bug#54453: crash running 'guix pull'

[zimoun]

Hi,

On Mon, 21 Mar 2022 at 16:23, Peter Bhat Harkins  wrote:

> The VPS was created almost two years ago, and 'guix pull' was run many
> times, though not in the last few months.

Did you garbage collect “guix gc”?  For instance with the option ’-F 5G’
or this option ’-d 9m’.

Because if you pull again and again, the store is growing.  And
depending on the size your VPS, you can reach the limit of the available
space.


> Is there documentation anywhere of what system resources a guix system,
> or this particular command, requires? Is there any method for
> estimating? It sounds like you're suggesting the requirements have
> changed over time. Do running guix systems require more disk and RAM as
> they age, or does this undocumented requirement also apply to new
> systems?

No, I am not suggesting a change.  I am trying to identify why your
setup is failing and emit hypothesis.

> At this point I'm less concerned about this individual crash bug and
> more concerned that running any guix system is unsustainable.

You are drawing hard conclusions from some hypothesis when they are just
hypothesis.

Over this 2 years, how many times did you garbage collect?


Cheers,
simon

bug#54495: unexpected download after gc

[raingloom]

On Fri, 18 Mar 2022 14:50:01 +0100
zimoun  wrote:

> Hi,
> 
> Considering this with revision a03936a:
> 
> guix gc
> guix install python-ipython -p tools
> guix gc
> guix install python-ipython -p tools
> 
> I am surprised that:
> 
>  1. the second GC collects things
>  2. the second install downloads things
> 
> especially by this line:
> 
> python-ipython-7.27.0  892KiB  4.6MiB/s 00:00 [##]
> 100.0%
> 
> 
> Well, it is because of grafts.  The profile contains the grafted
> version and the installation expect first the non-grafted for
> computing the graft.  For instance:
> 
> --8<---cut here---start->8---
> $ guix gc --list-dead | grep ipython
> finding garbage collector roots...
> determining live/dead paths...
> /gnu/store/xmw4vxabnkm7vwa0ywfcqcmknbnia0c3-python-ipython-7.27.0
> 
> guix build python-ipython --no-grafts
> /gnu/store/xmw4vxabnkm7vwa0ywfcqcmknbnia0c3-python-ipython-7.27.0
> --8<---cut here---end--->8---
> 
> When something is grafted, is it possible to consider the non-grafted
> as a "derivation", i.e., control the GC with 'gc-keep-derivations'.
> 
> Or the grafted could keep a reference to the non-grafted?
> 
> 
> Well, I was expecting that this composition:
> 
> guix gc && guix install
> 
> was "idempotent" in a way. :-) And to me, the fact that it is not is
> somehow a bug.  Maybe, it is already well-known and not considered as
> bug.
> 
> 
> Cheers,
> simon
> 
> 
> 

There should definitely be more attention paid to offline use so IMHO
this is a bug. Or at least missing feature.

bug#54525: [PATCH 5/5] gnu: thunar: Add search path for "THUNARX_DIRS".

[tumashu]

From: Feng Shu 

* gnu/packages/xfce.scm (thunar)[native-search-paths]: new field.
[source]: Add thunar-search-paths.patch.
---
 .../patches/thunar-search-paths.patch | 211 ++
 gnu/packages/xfce.scm |  12 +-
 2 files changed, 222 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/thunar-search-paths.patch

