aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-03-11daemon: Protect against FD escape when building fixed-output derivations ↵Ludovic Courtès
(CVE-2024-27297). This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
2024-03-11time-machine: Allow time travels to v0.16.0.Ludovic Courtès
* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to v0.16.0. * tests/guix-time-machine.sh: Adjust comment. Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97
2024-03-11gnu: Update the default linux-libre package to the 6.7 series.Leo Famulari
* gnu/packages/linux.scm (linux-libre-version, linux-libre-gnu-revision, linux-libre-pristine-source, linux-libre-source, linux-libre): Use linux-libre-6.7. Change-Id: I889a36129417363328d7509446dcedb31f816569
2024-03-11gnu: linux-libre 4.19: Update to 4.19.308.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.308. (linux-libre-4.19-pristine-source): Update hash. Change-Id: Ifa9d16737ca5961672654822de3e5dd70cb3be1b Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 5.4: Update to 5.4.270.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.270. (linux-libre-5.4-pristine-source): Update hash. Change-Id: I1b5c3f1cb770c7d29cf4a9c678ea8786f89c31e3 Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 5.10: Update to 5.10.211.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.211. (linux-libre-5.10-pristine-source): Update hash. Change-Id: I9171f5c2aa6b1184dbbcd12a8546c39ac775d0ce Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 5.15: Update to 5.15.150.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-5.15-version): Update to 5.15.150. (linux-libre-5.15-pristine-source, deblob-scripts-5.15): Update hashes. Change-Id: I22b170d3af24151e22cc4f3c830ce91be1b00d0c Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 6.1: Update to 6.1.80.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.80. (linux-libre-6.1-pristine-source, deblob-scripts-6.1): Update hashes. Change-Id: Ieeb2db5249ef534a2cd00b66f1064673245c4b91 Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 6.6: Update to 6.6.19.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.19. (linux-libre-6.6-pristine-source, deblob-scripts-6.6): Update hashes. Change-Id: I675043d5a7d7a58046c5c4883baf602997ab894c Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: linux-libre 6.7: Update to 6.7.7.Wilko Meyer
* gnu/packages/linux.scm (linux-libre-6.7-version): Update to 6.7.7. (linux-libre-6.7-pristine-source, deblob-scripts-6.7): Update hashes. Change-Id: Ibf045f6eccaa36acd373ca03dc6239174edbae20 Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11gnu: r-logger: Update to 0.3.0.Ricardo Wurmus
* gnu/packages/cran.scm (r-logger): Update to 0.3.0. Change-Id: Id090ba50fe10b71785acf359f880ec030c9eb235
2024-03-11gnu: r-paws-common: Update to 0.7.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-paws-common): Update to 0.7.1. Change-Id: I114662deb79dcc063dcb74e4ab72739c185fb0f0
2024-03-11gnu: r-rstan: Update to 2.32.6.Ricardo Wurmus
* gnu/packages/cran.scm (r-rstan): Update to 2.32.6. [inputs]: Add pandoc. Change-Id: Iddad21c83ce3f5af01c57027edc7157948092990
2024-03-11gnu: r-fda: Update to 6.1.8.Ricardo Wurmus
* gnu/packages/cran.scm (r-fda): Update to 6.1.8. Change-Id: Iba11aa8b4b31b9bd95b4b819e759aa6d2d97e37a
2024-03-11gnu: r-accsda: Update to 1.1.3.Ricardo Wurmus
* gnu/packages/cran.scm (r-accsda): Update to 1.1.3. [propagated-inputs]: Remove r-ggthemes. Change-Id: I00d749030f50d5837a5572c0642551e212e97a1a
