summary refs log tree commit diff
AgeCommit message (Collapse)Author
2021-03-18gnu: guix: Update to ec7fb66 [security].Ludovic Courtès
This updates the 'guix' package so that it provides the fix for <https://bugs.gnu.org/47229>. * gnu/packages/package-management.scm (guix): Update to ec7fb66.
2021-03-18daemon: Prevent privilege escalation with '--keep-failed' [security].Ludovic Courtès
Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent.
2021-03-18services: Enable "protected hardlinks" and "protected symlinks" by default.Leo Famulari
References: https://sysctl-explorer.net/fs/protected_hardlinks/ https://sysctl-explorer.net/fs/protected_symlinks/ * gnu/services/sysctl.scm (%default-sysctl-settings): New public variable. (<sysctl-configuration>): Use %default-sysctl-settings as the default value. * gnu/services/base.scm (%base-services): Add sysctl-service-type. * doc/guix.texi (Miscellaneous Services): Document the new defaults. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-18Revert "gnu: python2-urllib3: Update to 1.26.4 [fixes CVE-2021-28363]."Léo Le Bouter
In response to commit 1a265842e634656411bc7304c4648273f174f65e we should no longer need this. Also see <https://bugs.gnu.org/47186>. This reverts commit db87d6ddafd26c5ad657178cf7fdab524d05c522.
2021-03-18gnu: imagemagick/fixed: Redirect old sonames to new sonames.Léo Le Bouter
* gnu/packages/imagemagick.scm (imagemagick/fixed)[arguments]: Add 'fix-compat-cheat-rename-so phase to redirect old soname paths (expected without grafting) to new sonames introduced by ImageMagick 6.9.12-0 and later. These sonames are probably not forward compatible but most probably backwards compatible so it should suffice until we remove the graft.
2021-03-18gnu: linux-libre 4.4: Update to 4.4.262.Leo Famulari
* gnu/packages/linux.scm (linux-libre-4.4-version): Update to 4.4.262. (linux-libre-4.4-pristine-source): Update hash.
2021-03-18gnu: linux-libre 4.9: Update to 4.9.262.Leo Famulari
* gnu/packages/linux.scm (linux-libre-4.9-version): Update to 4.9.262. (linux-libre-4.9-pristine-source): Update hash.
2021-03-18gnu: linux-libre 4.14: Update to 4.14.226.Leo Famulari
* gnu/packages/linux.scm (linux-libre-4.14-version): Update to 4.14.226. (linux-libre-4.14-pristine-source): Update hash.
2021-03-18gnu: linux-libre 4.19: Update to 4.19.181.Leo Famulari
* gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.181. (linux-libre-4.19-pristine-source): Update hash.
2021-03-18gnu: linux-libre 5.4: Update to 5.4.106.Leo Famulari
* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.106. (linux-libre-5.4-pristine-source): Update hash.
2021-03-18gnu: linux-libre 5.10: Update to 5.10.24.Leo Famulari
* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.24. (linux-libre-5.10-pristine-source): Update hash.
2021-03-18gnu: linux-libre: Update to 5.11.7.Leo Famulari
* gnu/packages/linux.scm (linux-libre-5.11-version): Update to 5.11.7. (linux-libre-5.11-pristine-source): Update hash.
2021-03-17weather: Only show request statistics when requests were made.Christopher Baines
This avoids the script crashing if all data is fetched from the cache. * guix/scripts/weather.scm (report-server-coverage): Only show request statistics when some requests have been made.
2021-03-17gnu: Add libucl.qblade
* gnu/packages/wm.scm (libucl): New variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-17gnu: Use autoconf instead of autoconf-wrapper when possible.Maxime Devos
This should reduce confusion on when to use the "autoconf" package and when to use "autoconf-wrapper" instead in package definitions. Fixes <https://bugs.gnu.org/46564>. * gnu/packages/autotools.scm (autoconf-wrapper): advise to use the "autoconf" package instead where possible. * gnu/packages/game-development.scm (tsukundere)[native-inputs]: use "autoconf" instead of "autoconf-wrapper". * gnu/packages/gimp.scm (glimpse)[native-inputs]: likewise. (gimp-resynthesizer)[native-inputs]: add comment on why "autoconf-wrapper" is used. * gnu/packages/gnunet.scm (gnunet)[native-inputs]: use "autoconf" instead of "autoconf-wrapper". * gnu/packages/gnupg.scm (signing-party)[native-inputs]: add comment on why "autoconf-wrapper" is used. * gnu/packages/guile-xyz.scm (guile-bash,guile-filesystem,guile-ics,guile-udev)[native-inputs]: use "autoconf" instead of "autoconf-wrapper". * gnu/packages/libevent.scm (libuv)[native-inputs]: indicates "autoconf-wrapper" needs to be replaced with "autoconf" on core-updates. * gnu/packages/logging.scm (glog)[native-inputs]: use "autoconf" instead of "autoconf-wrapper". * gnu/packages/mail.scm (libetpan)[native-inputs]: likewise. * gnu/packages/mate.scm (mate-icon-theme-faenza)[native-inputs]: add comment on why "autoconf-wrapper" is used. (mate-screensaver)[native-inputs]: use "autoconf" instead of "autoconf-wrapper". * gnu/packages/package-management.scm (guix)[native-inputs]: likewise. * gnu/packages/sawfish.scm (librep)[native-inputs]: likewise. * gnu/packages/video.scm (motion)[native-inputs]: likewise. * gnu/packages/zile.scm (zile)[native-inputs]: likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-17doc: Tweak "Invoking guix refresh" node.Ludovic Courtès
* doc/guix.texi (Invoking guix refresh): Update output in '--recursive' example. Use @xref, not @ref, at the beginning of a sentence.
