Commit Graph

8933 Commits

Author SHA1 Message Date
Leo Famulari 8fe5d95e66
services: urandom-seed: Set umask to 077 while shutting down.
* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
2016-05-31 00:03:10 -04:00
Leo Famulari df2dd07b88
gnu: libxml2: Update replacement to 2.9.4 [security fixes].
This fixes CVE-2016-{1762, 1833, 1834, 1835, 1836, 1837, 1838, 1839,
1840, 3627, 3705, 4483}.

* gnu/packages/patches/libxml2-CVE-2016-3627.patch,
gnu/packages/patches/libxml2-CVE-2016-3705.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/xml.scm (libxml2/fixed): Update to 2.9.4.
[source]: Remove patches.
2016-05-30 21:47:40 -04:00
Ludovic Courtès c06f6db7a4
container: Gracefully report mount errors in the child process.
Fixes <http://bugs.gnu.org/23306>.

* gnu/build/linux-container.scm (run-container): Use 'socketpair'
instead of 'pipe'.  Rename 'in' to 'child' and 'out' to 'parent'.  Send
a 'ready message or an exception argument list from the child to the
parent; adjust the parent accordingly.
* tests/containers.scm ("call-with-container, mnt namespace, wrong bind
mount"): New test.
* tests/guix-environment-container.sh: Add test with
--expose=/does-not-exist.
2016-05-31 00:11:04 +02:00
Ludovic Courtès 4c14d4eaa7
container: Gracefully handle failure to set up user namespaces.
* gnu/build/linux-container.scm (run-container): Exit when the parent
process doesn't say 'ready.
2016-05-31 00:11:04 +02:00
Efraim Flashner f80d5fe02e
gnu: vapoursynth: Update to 32.
* gnu/packages/video.scm (vapoursynth): Update to 32.
2016-05-30 22:22:26 +03:00
Efraim Flashner 365a4a7f40
gnu: Add zimg.
* gnu/packages/image.scm (zimg): New variable.
2016-05-30 22:22:25 +03:00
Efraim Flashner fd1461879c
gnu: mcrypt: Fix CVE-2012-4409, CVE-2012-4426, CVE-2012-4527.
* gnu/packages/mcrypt.scm (mcrypt)[source]: Add patches.
* gnu/packages/patches/mcrypt-CVE-2012-4409.patch,
gnu/packages/patches/mcrypt-CVE-2012-4426.patch,
gnu/packages/patches/mcrypt-CVE-2012-4527.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 21:57:36 +03:00
Leo Famulari 5ae77a6f5a
gnu: imagemagick: Update to 6.9.4-5.
* gnu/packages/imagemagick.scm (imagemagick): Update to 6.9.4-5.
2016-05-30 14:08:08 -04:00
David Thompson 503a43f3fc gnu: Remove xgcc-avr.
We now have a dedicated package module for the AVR toolchain with
important modifications on top of what cross-gcc produces.

* gnu/packages/cross-base.scm (xgcc-avr): Delete.
2016-05-30 13:45:21 -04:00
David Thompson 9d2bab09aa gnu: Add avr-toolchain.
* gnu/packages/avr.scm (avr-toolchain): New procedure.
(avr-toolchain-4.9, avr-toolchain-5): New variables.
2016-05-30 13:45:21 -04:00
David Thompson 3087b7077c gnu: avr-libc: Update to 2.0.0.
* gnu/packages/avr.scm (avr-libc): Update to 2.0.0.
2016-05-30 13:45:21 -04:00
David Thompson e60972f288 gnu: avr-libc: Fix build.
* gnu/packages/avr.scm (avr-libc): Update to 2.0.0.
[native-inputs]: Use new avr-gcc and avr-binutils.
[arguments]: Add phase to unset C_INCLUDE_PATH.
2016-05-30 13:45:21 -04:00
David Thompson a17eea4ba4 gnu: Add avr-gcc-5.
* gnu/packages/avr.scm (avr-gcc-5): New variable.
2016-05-30 13:45:21 -04:00
David Thompson 09b05fc7e9 gnu: Add avr-gcc.
* gnu/packages/avr.scm (avr-gcc): New variable.
2016-05-30 13:45:21 -04:00
David Thompson cdc5cfdc4a gnu: Add avr-binutils.
* gnu/packages/avr.scm (avr-binutils): New variable.
2016-05-30 13:45:21 -04:00
Efraim Flashner 983911d627
gnu: wordnet: Use 'modify-phases'.
* gnu/packages/wordnet.scm (wordnet)[arguments]: Use 'modify-phases'.
2016-05-30 20:19:04 +03:00
Efraim Flashner c1dbd3a870
gnu: wordnet: Fix CVE-2008-2149, CVE-2008-3908.
* gnu/packages/wordnet.scm (wordnet)[source]: Add patches.
* gnu/packages/patches/wordnet-CVE-2008-2149.patch,
gnu/packages/patches/wordnet-CVE-2008-3908-pt1.patch,
gnu/packages/patches/wordnet-CVE-2008-3908-pt2.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 20:14:06 +03:00
Efraim Flashner 1f521b7055
gnu: id3lib: Fix CVE-2007-4460.
* gnu/packages/mp3.scm (id3lib)[source]: Add patch.
* gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
2016-05-30 20:13:24 +03:00
Leo Famulari 3d55d04ab8
gnu: cyrus-sasl: Update URLs.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl)[source]: Use HTTPS URL.
[home-page]: Update home-page URL.
2016-05-30 12:53:23 -04:00
Leo Famulari 726f088884
gnu: devil: Fix CVE-2009-3994.
* gnu/packages/patches/devil-CVE-2009-3994.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/image.scm (devil): Use it.
2016-05-30 12:36:26 -04:00
Leo Famulari ac9fc78ff0
gnu: iptables: Update to 1.4.21.
* gnu/packages/linux.scm (iptables): Update to 1.4.21.
2016-05-30 12:18:57 -04:00
David Thompson 6ede256f77 gnu: Add emacs-better-defaults.
* gnu/packages/emacs.scm (emacs-better-defaults): New variable.
2016-05-30 11:10:49 -04:00
David Thompson 02736daa8c gnu: emacs: Remove uncompressed-file-fetch.
* gnu/packages/emacs.scm (uncompressed-file-fetch): Delete.
(emacs-rfcview, emacs-ffap-rfc-space, emacs-queue, emacs-spinner):
Replace uncompressed-file-fetch with url-fetch.
2016-05-30 11:06:49 -04:00
humanitiesNerd 62a45cb647
gnu: Add emacs-seq.
* gnu/packages/emacs.scm (emacs-seq): New variable.