2024-03-11gnu: r-graphlayouts: Update to 1.1.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-graphlayouts): Update to 1.1.1. Change-Id: I20a604015e7b16b0ac6fb83169f2fbd3002b2cb7
2024-03-11gnu: r-systemfonts: Update to 1.0.6.Ricardo Wurmus
* gnu/packages/cran.scm (r-systemfonts): Update to 1.0.6. Change-Id: I88b6bca71843e034780cc897506a5ca73d6288a8
2024-03-11gnu: r-ggraph: Update to 2.2.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-ggraph): Update to 2.2.1. Change-Id: I16a96877df3fa37c5065862a6768389e11299a8a
2024-03-11gnu: r-gmodels: Update to 2.19.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-gmodels): Update to 2.19.1. Change-Id: Ifdb09883a7093c4b3521dce0da6136f278f6ab9d
2024-03-11gnu: r-cobs: Update to 1.3-8.Ricardo Wurmus
* gnu/packages/cran.scm (r-cobs): Update to 1.3-8. Change-Id: Ia654a9e3431f92566df1e7f8b0d8ec6e79920c78
2024-03-11gnu: r-globals: Update to 0.16.3.Ricardo Wurmus
* gnu/packages/cran.scm (r-globals): Update to 0.16.3. Change-Id: I655b63182fa9cda436f5b7be7de5730682ff5af1
2024-03-11gnu: r-rnifti: Update to 1.6.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-rnifti): Update to 1.6.1. Change-Id: I7ef3a2b3a85c4c67b1ea23b23eabef67944aa284
2024-03-11gnu: r-colorramps: Update to 2.3.4.Ricardo Wurmus
* gnu/packages/cran.scm (r-colorramps): Update to 2.3.4. Change-Id: I0b8667b643666a68fda52376e19a56bbb3862134
2024-03-11gnu: r-admisc: Update to 0.35.Ricardo Wurmus
* gnu/packages/cran.scm (r-admisc): Update to 0.35. Change-Id: I1cc5bc8124782c06e2b2fe1a41c397548bf3dba5
2024-03-11gnu: r-multcompview: Update to 0.1-10.Ricardo Wurmus
* gnu/packages/cran.scm (r-multcompview): Update to 0.1-10. Change-Id: I87369df94b804ee2b51a194bb1f7a6f8a20eae63
2024-03-11gnu: r-survey: Update to 4.4-1.Ricardo Wurmus
* gnu/packages/cran.scm (r-survey): Update to 4.4-1. [propagated-inputs]: Add r-rcpp and r-rcpparmadillo. [native-inputs]: Add r-r-rsp. Change-Id: I0974a97525a0f475988c8c2860d8a6129a7859ce
2024-03-11gnu: r-flextable: Update to 0.9.5.Ricardo Wurmus
* gnu/packages/cran.scm (r-flextable): Update to 0.9.5. Change-Id: I0355bf1ee1231d57f389d6cecd1f7dc01beca7a0
2024-03-11gnu: r-nodbi: Update to 0.10.4.Ricardo Wurmus
* gnu/packages/cran.scm (r-nodbi): Update to 0.10.4. Change-Id: I9ef02e2897b0321c1a7347bc64a44358d4999167
2024-03-11gnu: r-zcompositions: Update to 1.5.0-2.Ricardo Wurmus
* gnu/packages/cran.scm (r-zcompositions): Update to 1.5.0-2. Change-Id: I429845c3d6d2629b720484585e3c29b4552aef1e
2024-03-11gnu: r-rmarkdown: Update to 2.26.Ricardo Wurmus
* gnu/packages/statistics.scm (r-rmarkdown): Update to 2.26. [propagated-inputs]: Remove r-stringr. Change-Id: If4120aca18f6fb5b1fbeccbc9848be52079baa14
2024-03-11gnu: r-qs: Update to 0.26.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-qs): Update to 0.26.1. [arguments]: Remove 'use-older-zstd phase. [propagated-inputs]: Remove r-bh. Change-Id: I1b47155a2a0102631d905c19c15ff70f75229e8a
2024-03-11gnu: r-rgl: Update to 1.3.1.Ricardo Wurmus
* gnu/packages/cran.scm (r-rgl): Update to 1.3.1. [inputs]: Remove pandoc. Change-Id: I71d6afc246dc4df92592b60d1ece742a61075dbc
2024-03-11gnu: nyxt: Update to 3.11.4.Andre A. Gomes
* gnu/packages/web-browsers.scm (nyxt): Update to 3.11.4. Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
2024-03-11gnu: rust-cbindgen: Redefine as rust-cbindgen-0.26.Efraim Flashner
* gnu/packages/rust-apps.scm (rust-cbindgen): Update to 0.26.0. Change-Id: I54e031b53162730551f525c1445f98eaac552315
2024-03-11gnu: Add rust-bindgen.Efraim Flashner
* gnu/packages/rust-apps.scm (rust-bindgen): New variable. Change-Id: I8b4a8e1d2c6a796143625b3de603cdec25723309
2024-03-11gnu: Add rust-cargo.Efraim Flashner
