* guix/scripts/pull.scm (new/upgraded-packages): New procedure, with
code formerly in 'display-new/upgraded-packages'.
(display-new/upgraded-packages): Use it.
* guix/scripts/pull.scm (display-profile-news): Use
'fold-available-packages' instead of 'fold-packages' to compute OLD.
(profile-package-alist): Use 'inferior-available-packages'.
From 'NEWS' in the source distribution:
The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.
* Don't expose /proc in apply_extra script sandbox.
* gnu/packages/package-management.scm (flatpak): Update to 1.2.3.
* gnu/packages/docker.scm (%docker-version, docker, docker-cli): Update to
18.09.2.
(docker)[arguments]: Adjust to the Debian-specific 'iptables-legacy' lookup in
the 'patch-paths' phase.
* gnu/packages/virtualization.scm (runc): Update to 1.0.0-rc6.
[source]: Use a descriptive file-name. Add 'runc-CVE-2019-5736.patch'
* gnu/packages/patches/runc-CVE-2019-5736.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
From 40db2b4eae5ca61a3134cdaf7b156ed1ae9f7415 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 10 Feb 2019 23:39:25 -0500
Subject: [PATCH] gnu: python-pybedtools: Update to 0.8.0 and fix build.
* gnu/packages/bioinformatics.scm (python-pybedtools): Update to 0.8.0.
[phases]{disable-broken-tests}: Do not disable "test_issue_157" and
"test_to_dataframe" tests. Disable the "test_getting_example_beds".
{remove-cython-generated-files}: Add phase.
{generate-cython-extensions}: Add phase.
{check}: Move from python2-pybedtools to here. Add a scripts
subdirectory of the build directory to the PATH, so that the tests can call
them. Invoke pytest rather than nosetests.
[modules]: Move from python2-pybedtools to here.
[propagated-inputs]: Depend on the current BEDTOOLS rather than version 1.26.
[native-inputs]: Replace python-nose by python-pytest and add python-psutil.
Even with this patch efilinux does not build for arm*.
* gnu/packages/efi.scm (efilinux)[arguments]: On armhf-linux and
aarch64-linux set the ARCH variable apropriately.
In practice the error was not triggered because
'package-transitive-propagated-inputs' currently returns the empty list
for these two packages.
* guix/scripts/pack.scm (gcrypt-sqlite3&co): Remove labels from the
result.
* gnu/system/vm.scm (gcrypt-sqlite3&co): Likewise.
Fixes <https://bugs.gnu.org/34402>.
Reported by <pkill9@runbox.com>.
Previously 'display-error' could be called with the wrong number of
arguments (e.g., for 'git-error' exceptions), and thus nothing at all
was displayed.
* guix/ui.scm (report-load-error): Check whether ARGS matches the
parameters for 'display-error' and call 'print-exception' otherwise.