2021-03-17import: gnome: Silence URL redirect messages.Ludovic Courtès
* guix/import/gnome.scm (latest-gnome-release): Pass #:log-port to 'http-fetch/cached'.
2021-03-17http-client: 'http-fetch' and 'http-fetch/cached' accept #:log-port.Ludovic Courtès
* guix/http-client.scm (http-fetch, http-fetch/cached): Add #:log-port and honor it.
2021-03-17import: gnome: Exclude version numbers that do not start with a digit.Ludovic Courtès
Fixes a bug whereby NetworkManager would be updated to version "rc2". * guix/import/gnome.scm (latest-gnome-release)[even-minor-version?]: Change catch-all case to return #f when the first part is not a digit.
2021-03-17scripts: weather: Provide more representative request statistics.Christopher Baines
Previously, the "seconds per request" and "requests per second" statistics really reported (cache lookups + requests) per second. By looking at the actual number of requests made within lookup-narinfos, a more representative value can be reported. * guix/scripts/weather.scm (let/time): Allow for multiple return values. (report-server-coverage): Alter the reporting of request statistics.
2021-03-17substitutes: lookup-narinfos: Return the number of requests made.Christopher Baines
As an additional value, in addition to the narinfos. This value is useful in the weather script for reporting how many requests to the substitute server were made. * guix/substitutes.scm (lookup-narinfos): Additionally return the number of requests made.
2021-03-17scripts: substitute: Tweak error reporting in process-substitution.Christopher Baines
The call-with-connection-error-handling was added in 20c08a8a45d0f137ead7c05e720456b2aea44402, but that error handling was previously inside of open-connection-for-uri/maybe, which is related to (call-)with-cached-connection which was used in process-substitution, but only actually used with call-with-cached-connection when used in fetch-narinfos. There's some handling for similar errors within with-networking, which is used within process-substitution. * guix/scripts/substitute.scm (process-substitution): Remove call-with-connection-error-handling call.
2021-03-17scripts: substitute: Add back some error handling.Christopher Baines
In f50f5751fff4cfc6d5abba9681054569694b7a5c, the way fetch was called within process-substitution was changed. As call-with-cached-connection actually includes important error handling for the opening of a HTTP request, this change removed some error handling. This commit adds that back. Fixes <https://bugs.gnu.org/47157>. * guix/scripts/substitute.scm (call-with-cached-connection): New procedure. (with-cached-connection): New syntax rule. (process-substitution): Retry once for some errors when making HTTP requests to fetch substitutes.
2021-03-17gnu: scdoc: Cross-compile.Tobias Geerinckx-Rice
* gnu/packages/man.scm (scdoc)[arguments]: Use CC-FOR-TARGET.
2021-03-17gnu: scdoc: Don't use unstable tarball.Tobias Geerinckx-Rice
The autogenerated tarball was modified upstream. * gnu/packages/man.scm (scdoc)[source]: Use GIT-FETCH and GIT-FILE-NAME.
2021-03-17gnu: libtirpc/hurd: Fix package source.Christopher Baines
Amend the changes in 1a265842e634656411bc7304c4648273f174f65e to properly access the origin patches from libtirpc. I noticed this as guix weather didn't work for this package. * gnu/packages/onc-rpc.scm (libtirpc/hurd)[source]: Call origin-patches on (package-source libtirpc) rather than the libtirpc package.
2021-03-17gnu: lua.scm: Sort package module imports alphabetically.Efraim Flashner
* gnu/packages/lua.scm: Sort package module imports alphabetically.