diff --git a/gnu/packages/patches/thunar-search-paths.patch 
b/gnu/packages/patches/thunar-search-paths.patch
new file mode 100644
index 00..fcf55ba14f
--- /dev/null
+++ b/gnu/packages/patches/thunar-search-paths.patch
@@ -0,0 +1,211 @@
+From 848f1dfb2d2f404efa5371817285236d33b32a5c Mon Sep 17 00:00:00 2001
+From: tumashu 
+Date: Tue, 22 Mar 2022 20:16:19 +
+Subject: [PATCH] Look for thunar plugins at $THUNARX_DIRS (Issue #748)
+
+THUNARX_DIRS is a list of directories where thunar plugins are looked
+for. It is needed for distributions like NixOS/GuixOS that do not
+install all plugins in the same directory. In NixOS/GuixOS each
+package is installed in a self contained directory.
+
+MR !197
+---
+ thunarx/thunarx-provider-factory.c | 86 +-
+ thunarx/thunarx-provider-module.c  | 68 ++-
+ 2 files changed, 91 insertions(+), 63 deletions(-)
+
+diff --git a/thunarx/thunarx-provider-factory.c 
b/thunarx/thunarx-provider-factory.c
+index 94b11545..386c3417 100644
+--- a/thunarx/thunarx-provider-factory.c
 b/thunarx/thunarx-provider-factory.c
+@@ -154,54 +154,66 @@ thunarx_provider_factory_load_modules 
(ThunarxProviderFactory *factory)
+   GList *modules = NULL;
+   GList *lp;
+   GDir  *dp;
++  gchar *dirs_string;
++  gchar**dirs;
+ 
+-  dp = g_dir_open (THUNARX_DIRECTORY, 0, NULL);
+-  if (G_LIKELY (dp != NULL))
++  dirs_string = (gchar *) g_getenv ("THUNARX_DIRS");
++  if (!dirs_string)
++dirs_string = THUNARX_DIRECTORY;
++  dirs = g_strsplit (dirs_string, G_SEARCHPATH_SEPARATOR_S, 0);
++
++  for (int i = 0; dirs[i] != NULL; i++)
+ {
+-  /* determine the types for all existing plugins */
+-  for (;;)
+-{
+-  /* read the next entry from the directory */
+-  name = g_dir_read_name (dp);
+-  if (G_UNLIKELY (name == NULL))
+-break;
+ 
+-  /* check if this is a valid plugin file */
+-  if (g_str_has_suffix (name, "." G_MODULE_SUFFIX))
+-{
+-  /* check if we already have that module */
+-  for (lp = thunarx_provider_modules; lp != NULL; lp = lp->next)
+-if (g_str_equal (G_TYPE_MODULE (lp->data)->name, name))
+-  break;
++  dp = g_dir_open (dirs[i], 0, NULL);
+ 
+-  /* use or allocate a new module for the file */
+-  if (G_UNLIKELY (lp != NULL))
+-{
+-  /* just use the existing module */
+-  module = THUNARX_PROVIDER_MODULE (lp->data);
+-}
+-  else
+-{
+-  /* allocate the new module and add it to our list */
+-  module = thunarx_provider_module_new (name);
+-  thunarx_provider_modules = g_list_prepend 
(thunarx_provider_modules, module);
+-}
++  if (G_LIKELY (dp != NULL))
++{
++  /* determine the types for all existing plugins */
++  for (;;)
++{
++  /* read the next entry from the directory */
++  name = g_dir_read_name (dp);
++  if (G_UNLIKELY (name == NULL))
++break;
+ 
+-  /* try to load the module */
+-  if (g_type_module_use (G_TYPE_MODULE (module)))
++  /* check if this is a valid plugin file */
++  if (g_str_has_suffix (name, "." G_MODULE_SUFFIX))
+ {
+-  /* add the types provided by the module */
+-  thunarx_provider_factory_add (factory, module);
+-
+-  /* add the module to our list */
+-  modules = g_list_prepend (modules, module);
++  /* check if we already have that module */
++  for (lp = thunarx_provider_modules; lp != NULL; lp = 
lp->next)
++if (g_str_equal (G_TYPE_MODULE (lp->data)->name, name))
++  break;
++
++  /* use or allocate a new module for the file */
++  if (G_UNLIKELY (lp != NULL))
++{
++  continue;
++}
++  else
++{
++  /* allocate the new module and add it to our list */
++  module = thunarx_provider_module_new (name);
++  thunarx_provider_modules = g_list_prepend 
(thunarx_provider_modules, module);
++}
++
++  /* try to load the module */
++ 

bug#54525: [PATCH 4/5] gnu: Add thunar-vcs-plugin.

[tumashu]

From: Feng Shu 

* gnu/packages/xfce.scm (thunar-vcs-plugin): New variable.
---
 gnu/packages/xfce.scm | 37 +
 1 file changed, 37 insertions(+)

diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 083e890cc7..d3a414ec15 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -35,6 +35,7 @@
 (define-module (gnu packages xfce)
   #:use-module (gnu artwork)
   #:use-module (gnu packages)
+  #:use-module (gnu packages apr)
   #:use-module (gnu packages base)
   #:use-module (gnu packages calendar)
   #:use-module (gnu packages cdrom)
@@ -63,6 +64,8 @@ (define-module (gnu packages xfce)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages search)
+  #:use-module (gnu packages textutils)
+  #:use-module (gnu packages version-control)
   #:use-module (gnu packages web)
   #:use-module (gnu packages wm)
   #:use-module (gnu packages xml)
@@ -858,6 +861,40 @@ (define-public thunar-media-tags-plugin
 tags-based file renaming from inside Thunar Bulk Renamer.")
 (license gpl2+)))
 
