Age | Commit message (Collapse) | Author |
|
(CVE-2024-27297).
This fixes a security issue (CVE-2024-27297) whereby a fixed-output
derivation build process could open a writable file descriptor to its
output, send it to some outside process for instance over an abstract
AF_UNIX socket, which would then allow said process to modify the file
in the store after it has been marked as “valid”.
Vulnerability discovered by puck <https://github.com/puckipedia>.
Nix security advisory:
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Nix fix:
https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9
* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
a file descriptor. Rewrite the ‘Path’ variant accordingly.
(copyFile, copyFileRecursively): New functions.
* nix/libutil/util.hh (copyFileRecursively): New declaration.
* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.
Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4
Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
|
|
* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to
v0.16.0.
* tests/guix-time-machine.sh: Adjust comment.
Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97
|
|
* gnu/packages/linux.scm (linux-libre-version, linux-libre-gnu-revision,
linux-libre-pristine-source, linux-libre-source, linux-libre): Use
linux-libre-6.7.
Change-Id: I889a36129417363328d7509446dcedb31f816569
|
|
* gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.308.
(linux-libre-4.19-pristine-source): Update hash.
Change-Id: Ifa9d16737ca5961672654822de3e5dd70cb3be1b
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.270.
(linux-libre-5.4-pristine-source): Update hash.
Change-Id: I1b5c3f1cb770c7d29cf4a9c678ea8786f89c31e3
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.211.
(linux-libre-5.10-pristine-source): Update hash.
Change-Id: I9171f5c2aa6b1184dbbcd12a8546c39ac775d0ce
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-5.15-version): Update to 5.15.150.
(linux-libre-5.15-pristine-source, deblob-scripts-5.15): Update hashes.
Change-Id: I22b170d3af24151e22cc4f3c830ce91be1b00d0c
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.80.
(linux-libre-6.1-pristine-source, deblob-scripts-6.1): Update hashes.
Change-Id: Ieeb2db5249ef534a2cd00b66f1064673245c4b91
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.19.
(linux-libre-6.6-pristine-source, deblob-scripts-6.6): Update hashes.
Change-Id: I675043d5a7d7a58046c5c4883baf602997ab894c
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/linux.scm (linux-libre-6.7-version): Update to 6.7.7.
(linux-libre-6.7-pristine-source, deblob-scripts-6.7): Update hashes.
Change-Id: Ibf045f6eccaa36acd373ca03dc6239174edbae20
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/packages/cran.scm (r-logger): Update to 0.3.0.
Change-Id: Id090ba50fe10b71785acf359f880ec030c9eb235
|
|
* gnu/packages/cran.scm (r-paws-common): Update to 0.7.1.
Change-Id: I114662deb79dcc063dcb74e4ab72739c185fb0f0
|
|
* gnu/packages/cran.scm (r-rstan): Update to 2.32.6.
[inputs]: Add pandoc.
Change-Id: Iddad21c83ce3f5af01c57027edc7157948092990
|
|
* gnu/packages/cran.scm (r-fda): Update to 6.1.8.
Change-Id: Iba11aa8b4b31b9bd95b4b819e759aa6d2d97e37a
|
|
* gnu/packages/cran.scm (r-accsda): Update to 1.1.3.
[propagated-inputs]: Remove r-ggthemes.
Change-Id: I00d749030f50d5837a5572c0642551e212e97a1a
|
|
* gnu/packages/cran.scm (r-graphlayouts): Update to 1.1.1.
Change-Id: I20a604015e7b16b0ac6fb83169f2fbd3002b2cb7
|
|
* gnu/packages/cran.scm (r-systemfonts): Update to 1.0.6.
Change-Id: I88b6bca71843e034780cc897506a5ca73d6288a8
|
|
* gnu/packages/cran.scm (r-ggraph): Update to 2.2.1.
Change-Id: I16a96877df3fa37c5065862a6768389e11299a8a
|
|
* gnu/packages/cran.scm (r-gmodels): Update to 2.19.1.
Change-Id: Ifdb09883a7093c4b3521dce0da6136f278f6ab9d
|
|
* gnu/packages/cran.scm (r-cobs): Update to 1.3-8.
Change-Id: Ia654a9e3431f92566df1e7f8b0d8ec6e79920c78
|
|
* gnu/packages/cran.scm (r-globals): Update to 0.16.3.
Change-Id: I655b63182fa9cda436f5b7be7de5730682ff5af1
|
|
* gnu/packages/cran.scm (r-rnifti): Update to 1.6.1.
Change-Id: I7ef3a2b3a85c4c67b1ea23b23eabef67944aa284
|
|
* gnu/packages/cran.scm (r-colorramps): Update to 2.3.4.
Change-Id: I0b8667b643666a68fda52376e19a56bbb3862134
|
|
* gnu/packages/cran.scm (r-admisc): Update to 0.35.
Change-Id: I1cc5bc8124782c06e2b2fe1a41c397548bf3dba5
|
|
* gnu/packages/cran.scm (r-multcompview): Update to 0.1-10.
Change-Id: I87369df94b804ee2b51a194bb1f7a6f8a20eae63
|
|
* gnu/packages/cran.scm (r-survey): Update to 4.4-1.
[propagated-inputs]: Add r-rcpp and r-rcpparmadillo.
