This fixes the compatibility with ffmpeg@8.
* gnu/packages/audio.scm (audacity): Update to 3.7.7.
Fixes: guix/guix#4892
Change-Id: I147bda84239194d9a3ab09462a933331c5ec2cb7
* gnu/packages/image-processing.scm (opencv)[arguments]: Disable
ReferenceAccuracy test due to floating-point precision differences
with ARM NEON.
Signed-off-by: Andreas Enge <andreas@enge.fr>
Contains fixes for:
CVE-2025-14321: Use-after-free in the WebRTC: Signaling component
CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in
the Graphics: CanvasWebGL component
CVE-2025-14323: Privilege escalation in the DOM: Notifications
component
CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT
component
CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT
component
CVE-2025-14326: Use-after-free in the Audio/Video: GMP component
CVE-2025-14327: Spoofing issue in the Downloads Panel component
CVE-2025-14328: Privilege escalation in the Netmonitor component
CVE-2025-14329: Privilege escalation in the Netmonitor component
CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT
component
CVE-2025-14331: Same-origin policy bypass in the Request Handling
component
CVE-2025-14332: Memory safety bugs fixed in Firefox 146 and
Thunderbird 146
CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6,
Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
* gnu/packages/librewolf.scm (librewolf): Update to 146.0-2.
The underlying problem for system containers still hasn't been
solved, the part of issue 78356 that has been solved is only
home containers.
This reverts commit cbc35fd9aa.
This is a work around for #4788 (previously https://issues.guix.gnu.org/78356).
* gnu/system/linux-container.scm (container-script): Disable lock-mounts?
Change-Id: Ib8eacfc1f1f1a858acf19beb6c14e12c4648b8d9
* etc/guix-install.sh (main_install): Call chk_gpg_keyring only if
GUIX_BINARY_FILE_NAME is not set.
Change-Id: Ia0a7449c8798ca7d61a0f1f1e793f2bafd521c5b
Signed-off-by: npatra <nilesh@riseup.net>
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Instead of fetching from no longer responsive gnu.org, fetch from
Codeberg.org, falling back to public keyservers in case codeberg
is down or unresponsive.
* etc/guix-install.sh
(GPG_SIGNING_KEY): Change gnu.org user ids to codeberg usernames.
(PUBLIC_KEYSERVERS): Add variable.
(chk_gpg_keyring): Use codeberg for fetching gpgs and fallback to public
keyservers.
Change-Id: Iddcd31239e2f3460d920194d62443ff00be7c957
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
There may be an improvement to be made to guix-daemon to avoid some
spurious denial audit messages, as described in the FIXME.
* etc/guix-daemon.cil.in: Add missing rules for guix gc.
Change-Id: I3651c4523528649048c7135fabd3000c8e78b1ff
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
With the changes in this commit, I can use "guix pull" and
"guix install <package>" successfully and without generating SELinux
denial erros in the system log.
* etc/guix-daemon.cil.in: Add missing rules for guix pull/guix install.
Change-Id: I40b5ed2c458b275804bc073fb72286947ecb0283
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Fixes: guix/guix#3330
* gnu/packages/qt.scm (qtbase)[source]: Add patch.
[arguments]: Adjust a phase to substitute the location for libvulkan.so.
* gnu/packages/patches/qtbase-patch-libvulkan.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
Co-authored-by: kestrelwx <kestrel.w@proton.me>
Change-Id: I39f1be5a30c5c17a4e4ea6c853b475f20ba8272c
Signed-off-by: Andreas Enge <andreas@enge.fr>
wdiff is a single leaf package; there is few to no reason to keep it isolated
in a single file.
Given that patchutils.scm has similar packages, e.g. @code{vbindiff}, it is a
good choice to receive wdiff.
* gnu/local.mk: Remove reference to wdiff.scm.
* gnu/packages/wdiff.scm: Delete file.
(wdiff): Move from here ...
* gnu/packages/patchutils.scm: ... to here.
Update copyright commentaries.
Add module (gnu packages texinfo).
* po/packages/POTFILES.in: Remove reference to wdiff.scm.
Change-Id: Ife2c051c209948afafe67854a315bdfa1a604f52
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.tex (Base Services)[extra-special-file]: Add warning regarding
special files persisting after extra-special-file call is removed from the
system config.
Change-Id: I29cb3a31ee45894293d9becf3c0ebe93ea7f0da4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #2810