+(define-public thunar-vcs-plugin
+  (package
+(name "thunar-vcs-plugin")
+(version "0.2.0")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://archive.xfce.org/src/thunar-plugins/";
+   name "/" (version-major+minor version)
+   "/" name "-" version ".tar.bz2"))
+   (sha256
+(base32 "1f2d1dwfyi6xv3qkd8l8xh0vhz8wh0601cyigjzn426lqga1d29n"
+(build-system gnu-build-system)
+(arguments
+ (list #:configure-flags
+   #~(list (string-append "CPPFLAGS=-I" #$apr-util "/include/apr-1"
+(native-inputs (list pkg-config intltool utf8proc))
+(inputs
+ (list exo
+   gtk+
+   thunar
+   libxfce4util
+   apr
+   apr-util
+   subversion
+   git))
+(home-page "https://www.xfce.org/";)
+(synopsis "VCS plugin for Thunar file manager")
+(description
+ "Thunar VCS Plugin (formerly known as Thunar SVN Plugin) gives SVN and
+GIT integration to Thunar, it adds Subversion and GIT actions to the context
+menu.")
+(license gpl2+)))
+
 (define-public xfwm4
   (package
 (name "xfwm4")
-- 
2.34.0

bug#54525: [PATCH 2/5] gnu: Add thunar-shares-plugin.

[tumashu]

From: Feng Shu 

* gnu/packages/xfce.scm (thunar-shares-plugin): New variable.
---
 gnu/packages/xfce.scm | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 9de3db3cc4..ba4e51a2f3 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -813,6 +813,28 @@ (define-public thunar-archive-plugin
 archive files using the file context menus in the Thunar file manager.")
 (license gpl2+)))
 
+(define-public thunar-shares-plugin
+  (package
+(name "thunar-shares-plugin")
+(version "0.3.1")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://archive.xfce.org/src/thunar-plugins/";
+   name "/" (version-major+minor version)
+   "/" name "-" version ".tar.bz2"))
+   (sha256
+(base32 "182j8jl91735004hbl0i2xxga4r6fk03srfl6g87czkjm9y8q7fw"
+(build-system gnu-build-system)
+(native-inputs (list pkg-config intltool))
+(inputs (list thunar gtk+))
+(home-page "https://www.xfce.org/";)
+(synopsis "Folder share plugin for Thunar file manager")
+(description
+ "The Thunar Shares Plugin allows you to quickly share a folder using
+Samba from Thunar (the Xfce file manager) without requiring root access.")
+(license gpl2+)))
+
 (define-public xfwm4
   (package
 (name "xfwm4")
-- 
2.34.0

bug#54525: [patchs] Let thunar support plugin search patchs and add some thunar plugins.

[Feng Shu]

-- 

bug#54525: [PATCH 1/5] gnu: Add thunar-archive-plugin.

[tumashu]

From: Feng Shu 

* gnu/packages/xfce.scm (thunar-archive-plugin): New variable.
---
 gnu/packages/xfce.scm | 21 +
 1 file changed, 21 insertions(+)

diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index b58a517257..9de3db3cc4 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -792,6 +792,27 @@ (define-public thunar-volman
 and import the new pictures from your camera.")
 (license gpl2+)))
 
+(define-public thunar-archive-plugin
+  (package
+(name "thunar-archive-plugin")
+(version "0.4.0")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://archive.xfce.org/src/thunar-plugins/";
+   name "/" (version-major+minor version)
+   "/" name "-" version ".tar.bz2"))
+   (sha256
+(base32 "059ikda4hig1iqk0g5kqc4p95chj0z1ljhl5qjrlw4l8lf3gm0mz"
+(build-system gnu-build-system)
+(native-inputs (list pkg-config intltool))
+(inputs (list exo thunar gtk+))
+(home-page "https://www.xfce.org/";)
+(synopsis "Archive plugin for Thunar file manager")
+(description "The Thunar Archive Plugin allows you to create and extract
+archive files using the file context menus in the Thunar file manager.")
+(license gpl2+)))
+
 (define-public xfwm4
   (package
 (name "xfwm4")
-- 
2.34.0

bug#54525: [PATCH 3/5] gnu: Add thunar-media-tags-plugin.

