This is an improvement over commit af6100f.
* gnu/packages/gnome.scm (glib-networking)[source](patches): New field.
[arguments]: Pass '/etc/ssl/certs/ca-certificates.crt' to configure.
Set 'SSL_CERT_FILE' to '/dev/null' in 'use-empty-ssl-cert-file' phase.
(libsoup)[arguments]: Set 'SSL_CERT_FILE' to '/dev/null' in
'pre-check' phase.
* gnu/packages/patches/glib-networking-ssl-cert-file.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (wireless-tools)[source]: Replace unneeded
old snippet with a new one that removes non-free files.
[arguments]: Use modify-phases. Remove custom 'configure' phase. Add
make-flags.
[license]: Change to (list gpl2 lgpl2.1+).
WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213). I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603). I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Fixes bug #21226.
Linux 3.19 introduced a fix for a security vulnerability in user namespaces.
This fix introduced a new proc file called 'setgroups' and was backported to
many older kernels. However, some users run a kernel that is new enough to
support user namespaces yet old enough to not include the patch, so we must
skip the tests.
* tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.
Reported by Eric Dvorsak <eric@dvorsak.fr> on #guix.
* guix/scripts/import/elpa.scm (%default-options): Remove redundant
quote which led to an error if --archive option was not specified.
* gnu/packages/scanner.scm (sane-backends): Build with libusb-compat as an
input and install a udev rule to give users access to scanners.
Modified-By: Mark H Weaver <mhw@netris.org>
It's not always possible to map 65536 uids when creating a container as the
root user within another user namespace. This is true when building Guix
within the build daemon's container. By using a uid range of 1 by default,
even as the root user, the tests now pass.
* gnu/build/linux-container.scm (initialize-user-namespace, run-container):
Add 'host-uids' argument.
(call-with-container): Add #:host-uids keyword argument.
* tests/containers.scm ("container-excursion"): Update 'run-container' call.
* gnu/build/file-systems.scm (regular-file?): New procedure.
(mount-file-system): Create a regular file instead of a directory when bind
mounting a regular file.
* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. Move the 'patches'
field above the snippet.
Taylan Ulrich Bayırlı/Kammer