* gnu/packages/compression.scm (snappy)[source]: Build with ‘-O2’.
* gnu/package/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (dropbear)[source]: Use it.
* gnu/services/ssh.scm (<openssh-configuration>)[log-level]: New field.
(openssh-config-file): Honor it.
* doc/guix.texi (Networking Services): Document it.
* doc/guix.texi (Networking Services): Document it, and mention that
tor-service is deprecated.
* gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>:
New field.
(tor-configuration->torrc): When socks-socket-type is 'unix, set
SocksPort to UNIX domain socket /var/run/tor/socks-sock and set
UnixSocksGroupWritable to 1.
* gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using
a custom config file, just set socks-socket-type to 'unix.
* gnu/tests/networking.scm (%tor-os/unix-socks-socket): New variable.
(run-tor-test) <os/unix-socks-socket, marionette/unix-socks-socket>
<socket-directory>: New variables.
<"tor is alive">: Move common code from this test case...
<tor-is-alive?>: ...into this new procedure.
<"tor is listening", "tor is alive, even when using a SOCKS socket">
<"tor is listening, even when using a SOCKS socket">: New test cases.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
* gnu/packages/patches/grub-check-error-efibootmgr.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/bootloaders.scm (grub)[source](patches): New field.
The MELPA tarball hash changed. Prevent this problem in the future
by downloading a git checkout.
* gnu/packages/emacs.scm (emacs-async)[home-page]: Update to actual.
[source]: Use GIT-FETCH.
The autoload hack was added a year ago, before 0.14.0, i.e., before any
release would depend on Guile-Git. Both 0.14.0 and 0.15.0 required
Guile-Git, and 'guix pull' now automatically pulls it in, so this hack
is no longer necessary.
* guix/scripts/pull.scm: Use (git) and (guix git). Remove top-level
call to 'module-autoload!'.
(ensure-guile-git!): Remove.
(guix-pull): Remove call to 'ensure-guile-git!'.
Previously we'd have lots of useless entries on the search paths, such
as libtasn1, libidn2, zlib, gmp, etc. because they are propagated by
gnutls.
* guix/self.scm (guix-command)[source-directories, object-directories]:
New variables. Use them in the body of "guix-command". Filter their
items with 'file-exists?'.
This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.
* gnu/packages/xorg.scm (libx11)[replacement]: New field.
(libx11-1.6.6): New public variable.