2021-03-17gnu: python-pygments: Update to 2.7.4 [fixes CVE-2021-27291].Léo Le Bouter
* gnu/packages/python-xyz.scm (python-pygments/fixed): New variable. (python-pygments)[replacement]: Graft.
2021-03-17gnu: Add emacs-kotlin-mode.Oleg Pykhalov
* gnu/packages/emacs-xyz.scm (emacs-kotlin-mode): New variable.
2021-03-17gnu: emacs-marginalia: Update to 0.4.Nicolas Goaziou
* gnu/packages/emacs-xyz.scm (emacs-marginalia): Update to 0.4.
2021-03-17gnu: komikku: Update to 0.27.0.Leo Prikler
* gnu/packages/gnome.scm (komikku): Update to 0.27.0. [inputs]: Add python-brotli and webkitgtk.
2021-03-17gnu: Move lolcode to esolangs.Leo Prikler
* gnu/packages/lolcode.scm (lci): Move from here... * gnu/packages/esolangs.scm (lolcode-lci): ... to here. * gnu/packages/lolcode.scm: Delete file. * gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
2021-03-17news: Add 'fr' translation.Julien Lepiller
* etc/news.scm: Add missing French translations.
2021-03-17gnu: tig: Update to 2.5.3.LibreMiami
* gnu/packages/version-control.scm (tig): Update to 2.5.3. Co-authored-by: jgart <jgart@dismail.de> Co-authored-by: donotshake <donotshake:matrix.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-17gnu-maintenance: Add a timeout on FTP connection establishment.Ludovic Courtès
* guix/gnu-maintenance.scm (latest-ftp-release): Pass #:timeout to 'ftp-open'.
2021-03-17gnu-maintenance: Remove unused parameters of 'latest-ftp-release'.Ludovic Courtès
* guix/gnu-maintenance.scm (latest-ftp-release): Remove #:ftp-open, #:ftp-close, and #:keep-file?.
2021-03-17gnu: hwloc: Add 'release-monitoring-url' property.Ludovic Courtès
* gnu/packages/mpi.scm (hwloc-1)[properties]: New field.
2021-03-17gnu-maintenance: Add 'generic-html' updater.Ludovic Courtès
This brings total updater coverage, as reported by 'guix refresh --list-updaters', from 78% to 88.3%. Among many other things, it covers freedesktop.org packages. * guix/gnu-maintenance.scm (html-updatable-package?) (latest-html-updatable-release): New procedures. (%generic-html-updater): New variable. * doc/guix.texi (Invoking guix refresh): Document it.
2021-03-17gnu-maintenance: 'latest-html-release' better computes version number.Ludovic Courtès
* guix/gnu-maintenance.scm (latest-html-release): Use 'tarball->version' rather than 'package-name->name+version' to extract the version number. This fixes problems with packages like 'netsurf' and 'libdom' that have "-src" in their tarball name, where "src" would be taken as the new version number.
2021-03-17gnu-maintenance: 'latest-html-release' can determine signature file name.Ludovic Courtès
* guix/gnu-maintenance.scm (latest-html-release): #:file->signature defaults to #f. [file->signature/guess]: New procedure. [url->release]: Use it when FILE->SIGNATURE is #f. Introduce 'links' variable. (url-prefix-rewrite): Check whether URL is true before calling 'string-prefix?'. (latest-savannah-release): Adjust comment about detached signatures.
2021-03-17gnu-maintenance: 'release-file?' rejects checksum files.Ludovic Courtès
* guix/gnu-maintenance.scm (release-file?): Reject ".md5sum", ".sha1sum", and ".sha256sum".
2021-03-17gnu-maintenance: 'latest-html-release' considers non-relative URLs.Ludovic Courtès
* guix/gnu-maintenance.scm (latest-html-release): Allow for URL to be an arbitrary URL rather than a relative URL reference.
2021-03-17gnu-maintenance: Use (htmlprag) for 'latest-html-release'.Ludovic Courtès
* guix/gnu-maintenance.scm (html->sxml): Remove. Autoload (htmlprag) instead. * doc/guix.texi (Requirements): Mention 'guix refresh' for the Guile-Lib dependency.
2021-03-17maint: Check whether Guile-zlib is recent enough.Ludovic Courtès
This is a followup to a04aef2430645357d7796969d4b6453478ff8a3f. * m4/guix.m4 (GUIX_CHECK_GUILE_ZLIB): New macro. * configure.ac: Use it when checking for Guile-zlib.
2021-03-17doc: Define the term "profile".Ludovic Courtès
Fixes <https://bugs.gnu.org/46803>. Reported by Luis Felipe <luis.felipe.la@protonmail.com>. * doc/guix.texi (Getting Started): Introduce the term "profile". (Invoking guix package): Likewise.