Signed-off-by: Alex Kost <alezost@gmail.com>
2016-05-30 13:11:39 +03:00
humanitiesNerd 565bccc569
gnu: Add emacs-spinner.
* gnu/packages/emacs.scm (emacs-spinner): New variable.

Signed-off-by: Alex Kost <alezost@gmail.com>
2016-05-30 13:11:39 +03:00
humanitiesNerd 32abfcf4ee
gnu: Add emacs-pkg-info.
* gnu/packages/emacs.scm (emacs-pkg-info): New variable.

Signed-off-by: Alex Kost <alezost@gmail.com>
2016-05-30 13:09:43 +03:00
humanitiesNerd ad6c4bc48a
gnu: Add emacs-queue.
*  gnu/packages/emacs.scm (emacs-queue): New variable.

Signed-off-by: Alex Kost <alezost@gmail.com>
2016-05-30 13:09:43 +03:00
Alex Kost 4509ec72a4
gnu: emacs: Fix indentation of scheme keyword lists.
* gnu/packages/patches/emacs-fix-scheme-indent-function.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/emacs.scm (emacs)[source]: Use it.
2016-05-30 13:09:43 +03:00
Efraim Flashner 5f1ba08953
gnu: gegl: Fix CVE-2012-4433.
* gnu/packages/gimp.scm (gegl)[source]: Add patch.
* gnu/packages/patches/gegl-CVE-2012-4433.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
2016-05-30 12:09:17 +03:00
Efraim Flashner 7d48938a59
gnu: vte-0.28: Fix CVE-2012-2738.
* gnu/packages/gnome.scm (vte-0.28)[source]: Add patches.
* gnu/packages/patches/vte-CVE-2012-2738-pt1.patch,
gnu/packages/patches/vte-CVE-2012-2738-pt2.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 12:09:15 +03:00
Efraim Flashner 4f3e02f198
gnu: t1lib: Fix CVE-2010-2642, CVE-2011-{0764, 1552, 1553, 1554}.
* gnu/packages/fontutils.scm (t1lib)[source]: Add patches.
* gnu/packages/patches/t1lib-CVE-2010-2642.patch,
gnu/packages/patches/t1lib-CVE-2011-0764.patch,
gnu/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 12:09:14 +03:00
Efraim Flashner f228aa1543
gnu: dtach: Use 'modify-phases'.
* gnu/packages/screen.scm (dtach)[arguments]: Use 'modify-phases'.
2016-05-30 12:09:12 +03:00
Efraim Flashner 4b23c4b36a
gnu: dtach: Update to 0.9 [Fixes CVE-2012-3368].
* gnu/packages/screen.scm (dtach): Update to 0.9.
2016-05-30 12:09:10 +03:00
Efraim Flashner b507646160
gnu: tinyproxy: Update to 1.8.4 [Fixes CVE-2012-3505].
* gnu/packages/web.scm (tinyproxy): Update to 1.8.4.
[source]: Download from new location.
[home-page]: Project has moved to Github.
2016-05-30 12:08:48 +03:00
Efraim Flashner 538884ccef
gnu: jansson: Fix CVE-2016-4425.
* gnu/packages/web.scm (jansson)[source]: Add patch.
* gnu/packages/patches/jansson-CVE-2016-4425.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
2016-05-30 09:57:16 +03:00
Efraim Flashner 9116f12690
gnu: antiword: Fix CVE-2014-8123.
* gnu/packages/textutils.scm (antiword)[source]: Add patch.
* gnu/packages/patches/antiword-CVE-2014-8123: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
2016-05-30 09:57:09 +03:00
Efraim Flashner d01f680c07
gnu: a2ps: Use 'modify-phases'.
* gnu/packages/pretty-print.scm (a2ps)[arguments]: Use 'modify-phases'.
2016-05-30 07:44:29 +03:00
Efraim Flashner 6447e19108
gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.
* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches.
* gnu/packages/patches/a2ps-CVE-2001-1593.patch,
gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 07:44:29 +03:00
Leo Famulari ccda7c8317
gnu: pcre2: Fix CVE-2016-3191.
* gnu/packages/patches/pcre2-CVE-2016-3191.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pcre.scm (pcre2): Use it.
2016-05-29 23:57:31 -04:00
Leo Famulari 0d567b5531
gnu: libyaml: Fix CVE-2014-9130.
* gnu/packages/patches/libyaml-CVE-2014-9130.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (libyaml): Use it.
2016-05-29 23:48:28 -04:00
Leo Famulari d8862778c1
gnu: graphicsmagick: Fix CVE-2016-5118.
* gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/imagemagick.scm (graphicsmagick): Use it.
2016-05-29 23:46:21 -04:00
Efraim Flashner b3d20b8280
gnu: vorbis-tools: Fix CVE-2014-9638, CVE-2014-9639, CVE-2014-9640.
* gnu/packages/xiph.scm (vorbis-tools)[source]: Add patches.
* gnu/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch,
gnu/packages/patches/vorbis-tools-CVE-2014-9640.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 06:42:02 +03:00
Efraim Flashner e99dd67ad8
gnu: libtar: Fix CVE-2013-4420.
* gnu/packages/compression.scm (libtar)[source]: Add patch.
* gnu/packages/patches/libtar-CVE-2013-4420.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.