[tumashu]

From: Feng Shu 

* gnu/packages/xfce.scm (thunar-media-tags-plugin): New variable.
---
 gnu/packages/xfce.scm | 23 +++
 1 file changed, 23 insertions(+)

diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index ba4e51a2f3..083e890cc7 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -52,6 +52,7 @@ (define-module (gnu packages xfce)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mate)
+  #:use-module (gnu packages mp3)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages photo)
@@ -835,6 +836,28 @@ (define-public thunar-shares-plugin
 Samba from Thunar (the Xfce file manager) without requiring root access.")
 (license gpl2+)))
 
+(define-public thunar-media-tags-plugin
+  (package
+(name "thunar-media-tags-plugin")
+(version "0.3.0")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://archive.xfce.org/src/thunar-plugins/";
+   name "/" (version-major+minor version)
+   "/" name "-" version ".tar.bz2"))
+   (sha256
+(base32 "06sr7b4p9f585gian8vpx7j0pkzg0vvwcrjmrhvh7i5sb90w8rg2"
+(build-system gnu-build-system)
+(native-inputs (list pkg-config intltool))
+(inputs (list exo gtk+ thunar taglib))
+(home-page "https://www.xfce.org/";)
+(synopsis "Media tags plugin for Thunar file manager")
+(description
+ "Media tags plugin allows tags editing from Thunar file manager and
+tags-based file renaming from inside Thunar Bulk Renamer.")
+(license gpl2+)))
+
 (define-public xfwm4
   (package
 (name "xfwm4")
-- 
2.34.0

bug#54528: STORE-DIRECTORY-PREFIX is global, per generation, to all bootloader menu entries

[Maxim Cournoyer]

Hello Guix,

Recently I noticed after reconfiguring with the following
operating system definition:

--8<---cut here---start->8---
(use-modules (gnu bootloader)
 (gnu bootloader grub)
 (gnu packages linux)
 (gnu system file-systems)
 (guix gexp)
 (sysadmin build-machines))

;;; XXX: Copied from berlin-nodes.scm.
(define %authorized-guix-keys
  ;; List of authorized 'guix archive' keys.
  (list (local-file "keys/guix/berlin.guixsd.org-export.pub")))

(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")

(define %common-btrfs-options '(("compress-force" . "zstd")
("space_cache" . "v2")
"degraded"))

;;; Top-level Btrfs subvolume.
(define %btrfs-pool
  (file-system
(device (uuid %btrfs-raid-uuid))
(mount-point "/mnt/btrfs-pool")
(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
  (cons '("subvolid" . "5")
%common-btrfs-options)

(define (btrfs-subvolume-mount name mount-point)
  "Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
  (file-system
(device (uuid %btrfs-raid-uuid))
(mount-point mount-point)
(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
  (cons (cons "subvol" name)
%common-btrfs-options)


(define node-129-os
  (let ((base-os (berlin-new-build-machine-os
  129 #:authorized-guix-keys %authorized-guix-keys)))
(operating-system
  (inherit base-os)
  (bootloader
   (bootloader-configuration
(inherit (operating-system-bootloader base-os))
(bootloader grub-bootloader)
(targets (list "/dev/sdb" "/dev/sdc" "/dev/sdd"))
(menu-entries
 (list (menu-entry
(label "Previous system -- 5.15.19 (#91, 2022-02-18 22:25)")
(linux 
"/gnu/store/8w9v4dka10cv0r5fyw9f0pc14fszbl03-linux-libre-5.15.19/bzImage")
(linux-arguments
 '("--root=my-root"
   "--system=/var/guix/profiles/system-92-link"
   "--load=/var/guix/profiles/system-92-link/boot"
   "console=tty0"
   "console=ttyS0,57600n8"))
(initrd 
"/gnu/store/in2bcjh03kyv793v8bd3fizswyx1q0rq-raw-initrd/initrd.cpio.gz"))
  (file-systems (cons*
 (btrfs-subvolume-mount "@root"   "/")
 (btrfs-subvolume-mount "@etc""/etc")
 (btrfs-subvolume-mount "@home"   "/home")
 (btrfs-subvolume-mount "@cache"  "/var/cache")
 (btrfs-subvolume-mount "@log""/var/log")
 (btrfs-subvolume-mount "@secrets""/secrets")
 (btrfs-subvolume-mount "@srv""/srv")
 %btrfs-pool
 %base-file-systems))
  (packages (cons btrfs-progs (operating-system-packages base-os)))
  ;; FIXME: fix swap field.
  )))

