/doc/guix-cookbook.zh_CN.po: New file.
* po/doc/local.mk: Add 'zh_CN' cookbook.
* po/packages/ru.po: New file.
* po/packages/LINGUAS: Add 'ru'.
* doc/local.mk: Add 'zh_CN' cookbook.
* doc/htmlxref.cnf: Update URLs for cookbook.
* doc/build.scm (%cookbook-languages): Add 'zh_CN'.
* doc/guix-cookbook.texi (Top): Mention 'zh_CN' cookbook.
Change-Id: Ic15114f01ee826a72060eebcbf1baf3bf619284f
|
| |
|
|
|
|
|
|
|
|
|
| |
* gnu/packages/mail.scm (bogofilter): Update to 1.2.5-0.e264b66.
[source]: Switch to git-fetch.
[inputs]: Remove bdb. Add sqlite and gsl.
[native-inputs]: Add autoconf, automake, gettext-minimal, pkg-config,
docbook-xml-4.1.2, docbook-xsl, libxml2, perl, xmlto.
[arguments]<#:phases>{chdir}: New phase.
Change-Id: Id33f8a5cf7cdc7308ab2d17077e9cd0b3f2c3b69
|
| |
|
|
|
|
|
| |
* gnu/packages/python-check.scm (python-case): Delete variable.
Fixes: guix/guix#1742
Change-Id: I8963eae23565ecc3bd2157f42e3f91154f71d56b
|
| |
|
|
|
|
|
|
|
|
| |
Bugfixes including CVE-2025-24294: "Possible Denial of Service in resolv
gem".
* gnu/packages/ruby.scm (ruby-3.3): Update to 3.3.9.
Change-Id: I5f73c8e523d6ce574b5cca8bab14c4abde2a6337
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
| |
* gnu/packages/maths.scm (openblas): Update to 0.3.30.
(openblas-0.3.29): Remove unused alias.
Change-Id: Ida296e6e8854e29fe82f44399d4b7331e1308c0c
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
|
| |
* gnu/packages/cyrus-sasl.scm (cyrus-sasl-xoauth2): New variable.
Change-Id: I853c8d3df1b4b4a2ea116b438e731f24a5b1fa34
Co-authored-by: Reily Siegel <mail@reilysiegel.com>
Co-authored-by: Liam Hupfer <liam@hpfr.net>
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
| |
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[native-search-paths]: Add
SASL_PATH plugin search path.
Change-Id: Ie1ccbbe9dd02fe83f3417af86406b481cf259830
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/cyrus-sasl.scm [arguments]<#:configure-flags>: Add a flag.
Change-Id: I54a8fee0c5cd436364189774e8832cdc2185d8cd
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed for cross-compiling.
* gnu/packages/patches/cyrus-sasl-fix-time-h.patch: New file.
* gnu/packages/cyrus-sasl.scm (dist_patch_DATA): Register it.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[source]: Use the patch.
[native-inputs]: Add autoconf, automake and libtool.
[arguments]<#:phases>{autoreconf}: New phase.
Change-Id: I46e3801d50758f79df0447dd3bd483b427277e12
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/gsasl.scm (gsasl): Update to 2.2.2.
Change-Id: If68ae0a5fda6c0768a9067abab1af167cab2c47c
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
| |
* gnu/packages/gcc.scm (gcc-12): Update to 12.5.0.
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
|
| |
* gnu/packages/patches/libvpx-CVE-2025-5262.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Unregister file.
* gnu/packages/video.scm (libvpx): Update to 1.15.2.
[source]: Remove patch.
Change-Id: If7f5d584204a5bab29156f53930e45f76a4a68e3
|
| |
|
|
|
|
|
| |
* gnu/packages/libidn.scm (libidn): Update to 1.43.
Change-Id: I6a1c6b5ed22da4cf88dc063e598ca200c97ee329
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
|
|
|
| |
* gnu/packages/algebra.scm (bc): Update to 1.08.2.
[source](origin): Remove patch.
[license]: Change from gpl2+ to gpl3+.
* gnu/packages/patches/bc-fix-cross-compilation.patch: Delete.
* gnu/local.mk: Unregister deleted file.
Change-Id: Iada592d2deeeec91f875306a0fb6f8c4056ccfad
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/gperf.scm (gperf): Update to 3.3.
Change-Id: I34c9e5705cd0ec0b5122f341d14abeb9bed249de
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/kerberos.scm (mit-krb5): Update to 1.21.
[native-inputs]: Remove tcl.
Change-Id: Iffd99adce260306d7671bd2dd029e373e911ae4a
|
| |
|
|
|
|
| |
* gnu/packages/time.scm (datefudge): Update to 1.27.
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/video.scm (dav1d): Update to 1.5.1.
Change-Id: I2a2cbf458a867f3e0c98328e567d2f4b194abe14
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: guix/guix#1391.
* gnu/packages/databases.scm (mariadb)[arguments]<#:phases>{post-install}:
Prevent double prefix in bindir.
Change-Id: I304995fed0cbec19c159a2e34b965815fec853a1
Signed-off-by: Andreas Enge <andreas@enge.fr>
|
| |
|
|
|
|
|
| |
* gnu/packages/linux.scm (customize-linux): New keyword argument modconfig.
[arguments]{phases}: Use it in configure phase to run make localmodconfig.
Change-Id: I5fbfb9617b41155eaa59197c2a7fe79c5c63c72d
|
| |
|
|
|
|
|
|
|
| |
* gnu/packages/rust-apps.scm (radicle): New variable.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs): Add radicle.