[native-inputs]: Add r-r-rsp.
Change-Id: I0974a97525a0f475988c8c2860d8a6129a7859ce
|
|
* gnu/packages/cran.scm (r-flextable): Update to 0.9.5.
Change-Id: I0355bf1ee1231d57f389d6cecd1f7dc01beca7a0
|
|
* gnu/packages/cran.scm (r-nodbi): Update to 0.10.4.
Change-Id: I9ef02e2897b0321c1a7347bc64a44358d4999167
|
|
* gnu/packages/cran.scm (r-zcompositions): Update to 1.5.0-2.
Change-Id: I429845c3d6d2629b720484585e3c29b4552aef1e
|
|
* gnu/packages/statistics.scm (r-rmarkdown): Update to 2.26.
[propagated-inputs]: Remove r-stringr.
Change-Id: If4120aca18f6fb5b1fbeccbc9848be52079baa14
|
|
* gnu/packages/cran.scm (r-qs): Update to 0.26.1.
[arguments]: Remove 'use-older-zstd phase.
[propagated-inputs]: Remove r-bh.
Change-Id: I1b47155a2a0102631d905c19c15ff70f75229e8a
|
|
* gnu/packages/cran.scm (r-rgl): Update to 1.3.1.
[inputs]: Remove pandoc.
Change-Id: I71d6afc246dc4df92592b60d1ece742a61075dbc
|
|
* gnu/packages/web-browsers.scm (nyxt): Update to 3.11.4.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
|
|
* gnu/packages/rust-apps.scm (rust-cbindgen): Update to 0.26.0.
Change-Id: I54e031b53162730551f525c1445f98eaac552315
|
|
* gnu/packages/rust-apps.scm (rust-bindgen): New variable.
Change-Id: I8b4a8e1d2c6a796143625b3de603cdec25723309
|
|
This package is currently a mirror of rust-cargo-0.76.
* gnu/packages/rust-apps.scm (rust-cargo): New variable.
Change-Id: I47c80566fe916b0b7ebff653cce625dd4d1f4ba6
|
|
* gnu/packages/python-xyz.scm (python-configargparse): Update to 1.7.
[propagated-inputs]: Add python-pyyaml.
Change-Id: Iac1e01fbbf5cefde15facadc176ea26fee9031ee
|
|
* gnu/packages/docker.scm (python-docker): Update to 7.0.0.
[native-inputs]: Add python-setuptools-scm.
[propagated-inputs]: Add python-packaging.
Change-Id: I1c23575836689e9bcdbcea22ea9d84520b0353a0
|
|
* gnu/packages/rdf.scm (python-rdflib-jsonld): Delete variable.
Change-Id: I4756396d70eb64ae01b4f6f6c416d9a34a124942
|
|
* gnu/packages/rdf.scm (python-rdflib-5): Delete variable.
Change-Id: I3a2dfe42805ccc5eedc5b71d900dfae2aa91d7a1
|
|
* gnu/packages/python-xyz.scm (python-prov)[arguments]: Add
fix-rdflib-6-compatibility phase.
[propagated-inputs]: Replace python-rdflib-5 with python-rdflib.
Change-Id: I07de032e1b5e9b6e045904e3f6880b1acc6a9075
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* gnu/packages/python-web.scm (python-extruct): Update to 0.16.0.
[propagated-inputs]: Remove python-rdflib-jsonld.
Change-Id: I83608101a9ad3d223c7874c4fb5b34c37073ace5
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
This reverts a4c35c607cfd7d6b0bad90cfcc46188d489e1754.
* etc/time-travel-manifest.scm (%release-commits): Uncomment all the
revisions.
Change-Id: I6abdb760cbcf06597d843cabc5fd973ee916dc77
|
|
* gnu/packages/python.scm (python-next)[arguments]: Skip another test
which fails on slow machines.
Change-Id: I777aa346c674604a22dc0be0b319f5df02e0ab3b
|
|
* gnu/packages/video.scm (rav1e)[properties]: Mark package as tunable.
Change-Id: Icaf3615ce6f1e76416543a1285af5f1fdaec3589
|
|
* guix/transformations.scm (tuning-compiler): Add support for rustc.
Change-Id: I6db596a586eda648666550cdcadaa5e1704cb79c
|
|
* gnu/packages/rust.scm (rust)[properties]: Add clang-properties
matching the input llvm package.
Change-Id: Ie2ef2387fff8aa639dcd73752bcaf3c26bbb376d
|
|
* gnu/packages/llvm-meta.scm (clang-compiler-cpu-architectures): Remove
x86_64 version 15 entry since it is unchanged from the version 13 entry.
Change-Id: Ifb845993e2deec842dfbe8f9b72944457aa7e98e
|
|
* gnu/packages/llvm.scm (clang-properties): Extract
compiler-cpu-architectures and move ...
* gnu/packages/llvm-meta.scm: ... to here.
* gnu/packages/zig.scm (zig-0.9, zig-0.10)[properties]: Use
clang-compiler-cpu-architectures.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register new file.
Change-Id: Ie0bedbd6e2927eaa05024685cc66375ea278e4c2
|
|
* gnu/packages/check.scm (check-0.14)[source]: Include patch from check.
Change-Id: I490b3d4cbe09381d091a398614d6b55687ac758f
|