node-129-os
--8<---cut here---end--->8---

That the custom menu-entry object specified in the bootloader
configuration would also result in a grub.cfg entry where the linux and
initrd items would be prefixed with '/@root/' (the store directory
prefix), which is not desired (this entry corresponds to another,
previous system generation that didn't even use Btrfs).

The problem is that the store-directory-prefix is globally applied to
all menu entries corresponding to a specific generation (e.g., via the
boot-parameters file); it seems like it should rather be preserved per
menu-entry.

Thanks,

Maxim

bug#53368: Missing needed alsa-plugins

[Christopher Rodriguez]

Sending an amended patch; After installing on another machine than my 
daily driver, I found that `alsa-plugins` and `alsa-plugins:pulseaudio` 
were needed for orca-lang to have reliable MIDI output. Going to add 
them as propagated inputs; If there's a better way to do so, please let 
me know.




OpenPGP_0x1102102EBE7C3AE4.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

bug#47420: binutils is vulnerable to CVE-2021-20197 (and various others)

[Maxim Cournoyer]

Hi,

Maxime Devos  writes:

> On Fri, 2021-03-26 at 21:41 +0100, Léo Le Bouter via Bug reports for GNU Guix 
> wrote:
>> CVE-2021-20197   18:15
>> There is an open race window when writing output in the following
>> utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip,
>> ranlib. When these utilities are run as a privileged user (presumably
>> as part of a script updating binaries across different users), an
>> unprivileged user can trick these utilities into getting ownership of
>> arbitrary files through a symlink.

Our current version of binutilsis now 2.37, immune to the CVE reported
here.

Thanks for the report!

Closing.

Maxim

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270

[Maxim Cournoyer]

Léo Le Bouter  writes:

> CVE-2021-2027023.03.21 18:15
> An infinite loop in SMLLexer in Pygments
> versions 1.5 to 2.7.3 may lead to denial of service when performing
> syntax highlighting of a Standard ML (SML) source file, as demonstrated
> by input that only contains the "exception" keyword.
>
> Upstream version 2.8.1 is not affected.

Which is now the current version packaged in Guix.

Thanks for the report!

Closing.

Maxim

bug#47319: python-lxml is vulnerable to CVE-2021-28957

[Maxim Cournoyer]

Hi,

Léo Le Bouter  writes:

> CVE-2021-2895721.03.21 06:15
> lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in
> html/defs.py) for later use in input sanitization, but does not do the
> same for the HTML5 formaction attribute.
>
> Upstream fixed it in 4.6.3 (
> https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
> ), so we should probably upgrade to that.

This is the current version in Guix.

Closing; thanks!

Maxim

bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"

[Maxim Cournoyer]

Hello,

Leo Famulari  writes:

> On Fri, Dec 03, 2021 at 07:28:18PM -0500, Mark H Weaver wrote:
>> Hi,
>> 
>> For the record, I've pushed commits
>> 080a5de2eeb5e0da83ae9fd94488508d5227c4e3 and
>> d49e7a592f2f12cd1f9e07edfeebe0a2771f491e to the 'master' branch, which I
>> believe should fix this issue in our 'nss', 'icecat', 'icedove',
>> 'icedove-wayland', and 'geierlein' packages.
>
> Thanks for working on it, Mark.
>
>> Does anyone know if there are other packages in Guix that include a
>> bundled copy of NSS?  If not, I guess this bug can be closed.
>
> Personally I don't know... I hope not. Let's wait a couple more days
> before closing.

It's been 15 weeks :-).

Closing.

Maxim

bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938

[Maxim Cournoyer]

Hello,

Léo Le Bouter  writes:

> CVE-2021-2993807:15
> An issue was discovered in the slice-deque crate through 2021-02-19 for
> Rust. A double drop can occur in SliceDeque::drain_filter upon a panic
> in a predicate function.
>
> Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91

The project appears unmaintained [0].

[0]  https://github.com/gnzlbg/slice_deque/issues/94.