Change-Id: I2512928406ceab65ea3f14e64591c4614323408a
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Modified-by: Hilton Chain <hako@ultrarare.space>
|
| |
|
|
|
|
|
| |
* gnu/packages/wm.scm (niri) [arguments] <#:phases>: Install completions.
[native-inputs]: Add self when cross-compiling.
Change-Id: If9a6725ee13c87b5a76b959c3d6fe9804e884415
|
| |
|
|
|
|
|
|
| |
* gnu/packages/xorg.scm (xwayland-satellite): Update to 0.7.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [xwayland-satellite]:
Update entry.
Change-Id: Ia39cc1808375f55f1ba0c3c4553198e4d096780f
|
| |
|
|
|
|
|
|
|
|
|
| |
* gnu/packages/wm.scm (niri): Update to 25.08.
[arguments] <#:phases>: Disable parallel testing.
* gnu/packages/rust-sources.scm (rust-pipewire-0.8.0.93138d0)
(rust-smithay-0.7.0.20d2dac): New variables.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [niri]: Update entry.
[rust-pipewire-0.8.0.93138d0, rust-smithay-0.7.0.20d2dac]: New entries.
Change-Id: I0ca02f2a8aa360cbdbe94f569e37ac175ead8d1e
|
| |
|
|
|
|
|
|
| |
* gnu/packages/virtualization.scm (qemu)[inputs]: Add capstone.
[arguments]<#:phases>[install-plugins]: Install contrib.
Closes: #2081
Change-Id: I47365707e58a7b61e0d7195e48f819f0a1551f84
|
| |
|
|
|
|
| |
* etc/news.scm: Add entry.
Change-Id: Ia96a6f80d6ec557e222f2b5ee17e7c79c0eb3cbf
|
| |
|
|
|
|
|
|
| |
Fixes guix/guix#2419.
* gnu/packages/package-management.scm (guix): Update to 9202921.
Change-Id: I7476c4e90be61a9607731731534d988eba168104
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders. Because these are builtins, it runs without
any additional isolation beyond merely running as a build user. In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.
Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.
* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
(syntax-noop): new syntax.
(eval-content-addressed-mirrors, assert-store-file,
call-with-input-file/no-symlinks): new procedures.
(perform-download): use assert-store-file to ensure files are in the store
before being read. Use call-with-input-file/no-symlinks for opening
untrusted files. Use eval-content-addressed-mirrors to evaluate the
content-addressed-mirrors file.
Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
| |
* guix/build/download.scm (url-fetch): don't pass the return value from a
content-addressed-mirror procedure to 'string->uri' if it is #f.
Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.
* guix/scripts/perform-download.scm (read/safe): new procedure.
(perform-download, perform-git-download): use it.
(guix-perform-download): explicitly set 'read-eval?' to #f and
'read-hash-procedures' to '(). #f is the default value of 'read-eval?' on
startup, but set it anyway to be certain.
Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
| |
* gnu/packages/lisp-xyz.scm (sbcl-clss): Update to 0.3.1-3.cd5f603
Change-Id: I479a79b1a1d3ac45ef31d9c02cc187fa072bf219
Signed-off-by: Omar Bassam <omar.bassam88@gmail.com>
Signed-off-by: jgart <jgart@dismail.de>
|
| |
|
|
|
|
|
| |
* gnu/packages/admin.scm (lr): Update to 2.0.
[arguments]: Use GEXPs.
Change-Id: I3264ccc86aa699a1e77c0388b48c801c5a4392ac
|
| |
|
|
|
|
|
| |
* gnu/packages/haskell-crypto.scm (ghc-hsopenssl): Update to 0.11.7.9.
[#:configure-flags]: New argument.
Change-Id: I2719bdef7e6bbd76fe4c079d663917839a787e81
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/packages/virtualization.scm (qemu): Update to 10.1.0.
[source] <patches>: Remove qemu-disable-bios-tables-test and
qemu-glibc-2.41.patch patches; add qemu-fix-test-virtio-version.patch.
* gnu/packages/patches/qemu-disable-bios-tables-test.patch: Rebase.
* gnu/packages/patches/qemu-disable-migration-test.patch: Delete file.
* gnu/packages/patches/qemu-glibc-2.41.patch: Likewise.
* gnu/packages/patches/qemu-fix-test-virtio-version.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
Change-Id: I0203137a144f89dcc502d1bcb2fa6f717b7223ff
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes guix/guix#2213. The 1.1-formatted-data is no longer available
from NIST.
* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
| |
* gnu/packages/wget.scm (wget/fixed): Add new variable.
(wget): Hide package. Graft wget/fixed.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mercurial currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating mercurial potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for hg-fetch, here mercurial/pinned.
* gnu/packages/version-control.scm
(mercurial-check-phase): Add helper variable.
(mercurial): Update to 7.1.
[arguments]: Use gexps.
<#:phases>: Refresh them. Add phase 'add-install-to-pythonpath for
running tests. Run tests after install. Add phase 'configure-check.
<#:imported-modules, #:modules>: Add them for
'add-install-for-pythonpath.k
[native-inputs]: Remove python-nose. Add python-setuptools-next,
python-setuptools-scm-next.
(mercurial/pinned): Inherit from mercurial, but build the exact same
derivation as the previous mercurial variable.
* guix/hg-download.scm (hg-package): Use mercurial/pinned.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|