New upstream release. Contains fixes for:
CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
137
* gnu/packages/librewolf.scm (librewolf): Update to 137.0.1-1.
Change-Id: I418fadabc2375fe85e6d71f0fba198ae5983159c
* gnu/packages/gnome.scm (mutter) [phases]
{disable-problematic-tests}: Disable all stacking tests plus the
event-delivery test.
Change-Id: Icdc3271e8d691881cee01b041de64269be8fc155
* gnu/packages/gtk.scm (gtk): Update to 4.16.13.
[phases] {patch}: Disable the gsk scaling test and mask-half-pixel gsk compare
test variants.
Change-Id: I041a22ea60fd24f74c705716c1bd1e9a10e2acee
This is to match recently established conventions. Add a deprecated public
alias to avoid breaking channels using inkscape/stable.
Automated via:
git grep -l inkscape/stable |
xargs sed -i 's,inkscape/stable,inkscape/pinned,'
Change-Id: If74bf91b1da0d2ca8cf25c6038b4c2100262873e
Prior to this change, only the udev rules installed to eudev's prefix were
consulted by tools such as udevadm, leading to problems such as when
configuring network interfaces, or attempting to override its default rules.
While our custom eudev patch adding support for the EUDEV_RULES_DIRECTORY
environment variable could have been refined to take precedence over the
package's configured udevrulesdir, this was not pursued for the following
reasons:
1. Due to eudev's using inotify to detect new rules, the EUDEV_RULES_DIRECTORY
is fixed in Guix System, per commit e9fa17eb98 ("services: udev: Use a fixed
location for the rules directory and config.")
2. Users would have had to set EUDEV_RULES_DIRECTORY to the fixed directory
themselves to have udevadm work as expected, which is inconvenient.
3. This simple solution is already implemented and tested in NixPkgs.
* gnu/packages/linux.scm (eudev) [source]: Remove custom patch.
[arguments] <#:make-flags>: New argument.
<#:phases>: Override install phase to alter installation make flags.
* gnu/services/base.scm (udev-shepherd-service): Do not set
EUDEV_RULES_DIRECTORY environment variable.
* gnu/packages/patches/eudev-rules-directory.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): De-register it.
Fixes: https://issues.guix.gnu.org/63508
Reported-by: Felix Lechner <felix.lechner@lease-up.com>
Change-Id: Ib8698f4b452f6fd0951bcd71831705b1be85e6e0
This environment variable used to be honored by udevd, but that is no longer
the case (as shown by grepping its source).
* gnu/services/base.scm (udev-shepherd-service) <#:environment-variables>:
Remove UDEV_CONFIG_FILE.
Change-Id: I0828de76e8da429432bc0679903aa501c99625af
* gnu/packages/freedesktop.scm (localed): Update to 257.4.
[source]: Streamline snippet; no longer adjust to use /var/run instead of
/run.
[arguments] <#:phases>: Adjust set-xkeyboard-config-file-name phase.
* gnu/packages/patches/localed-xorg-keyboard.patch: Rebase patch.
Change-Id: I3853ee2b64b7f48ea4592aa206ecee86a7164185
* gnu/packages/freedesktop.scm (localed) [arguments]: Use gexps.
[native-inputs, inputs]: Use modify-inputs and drop labels.
Change-Id: I01f06685cd3b9d731dd36f27c32da8ecce0eb2c7
These changes are based on emacs-forge package. As all magit related packages
share the same structure, let’s build them similarly.
* gnu/packages/emacs-xyz.scm (emacs-magit): Simplify package.
[arguments]<#:exclude>: Remove unexisting excludes.
<#:phases>: Remove unnecessary configure-git phase. Remove all unnecessary
replace phases. Add new chdir-lisp phase to operate from lisp dir. No need
to make files writable. Group all emacs-substitute-variables, and remove
relative path.
<#:test-command>: Consider updated makefile path.
Change-Id: I3c2ae992faf56b9f9e7a68d1b9df430ab3b221a0
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/emacs-xyz.scm (emacs-julia-mode): Update to 1.0.2-0.7fc071e.
[arguments]<#:include>: Add make-julia-latexsubs.jl.