It's used by a couple other packages (how many?  hard to tell, this
being Rust in Guix).

Thanks,

Maxim

bug#53368: [PATCH] Amended wording in description of .guix-authorizations file

[Christopher Rodriguez]

---

Sorry, got my wires crossed there for a moment. Please disregard the above;
It was meant for a different ticket. Here is a small patch for the
documentation, as requested. What do You think?

 doc/guix.texi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 44b0f9f1ea..f14642bf89 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5456,7 +5456,9 @@ for Computer Scientists}} for a great overview.}  The
 @end lisp
 
 Each fingerprint is followed by optional key/value pairs, as in the
-example above.  Currently these key/value pairs are ignored.
+example above.  Currently these key/value pairs are ignored, but this
+may change in the future. The @code{version} field specifies the version
+of the @code{authorizations} file the entry was written for.
 
 This authentication rule creates a chicken-and-egg issue: how do we
 authenticate the first commit?  Related to that: how do we deal with
-- 
2.34.0

bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293

[Maxim Cournoyer]

Hi Léo,

Léo Le Bouter  writes:

> Hello!
>
> pillow-simd is a fork of pillow (
> https://github.com/uploadcare/pillow-simd), it's currently still at
> version 7.x and it does not seem like it backports security patches
> from pillow.

Thanks for the heads-up; our package is currently at 9.0.0, and I've
just updated it to 9.0.0.post1.

Closing.

Maxim

bug#47144: security patching of 'patch' package

[Maxim Cournoyer]

Hi,

Ludovic Courtès  writes:

> Hi,
>
> Léo Le Bouter via Bug reports for GNU Guix  skribis:
>
>> * gnu/packages/base.scm (patch/fixed): New variable.
>> (patch)[replacement]: Graft.
>
> It’s (almost) useless to provide a graft of ‘patch’ because patch is
> usually a build-time only dependency.  (Maybe we can tell it’s not
> vulnerable to the issues at hand because in that context it’s always
> given controlled input: the package patches.)
>
> What could be useful is to provide a second version of patch so that
> people running ‘guix install patch’ or similar get the newer version.

The latest release of patch is the one we have, v2.7.6, made 4 years
ago.

Thanks,

Maxim

bug#47019: Rust 1.26.2 from the master branch fails to build on aarch64-linux

[Maxim Cournoyer]

Hello,

Christopher Baines  writes:

> The failure seems to occur in the check phase, see the build logs
> referenced from:
>
> https://data.guix-patches.cbaines.net/gnu/store/c3f7d3ziwjfkwg3j7xz47dj44sb2l5av-rust-1.26.2.drv
>
> This looks like a relevant error:
>
>  [compile-fail] compile-fail/issue-15919.rs stdout 
>   
>
> executing
> "/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/build/aarch64-unknown-linux-gnu/stage2/bin/rustc"
> "/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/src/test/compile-fail/issue-15919.rs"
> "-L"
> "/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/build/aarch64-unknown-linux-gnu/test/compile-fail"
> "--target=aarch64-unknown-linux-gnu" "-Zui-testing" "-C"
> "prefer-dynamic" "-o"
> "/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/build/aarch64-unknown-linux-gnu/test/compile-fail/issue-15919.stage2-aarch64-unknown-linux-gnu"
> "-Crpath" "-O" "-Zmiri" "-Zunstable-options"
> "-Lnative=/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/build/aarch64-unknown-linux-gnu/native/rust-test-helpers"
> "-L"
> "/tmp/guix-build-rust-1.26.2.drv-0/rustc-1.26.2-src/build/aarch64-unknown-linux-gnu/test/compile-fail/issue-15919.stage2-aarch64-unknown-linux-gnu.aux"
> "-A" "unused"
> --stdout--
>
> --stderr--
> error: the type `[usize; 18446744073709551615]` is too big for the current 
> architecture

Our oldest rust is now 1.39.

Closing.

Maxim

bug#47142: squid package vulnerable to CVE-2021-28116

[Maxim Cournoyer]

Hello,

Mark H Weaver  writes:

> I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.
>
>   Mark
>
>  Start of forwarded message 
> Subject: squid package vulnerable to CVE-2021-28116
> From: Léo Le Bouter 
> To: guix-de...@gnu.org
> Date: Wed, 10 Mar 2021 01:22:51 +0100
>
> CVE-2021-2811609.03.21 23:15
> Squid through 4.14 and 5.x through 5.0.5, in some configurations,

We're now using squid 4.17.