2021-03-17daemon: Correctly handle '--discover' with no value.Ludovic Courtès
Previously, we'd get: $ guix-daemon --discover error: basic_string::_M_construct null not valid * nix/nix-daemon/guix-daemon.cc (parse_opt): Change second argument to 'settings.set' to properly handle case where ARG is NULL.
2021-03-17gnu: gnome-autoar: Update to 0.3.1 [fixes CVE-2021-28650].Léo Le Bouter
* gnu/packages/gnome.scm (gnome-autoar): Update to 0.3.1.
2021-03-17gnu: pzstd: Update to 1.4.9 [fixes CVE-2021-24032].Léo Le Bouter
* gnu/packages/compression.scm (pzstd): Use 'package/inherit' over zstd so any graft applied to zstd cascades onto pzstd which is built from the same source.
2021-03-17gnu: Use PACKAGE/INHERIT in more places.Mark H Weaver
* gnu/packages/algebra.scm (fftwf, fftw-openmpi), gnu/packages/audio.scm (ztoolkit-rsvg), gnu/packages/bioinformatics.scm (python2-dendropy), gnu/packages/boost.scm (boost-with-python2), gnu/packages/check.scm (python2-mock, python2-pytest-mock), gnu/packages/cups.scm (hplip-minimal), gnu/packages/freedesktop.scm (libinput-minimal), gnu/packages/gettext.scm (gnu-gettext), gnu/packages/glib.scm (python2-pygobject), gnu/packages/gnome.scm (gdl-minimal, libsoup-minimal, python2-pyatspi), gnu/packages/groff.scm (groff-minimal), gnu/packages/jami.scm (ffmpeg-jami), gnu/packages/libcanberra.scm (libcanberra/gtk+-2), gnu/packages/lirc.scm (python2-lirc), gnu/packages/llvm.scm (clang-runtime-3.5), gnu/packages/mpi.scm (java-openmpi, openmpi-thread-multiple), gnu/packages/node.scm (libnode), gnu/packages/onc-rpc.scm (libtirpc/hurd), gnu/packages/python-compression.scm (bitshuffle-for-snappy), gnu/packages/python-crypto.scm (python2-pycrypto, python2-cryptography) (python2-cryptography, python2-m2crypto), gnu/packages/python-web.scm (python2-html2text, python2-tornado) (python2-terminado, python2-ndg-httpsclient, python2-websocket-client) (python2-rauth, python2-url, python2-s3transfer), gnu/packages/python-xyz.scm (python2-psutil, python2-serpent) (python2-humanfriendly, python2-empy, python2-parse-type, python2-polib) (python2-jsonschema, python2-pystache, python2-cython, python2-numpydoc) (python2-ipyparallel, python2-traitlets, python2-dbus) (python2-beautifulsoup4, python2-pep517, python2-flake8, python2-llfuse) (python2-tlsh, python-file, python2-notebook, python-jupyter-console-minimal) (python2-contextlib2, python2-promise, python2-anyjson, python2-amqp) (python2-kombu, python2-billiard, python2-celery, python2-whoosh) (python2-jellyfish, python-rope, ptpython-2, python2-binaryornot) (python2-setproctitle, python2-argcomplete, python2-xopen, python2-isort) (python2-radon, python2-rfc6555, python2-activepapers, python2-send2trash) (python2-cloudpickle, python2-reparser), gnu/packages/python.scm (python2-called-python), gnu/packages/qt.scm (python2-sip, python-pyqt-without-qtwebkit, python2-pyqt) (python-qscintilla, python-pyqt+qscintilla), gnu/packages/scanner.scm (sane-backends), gnu/packages/sdl.scm (guile3.0-sdl2), gnu/packages/selinux.scm (checkpolicy, libselinux, libsemanage, secilc) (python-sepolgen, policycoreutils), gnu/packages/serialization.scm (lua5.1-libmpack, lua5.2-libmpack), gnu/packages/simulation.scm (fenics), gnu/packages/statistics.scm (python2-statsmodels), gnu/packages/texinfo.scm (info-reader), gnu/packages/wxwidgets.scm (wxwidgets-gtk2, wxwidgets-gtk2-3.1), gnu/packages/xml.scm (xmlsec-nss), gnu/packages/xorg.scm (uim-gtk, uim-qt), guix/build-system/python.scm (package-with-explicit-python) (strip-python2-variant): Use PACKAGE/INHERIT.
2021-03-16gnu: gvfs: Add 'lint-hidden-cve' property.Mark H Weaver
* gnu/packages/gnome.scm (gvfs)[properties]: New field, marking CVE-2019-12447, CVE-2019-12448, and CVE-2019-12449 as fixed.