~ruther/guix-local: 80679b5c0551c8f4189c4e2285e1ef4fea415d73

80679b5c — 宋文武 2 years ago

gnu: xfce4-settings: Update to 4.18.4.

* gnu/packages/xfce.scm (xfce4-settings): Update to 4.18.4.

Change-Id: If945317a90a0e0325bac352024c98920b8c6c86c

b6701d3a — 宋文武 2 years ago

gnu: xfce4-appfinder: Update to 4.18.1.

* gnu/packages/xfce.scm (xfce4-appfinder): Update to 4.18.1.

Change-Id: Ice902179d6991d9e887aeb2d9dfe144530c5dcf7

43fb2949 — 宋文武 2 years ago

gnu: xfce4-panel: Update to 4.18.6.

* gnu/packages/xfce.scm (xfce4-panel): Update to 4.18.6.

Change-Id: I29a0372692fc9896cdfa083e07c0e4a0255108c5

359cef96 — 宋文武 2 years ago

gnu: tumbler: Update to 4.18.2.

* gnu/packages/xfce.scm (tumbler): Update to 4.18.2.

Change-Id: I99c65a09b5fe4b02e4d678f64721a713cde09b87

64794c14 — 宋文武 2 years ago

gnu: garcon: Update to 4.18.2.

* gnu/packages/xfce.scm (garcon): Update to 4.18.2.

Change-Id: I45cfb8bca3556849cc08c00053696b077553f4f6

351303a9 — 宋文武 2 years ago

gnu: xfconf: Update to 4.18.3.

* gnu/packages/xfce.scm (xfconf): Update to 4.18.3.

Change-Id: I938fa3a1d8770c62a1456a814144b24ed1b4a025

0547fe86 — Florian Pelz 2 years ago

news: Add 'de' translation.

* etc/news.scm: Add German translation.

Change-Id: Ia2a11f71cdee5ccbf2a7fbe176e713418771599e

7fa8bf85 — Ludovic Courtès 2 years ago

news: Give upgrade instructions for foreign distros.

* etc/news.scm: Update entry.

Change-Id: Ia7c326bc97042d92a8d499ee27dd41d15f1f0d29

7f1145d1 — Efraim Flashner 2 years ago

gnu: icedove-minimal: Build with newest rust-cbindgen.

* gnu/packages/gnuzilla.scm (icedove-minimal)[inputs]: Replace
rust-cbindgen-0.23 with rust-cbindgen.

Change-Id: I7e8f1edca86a5faf5a148e34a1ff20b85f16e039

bacc391e — Efraim Flashner 2 years ago

gnu: icecat: Build with latest rust-cbindgen.

* gnu/packages/gnuzilla.scm (icecat-minimal)[inputs]: Replace
rust-cbindgen-0.24 with rust-cbindgen.

Change-Id: I147c6facf297f19f24c12b908a8a43793fa6c153

79163d2c — Efraim Flashner 2 years ago

gnu: tor-browser: Build with newest rust-cbindgen.

* gnu/packages/tor-browsers.scm (make-torbrowser)[inputs]: Replace
rust-cbindgen-0.24 with rust-cbindgen.

Change-Id: I6263a11342cb506c6c271e0360b7273c35be585d

4003c60a — Ludovic Courtès 2 years ago

news: Add entry for the daemon fixed-output derivation vulnerability.

* etc/news.scm: Add entry.

Change-Id: Ib3f9c22eda1e8b9075620ec01b4edf2f24cfcf93

b8954a7f — Ludovic Courtès 2 years ago

gnu: guix: Update to 8f4ffb3.

* gnu/packages/package-management.scm (guix): Update to 8f4ffb3.

Change-Id: I4574442c529f49881df03501d000e2da68618417

5f100c68 — Vagrant Cascadian 2 years ago

etc: systemd services: switch to "journal" for output and error logging.

The "syslog" method has been deprecated for years, and issues a warning:

  Standard output type syslog is obsolete, automatically updating to
  journal. Please update your unit file, and consider removing the setting
  altogether.

Fixes: #48323

* etc/guix-daemon.service.in (StandardOutput): Use "journal"
(StandardError): Likewise.
* etc/guix-publish.service.in (StandardOutput): Likewise.
(StandardError): Likewise.

8f4ffb3f — Ludovic Courtès 2 years ago

daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297).

This fixes a security issue (CVE-2024-27297) whereby a fixed-output
derivation build process could open a writable file descriptor to its
output, send it to some outside process for instance over an abstract
AF_UNIX socket, which would then allow said process to modify the file
in the store after it has been marked as “valid”.

Vulnerability discovered by puck <https://github.com/puckipedia>.

Nix security advisory:
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37

Nix fix:
https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9

* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
a file descriptor.  Rewrite the ‘Path’ variant accordingly.
(copyFile, copyFileRecursively): New functions.
* nix/libutil/util.hh (copyFileRecursively): New declaration.
* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.

Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4

Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88

a26bce55 — Ludovic Courtès 2 years ago

time-machine: Allow time travels to v0.16.0.

* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to
v0.16.0.
* tests/guix-time-machine.sh: Adjust comment.

Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97

001dfb89 — Leo Famulari 2 years ago

gnu: Update the default linux-libre package to the 6.7 series.

* gnu/packages/linux.scm (linux-libre-version, linux-libre-gnu-revision,
linux-libre-pristine-source, linux-libre-source, linux-libre): Use
linux-libre-6.7.

Change-Id: I889a36129417363328d7509446dcedb31f816569

29a3a25f — Wilko Meyer 2 years ago

gnu: linux-libre 4.19: Update to 4.19.308.

* gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.308.
(linux-libre-4.19-pristine-source): Update hash.

Change-Id: Ifa9d16737ca5961672654822de3e5dd70cb3be1b
Signed-off-by: Leo Famulari <leo@famulari.name>

86833f77 — Wilko Meyer 2 years ago

gnu: linux-libre 5.4: Update to 5.4.270.

* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.270.
(linux-libre-5.4-pristine-source): Update hash.

Change-Id: I1b5c3f1cb770c7d29cf4a9c678ea8786f89c31e3
Signed-off-by: Leo Famulari <leo@famulari.name>

471b7735 — Wilko Meyer 2 years ago

gnu: linux-libre 5.10: Update to 5.10.211.

* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.211.
(linux-libre-5.10-pristine-source): Update hash.

Change-Id: I9171f5c2aa6b1184dbbcd12a8546c39ac775d0ce
Signed-off-by: Leo Famulari <leo@famulari.name>