gnu: expat: Fix security vulnerabilities. - guix - Wojtek's customized Guix

about summary refs log tree commit diff

path: root/gnu/services/avahi.scm

diff options

author	Efraim Flashner <efraim@flashner.co.il>	2024-09-19 09:57:10 +0300
committer	Efraim Flashner <efraim@flashner.co.il>	2024-09-19 09:57:10 +0300
commit	610b395424c02274800d85585cb542ad66d9afea (patch)
tree	90207e9c3dff4bc79af0d341d644c4bcebc6a5e9 /gnu/services/avahi.scm
parent	1b6ce1796abdf497f61f426d61339318f4f4f23d (diff)
download	guix-610b395424c02274800d85585cb542ad66d9afea.tar.gz guix-610b395424c02274800d85585cb542ad66d9afea.zip

gnu: expat: Fix security vulnerabilities.

Fixes CVE-2024-45490, CVE-2024-45491, CVE-2024-45492. * gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2024-45490.patch, gnu/packages/patches/expat-CVE-2024-45491.patch, gnu/packages/patches/expat-CVE-2024-45492.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. Change-Id: I74d5d7bce98d6c983b989c1afec7cf28777d1617

Diffstat (limited to 'gnu/services/avahi.scm')

0 files changed, 0 insertions, 0 deletions

ver-highlight'> * gnu/services.scm (setuid-program->activation-gexp): Rename this… (privileged-program->activation-gexp): …to this. Operate on a list of <privileged-program> records. (privileged-program-service-type): New variable, renamed from setuid-program-service-type. Rename the service-type accordingly. (setuid-program-service-type): Redefine as an alias for the above. 2024-08-11build: Rename activate-setuid-programs.Tobias Geerinckx-Rice * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. 2024-08-11services: setuid-program: Populate /run/privileged/bin.Tobias Geerinckx-Rice Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. 2024-03-22system, home: Validate ‘services’ field value.Ludovic Courtès This guides newcomers who might stick a single (service …) form in this field. * gnu/services.scm (validate-service-list): New macro. (%validate-service-list): New procedure. * gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’. * gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’. Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473 2024-02-19services: activation: Ensure /var/run existence.Nicolas Graves * gnu/services.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /var/run. Change-Id: I5fb93d33b6b1f045f1e5ba206b9b0b74b5184260 Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2023-12-02gnu: Use ‘libc-utf8-locales-for-target’.Janneke Nieuwenhuizen * guix/packages.scm (%standard-patch-inputs): Use ‘libc-utf8-locales-for-target’ instead of ‘glibc-utf8-locales’. * guix/self.scm (%packages): Likewise. * gnu/home/services/ssh.scm (file-join): Likewise * gnu/installer.scm (build-compiled-file): Likewise. * gnu/packages/chromium.scm (ungoogled-chromium/wayland): Likewise. * gnu/packages/gnome.scm (libgweather4, tracker): Likewise. * gnu/packages/javascript.scm (js-mathjax): Likewise. * gnu/packages/package-management.scm (guix, flatpak): Likewise. * gnu/packages/raspberry-pi.scm (raspi-arm64-chainloader): Likewise. * gnu/packages/suckless.scm (svkbd): Likewise. * gnu/services.scm (cleanup-gexp): Likewise. * gnu/services/base.scm (guix-publish-shepherd-service): Likewise. * gnu/services/guix.scm (guix-build-coordinator-shepherd-services) (guix-build-coordinator-agent-shepherd-services): Likewise. * gnu/services/guix.scm (guix-build-coordinator-queue-builds-shepherd-services): (guix-data-service-shepherd-services) (nar-herder-shepherd-services) (bffe-shepherd-services): Likewise. * gnu/services/web.scm (anonip-shepherd-service) (mumi-shepherd-services): Likewise. * gnu/system/image.scm (system-disk-image, system-iso9660-image) (system-docker-image, system-tarball-image): Likewise. * gnu/system/install.scm (%installation-services): Likewise. * guix/profiles.scm (info-dir-file): Likewise. (ca-certificate-bundle, profile-derivation): Likewise. * guix/scripts/pack.scm (store-database, set-utf8-locale): Likewise. * tests/pack.scm: Likewise. * tests/profiles.scm ("profile-derivation, cross-compilation"): Likewise. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Co-authored-by: Christopher Baines <mail@cbaines.net> Change-Id: I24239f427bcc930c29d2ba5d00dc615960a6c374 2023-08-31gnu: services: Revert to deleting and updating all matching servicesBrian Cully This patch reverts the behavior introduced in 181951207339508789b28ba7cb914f983319920f which caused ‘modify-services’ clauses to only match a single instance of a service. We will now match all service instances when doing a deletion or update, while still raising an exception when trying to match against a service that does not exist in the services list, or which was deleted explicitly by a ‘delete’ clause (or an update clause that returns ‘#f’ for the service). Fixes: #64106 * gnu/services.scm (%modify-services): New procedure. (modify-services): Use it. (apply-clauses): Add DELETED-SERVICES argument, change to modify one service at a time. * tests/services.scm ("modify-services: delete then modify") ("modify-services: modify then delete") ("modify-services: delete multiple services of the same type") ("modify-services: modify multiple services of the same type"): New tests. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2023-08-20services: Define 'for-home'.Ludovic Courtès * gnu/services.scm (remove-service-extensions): New procedure. (for-home?): New syntax parameter. (for-home): New macro. 2023-06-06services: Check if service is #f before applying clause.Josselin Poiret * gnu/services.scm (apply-clauses): Check if service is #f before trying to apply clause. Follow up of 181951207339508789b28ba7cb914f983319920f. 2023-06-06services: 'modify-services' preserves service ordering.Ludovic Courtès Fixes <https://issues.guix.gnu.org/63921>. The regression was introduced in dbbc7e946131ba257728f1d05b96c4339b7ee88b, which changed the order of services. As a result, someone using 'modify-services' could find themselves with incorrect ordering of expressions in the "boot" script, whereby the cleanup expressions would come after (execl ".../shepherd"). This, in turn, would lead shepherd to error out at boot with EADDRINUSE on /var/run/shepherd/socket. * gnu/services.scm (%delete-service, %apply-clauses): Remove. (clause-alist): New macro. (apply-clauses): New procedure. (modify-services): Use it. Adjust docstring. * tests/services.scm ("modify-services: do nothing"): Remove 'sort' call. ("modify-services: delete service"): Likewise, and add 't4' service. ("modify-services: change value"): Remove 'sort' call and fix expected value. 2023-06-02services: Error in MODIFY-SERVICES when services don't existBrian Cully This patch causes MODIFY-SERVICES to raise an error if a reference is made to a service which isn't in its service list. This it to help users notice if they have an invalid rule, which is currently silently ignored. * gnu/services.scm (%delete-service): new procedure (%apply-clauses): new syntax rule (%modify-service): remove syntax rule Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2023-05-16services: Add default values.Andrew Tropin * gnu/services.scm (boot-service-type, activation-service-type, etc-service-type, profile-service-type): Add default-value. * gnu/system/shadow.scm (account-service-type): Add default-value. 2023-03-16services: etc-service: Deprecate etc-service procedure.Bruno Victal * gnu/services.scm (etc-service): Deprecate procedure. * gnu/system.scm (operating-system-etc-service): Replace etc-service with etc-service-type. Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2022-08-30services: provenance: Use 'current-channels' to obtain provenance data.Ludovic Courtès Previously, build-time metadata from (guix config) would be ignored when available--e.g., when running /run/current-system/profile/bin/guix. This is a followup to 316fc2acbb112bfa572ae30f95a93bcd56621234. * gnu/services.scm (provenance-entry): Use 'current-channels' instead of 'current-profile' + 'profile-channels'.