This package is currently a mirror of rust-cargo-0.76. * gnu/packages/rust-apps.scm (rust-cargo): New variable. Change-Id: I47c80566fe916b0b7ebff653cce625dd4d1f4ba6
2024-03-11gnu: python-configargparse: Update to 1.7.Arun Isaac
* gnu/packages/python-xyz.scm (python-configargparse): Update to 1.7. [propagated-inputs]: Add python-pyyaml. Change-Id: Iac1e01fbbf5cefde15facadc176ea26fee9031ee
2024-03-10gnu: python-docker: Update to 7.0.0.Arun Isaac
* gnu/packages/docker.scm (python-docker): Update to 7.0.0. [native-inputs]: Add python-setuptools-scm. [propagated-inputs]: Add python-packaging. Change-Id: I1c23575836689e9bcdbcea22ea9d84520b0353a0
2024-03-10gnu: Remove python-rdflib-jsonld.Arun Isaac
* gnu/packages/rdf.scm (python-rdflib-jsonld): Delete variable. Change-Id: I4756396d70eb64ae01b4f6f6c416d9a34a124942
2024-03-10gnu: Remove python-rdflib-5.Arun Isaac
* gnu/packages/rdf.scm (python-rdflib-5): Delete variable. Change-Id: I3a2dfe42805ccc5eedc5b71d900dfae2aa91d7a1
2024-03-10gnu: python-prov: Use python-rdflib@6.Arun Isaac
* gnu/packages/python-xyz.scm (python-prov)[arguments]: Add fix-rdflib-6-compatibility phase. [propagated-inputs]: Replace python-rdflib-5 with python-rdflib. Change-Id: I07de032e1b5e9b6e045904e3f6880b1acc6a9075 Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
2024-03-10gnu: python-extruct: Update to 0.16.0.Arun Isaac
* gnu/packages/python-web.scm (python-extruct): Update to 0.16.0. [propagated-inputs]: Remove python-rdflib-jsonld. Change-Id: I83608101a9ad3d223c7874c4fb5b34c37073ace5 Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
2024-03-10time-travel-manifest: Uncomment all the past releases.Ludovic Courtès
This reverts a4c35c607cfd7d6b0bad90cfcc46188d489e1754. * etc/time-travel-manifest.scm (%release-commits): Uncomment all the revisions. Change-Id: I6abdb760cbcf06597d843cabc5fd973ee916dc77
2024-03-10gnu: python-next: Skip another test.Efraim Flashner
* gnu/packages/python.scm (python-next)[arguments]: Skip another test which fails on slow machines. Change-Id: I777aa346c674604a22dc0be0b319f5df02e0ab3b
2024-03-10gnu: rav1e: Mark as tunable.Efraim Flashner
* gnu/packages/video.scm (rav1e)[properties]: Mark package as tunable. Change-Id: Icaf3615ce6f1e76416543a1285af5f1fdaec3589
2024-03-10transformations: Add support for rust.Efraim Flashner
* guix/transformations.scm (tuning-compiler): Add support for rustc. Change-Id: I6db596a586eda648666550cdcadaa5e1704cb79c
2024-03-10gnu: rust: Add tuning information.Efraim Flashner
* gnu/packages/rust.scm (rust)[properties]: Add clang-properties matching the input llvm package. Change-Id: Ie2ef2387fff8aa639dcd73752bcaf3c26bbb376d
2024-03-10cpu: Remove duplicate clang-compiler-cpu-architecture entry.Efraim Flashner
* gnu/packages/llvm-meta.scm (clang-compiler-cpu-architectures): Remove x86_64 version 15 entry since it is unchanged from the version 13 entry. Change-Id: Ifb845993e2deec842dfbe8f9b72944457aa7e98e
2024-03-10gnu: clang: Move compiler-cpu-architectures to llvm-meta.scm.Efraim Flashner
* gnu/packages/llvm.scm (clang-properties): Extract compiler-cpu-architectures and move ... * gnu/packages/llvm-meta.scm: ... to here. * gnu/packages/zig.scm (zig-0.9, zig-0.10)[properties]: Use clang-compiler-cpu-architectures. * gnu/local.mk (GNU_SYSTEM_MODULES): Register new file. Change-Id: Ie0bedbd6e2927eaa05024685cc66375ea278e4c2
2024-03-10gnu: check-0.14: Fix build on powerpc-linux.Efraim Flashner
* gnu/packages/check.scm (check-0.14)[source]: Include patch from check. Change-Id: I490b3d4cbe09381d091a398614d6b55687ac758f