This is a follow-up to 89d80159b1.
2016-05-30 06:04:46 +03:00
Ludovic Courtès 28dc10a455
gnu: glibc: Refer to the target kernel headers when cross-compiling.
This fixes a regression introduced in
efc4eb1475 whereby the build process
corresponding to 'guix build glibc --target=mips64el-linux-gnu' would
refer to the native headers instead of the target headers, leading to a
build failure:

  ../sysdeps/unix/sysv/linux/statfs64.c: In function ‘__statfs64’:
  ../sysdeps/unix/sysv/linux/statfs64.c:73:1: error: control reaches end of non-void function [-Werror=return-type]
   }
   ^

When we were using CROSS_CPATH instead of CROSS_C_INCLUDE_PATH, the
problem was hidden by the fact that CPATH corresponds to '-I' whereas
C_INCLUDE_PATH corresponds to '-isystem', and '-isystem' directories are
searched after '-I' directories.

* gnu/packages/base.scm (glibc)[arguments]: Refer to the kernel headers
from '%build-target-inputs' when cross-building.
2016-05-30 00:17:44 +02:00
Efraim Flashner 89d80159b1
gnu: libtar: Update to 1.2.20 [fixes CVE-2013-4397, CVE-2013-4420].
* gnu/packages/compression.scm (libtar): Update to 1.2.20.
[source]: Add Debian mirror.
[arguments]: Add 'autoconf phase.
[native-inputs]: Add autoconf, automake, libtool.
[inputs]: Add zlib.
[home-page]: Point to temporary home.
2016-05-29 22:47:05 +03:00
Efraim Flashner 43ec6ca06e
gnu: pciutils: Add kmod support.
* gnu/packages/pciutils.scm (pciutils)[inputs]: Add kmod.
2016-05-29 22:07:47 +03:00
Efraim Flashner 0ef7a93d78
gnu: pciutils: Use 'modify-phases'.
* gnu/packages/pciutils.scm (pciutils)[arguments]: Use 'modify-phases'.
2016-05-29 22:07:47 +03:00
Efraim Flashner fb3c855381
gnu: pciutils: Update to 3.5.1.
* gnu/packages/pciutils.scm (pciutils): Update to 3.5.1.
2016-05-29 22:07:47 +03:00
Leo Famulari 65da8dd01e
gnu: rpm: Fix CVE-2014-8118.
* gnu/packages/patches/rpm-CVE-2014-8118.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/package-management.scm (rpm): Use it.
2016-05-29 14:02:08 -04:00
Leo Famulari 41019e9f2a
gnu: rpm: Update to 4.12.0.1.
* gnu/packages/package-management.scm (rpm): Update to 4.12.0.1.
2016-05-29 14:02:08 -04:00