gnu: gsasl: Update to 2.2.2.
* gnu/packages/gsasl.scm (gsasl): Update to 2.2.2.
Change-Id: If68ae0a5fda6c0768a9067abab1af167cab2c47c
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: gcc@12: Update to 12.5.0.
* gnu/packages/gcc.scm (gcc-12): Update to 12.5.0.
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: libvpx: Update to 1.15.2.
* gnu/packages/patches/libvpx-CVE-2025-5262.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Unregister file.
* gnu/packages/video.scm (libvpx): Update to 1.15.2.
[source]: Remove patch.
Change-Id: If7f5d584204a5bab29156f53930e45f76a4a68e3
gnu: libidn: Update to 1.43.
* gnu/packages/libidn.scm (libidn): Update to 1.43.
Change-Id: I6a1c6b5ed22da4cf88dc063e598ca200c97ee329
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: bc: Update to 1.08.2.
* gnu/packages/algebra.scm (bc): Update to 1.08.2.
[source](origin): Remove patch.
[license]: Change from gpl2+ to gpl3+.
* gnu/packages/patches/bc-fix-cross-compilation.patch: Delete.
* gnu/local.mk: Unregister deleted file.
Change-Id: Iada592d2deeeec91f875306a0fb6f8c4056ccfad
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: gperf: Update to 3.3.
* gnu/packages/gperf.scm (gperf): Update to 3.3.
Change-Id: I34c9e5705cd0ec0b5122f341d14abeb9bed249de
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: mit-krb5: Update to 1.21.
* gnu/packages/kerberos.scm (mit-krb5): Update to 1.21.
[native-inputs]: Remove tcl.
Change-Id: Iffd99adce260306d7671bd2dd029e373e911ae4a
gnu: datefudge: Update to 1.27.
* gnu/packages/time.scm (datefudge): Update to 1.27.
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: dav1d: Update to 1.5.1.
* gnu/packages/video.scm (dav1d): Update to 1.5.1.
Change-Id: I2a2cbf458a867f3e0c98328e567d2f4b194abe14
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: mariadb: Fix paths in installed scripts.
Fixes: guix/guix#1391.
* gnu/packages/databases.scm (mariadb)[arguments]<#:phases>{post-install}:
Prevent double prefix in bindir.
Change-Id: I304995fed0cbec19c159a2e34b965815fec853a1
Signed-off-by: Andreas Enge <andreas@enge.fr>
gnu: linux: Add modconfig option to customize-linux.
* gnu/packages/linux.scm (customize-linux): New keyword argument modconfig.
[arguments]{phases}: Use it in configure phase to run make localmodconfig.
Change-Id: I5fbfb9617b41155eaa59197c2a7fe79c5c63c72d
gnu: Add radicle.
* gnu/packages/rust-apps.scm (radicle): New variable.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs): Add radicle.
Change-Id: I2512928406ceab65ea3f14e64591c4614323408a
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Modified-by: Hilton Chain <hako@ultrarare.space>
gnu: niri: Install completions.
* gnu/packages/wm.scm (niri) [arguments] <#:phases>: Install completions.
[native-inputs]: Add self when cross-compiling.
Change-Id: If9a6725ee13c87b5a76b959c3d6fe9804e884415
gnu: xwayland-satellite: Update to 0.7.
* gnu/packages/xorg.scm (xwayland-satellite): Update to 0.7.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [xwayland-satellite]:
Update entry.
Change-Id: Ia39cc1808375f55f1ba0c3c4553198e4d096780f
gnu: niri: Update to 25.08.
* gnu/packages/wm.scm (niri): Update to 25.08.
[arguments] <#:phases>: Disable parallel testing.
* gnu/packages/rust-sources.scm (rust-pipewire-0.8.0.93138d0)
(rust-smithay-0.7.0.20d2dac): New variables.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [niri]: Update entry.
[rust-pipewire-0.8.0.93138d0, rust-smithay-0.7.0.20d2dac]: New entries.
Change-Id: I0ca02f2a8aa360cbdbe94f569e37ac175ead8d1e
gnu: qemu: Enable execlog disassembly.
* gnu/packages/virtualization.scm (qemu)[inputs]: Add capstone.
[arguments]<#:phases>[install-plugins]: Install contrib.
Closes: #2081
Change-Id: I47365707e58a7b61e0d7195e48f819f0a1551f84
news: Add entry for the ‘content-addressed-mirrors’ security fix.
* etc/news.scm: Add entry.
Change-Id: Ia96a6f80d6ec557e222f2b5ee17e7c79c0eb3cbf
gnu: guix: Update to 9202921 [security].
Fixes guix/guix#2419.
* gnu/packages/package-management.scm (guix): Update to 9202921.
Change-Id: I7476c4e90be61a9607731731534d988eba168104
perform-download: Use (ice-9 sandbox) for mirrors.
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders. Because these are builtins, it runs without
any additional isolation beyond merely running as a build user. In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.
Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.
* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
(syntax-noop): new syntax.
(eval-content-addressed-mirrors, assert-store-file,
call-with-input-file/no-symlinks): new procedures.
(perform-download): use assert-store-file to ensure files are in the store
before being read. Use call-with-input-file/no-symlinks for opening
untrusted files. Use eval-content-addressed-mirrors to evaluate the
content-addressed-mirrors file.
Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
download: Handle content-addressed-mirrors returning #f.
* guix/build/download.scm (url-fetch): don't pass the return value from a
content-addressed-mirror procedure to 'string->uri' if it is #f.
Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>