[arguments]<#:phases>: No more need of fix-test phase.
Change-Id: Ibb8cddcab527fc692f741eca5314f9c6190e40d2
Signed-off-by: Christopher Baines <mail@cbaines.net>
Since the OTC directory was deleted from the repo, I moved the source for
output "out" from OTC to SuperOTC. SuperOTC is a combination of all the
weights of OTC. The contents should not change.
* gnu/packages/fonts.scm: Import (guix build-system copy).
(font-adobe-source-han-sans): Update to 2.004.
[outputs] Add "hk" (Hong Kong). Switch to SuperOTC for "out".
[build-system] Switch to copy-build-system for simplicity..
[arguments] Fixes for build system transition. Use G-Expression.
[native-inputs]: Add unzip.
Change-Id: I3b37b9406c932b3e4f936367670cbd2ca4a0f926
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/games.scm (azimuth): Update to 1.0.3-0.050f838.
[arguments]: Use G-expressions.
Change-Id: I8fac420512b89b9f3af2d7dedeed48b06d4ca684
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/fonts.scm (font-adobe-source-sans-pro): Update to 3.052.
[source]: Adjust url for redirect.
[version]: Remove "R" in version because it stands for "Release" and is not
part of the version.
[home-page]: Fix permanent redirect.
Change-Id: If8e0f531718058c90da5908e65370de187358348
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/fonts.scm (font-go): Update to 2.010.
[version] Use git-version. Adopted version number that was written in the
41969df76e82aeec85fa3821b1e24955ea993001 commit message.
[arguments] Use G-expression.
Change-Id: I4dd8c14c42fdb3803d6e6ff4d075242621c3abd6
Signed-off-by: Christopher Baines <mail@cbaines.net>
* guix/man-db.scm (man-page->entry): Extract man name and section from
.Dt macro.
Change-Id: I02dc99d73dceecdb077315805025efad9a650e91
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/man-db.scm (man-macro-tokenize): New procedure to parse man
macros.
(man-page->entry): Parse macro line using man-macro-tokenize.
Change-Id: Iea0ffbc65290757df746138e0a6174646b5a3eb8
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This package is a duplicate of "showmethekey". Upstream seems to prefer
naming the package without hyphens in the name.
* gnu/packages/xdisorg.scm (show-me-the-key): Delete variable.
* gnu/packages/video.scm (show-me-the-key): Add as a deprecated alias for
showmethekey.
Change-Id: I21daae0826b6fbc5adf6d10a8497099875ae09f1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/77570>.
Commit 40f69b586a made chroot root
directory read-only; as a consequence, build processes attempting to
write to the root directory would now get EROFS instead of EACCES.
It turns out that a number of test suites (Go, Ruby, SCons, Shepherd)
would fail because of this observable difference.
To restore previous behavior in build environments while still
preventing build processes from exposing their root directory to outside
processes, this patch (1) keeps the root writable but #o555 by default,
thereby restoring the EACCES behavior, and (2) ensures that the parent
of the chroot root directory is itself user-accessible only.
* nix/libstore/build.cc (class DerivationGoal)[chrootRootTop]: New
field.
(DerivationGoal::startBuilder): Initialize ‘chrootRootTop’ and make it
‘AutoDelete’. Replace ‘mount’ call that made the root directory
read-only by a mere ‘chmod_’ call.
* tests/store.scm ("build root cannot be made world-readable"): Remove.
("writing to build root leads to EACCES"): New test.
Reported-by: Ada Stevenson <adanskana@gmail.com>
Reported-by: keinflue <keinflue@posteo.net>
Suggested-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I5912e8b3b293f8242a010cfc79255fc981314445
* gnu/services/mail.scm (opensmtpd-configuration): Add log-file field.
(opensmtpd-shepherd-service)[start]: Add a command line flag to not
daemonize. Drop #:pid-file. Add #:log-file.
* doc/guix.texi (Mail Services): Document the additional parameter.
Change-Id: I485e040d680ccb39fa62e49d2e6ea916f047972c
Signed-off-by: Andreas Enge <andreas@enge.fr>