Closing.

Thanks,

Maxim

bug#47009: Python 3.8.2 build failure during 'guix pull'

[Maxim Cournoyer]

Hello,

Closing, because we're now on Python 3.9.9.

Thanks,

Maxim

bug#47116: emacsy-minimal build failure

[Maxim Cournoyer]

Hello,

Maxim Cournoyer  writes:

> Hello,
>
> Maxime Devos  writes:
>
>> On Fri, 2021-03-12 at 15:16 -0900, Christopher Howard wrote:
>>> When trying to build nomad, emacsy-minimal build dies with this
>>> failure:
>>> 
>>> [...]
>> This should be fixed by this patch (not yet applied):
>> .
>>
>> Apparently, this issue has been reporter earlier:
>> .
>
> The two above issues/patches have been closed/merged.
>
> Sadly, emacsy still fails to build:
>
> PASS: test/advice.scm
> PASS: test/text.scm
> FAIL: test/klecl.scm
> FAIL: test/kbd-macro.scm
> FAIL: test/minibuffer.scm
> PASS: test/help.scm
> FAIL: test/core.scm
> PASS: test/window.scm
> XFAIL: test/windows.scm
> 
> Testsuite summary for Emacsy 0.4.1
> 
> # TOTAL: 19
> # PASS:  14
> # SKIP:  0
> # XFAIL: 1
> # FAIL:  4
> # XPASS: 0
> # ERROR: 0
> 

The test suite now seems to pass reliably with our current
emacsy-minimal-0.4.1-37-g5f91ee6 package.

Closing.

Thanks,

Maxim

bug#46879: Non-deterministic failures while building Guix with Guile 3.0.5

[Maxim Cournoyer]

Hi Ludovic,

Ludovic Courtès  writes:

> Ludovic Courtès  skribis:
>
>> In gnu/services/mcron.scm:
>>132:13  0 (mcron-shepherd-services _)
>>
>> gnu/services/mcron.scm:132:13: In procedure mcron-shepherd-services:
>> In procedure allocate-struct: Wrong type argument in position 1
>> (expecting struct): #
>> builder for 
>> `/gnu/store/kp01hrirz40h7p7aim4dspajjv3yyvda-guix-system-tests.drv' failed 
>> with exit code 1
>
> Turns out this is not the first time such things are reported:
>
>   https://issues.guix.gnu.org/28858
>   https://issues.guix.gnu.org/44402

Just to confirm, is this fixed in the new Guile we are using?

If so, please feel free to close this issue.

Thank you,

Maxim

bug#46389: Guix says it will download an output that is already downloaded

[Maxim Cournoyer]

Hello,

pkill9  writes:

>> ‘guix build qtbase’ said it would download both the “out” and the
>> “debug” output of qtbase, is that correct?
>
> Yep
>
>> It would be ideal if you could send precisely what’s on your terminal.
>> 
>> Thanks,
>> Ludo’.
>
> In this example, I've checked the store path
> "/gnu/store/vpvnd6593mjncvyir2rbgp3k83cr7w0a-qtbase-5.15.2" exists, and
> I've run `guix gc --delete
> /gnu/store/f2s8ql1x9d9890qrrf9qq4nix3f5aii3-qtbase-5.15.2-debug`:
>
> ```
> itsme@antelope ~> guix build -n qtbase
> 209.5 MB would be downloaded:
>/gnu/store/f2s8ql1x9d9890qrrf9qq4nix3f5aii3-qtbase-5.15.2-debug
>/gnu/store/vpvnd6593mjncvyir2rbgp3k83cr7w0a-qtbase-5.15.2
> ```
>  I can't test it with `guix build qtbase` because my internet keeps
>  cutting off while downloading qtbase-5.15.2-debug, but iirc
> after it downloads the debug output, it just returns both store paths.

I think it's a minor UI issue:

--8<---cut here---start->8---
$ guix build ada-ed
substitute: updating substitutes from 'http://127.0.0.1:8181'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
0.8 MB will be downloaded:
  /gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
  /gnu/store/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2
substituting /gnu/store/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2...
downloading from 
https://ci.guix.gnu.org/nar/lzip/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2 
...
 ada-ed-1.11.2  337KiB  585KiB/s 00:01 
[##] 100.0%

substituting /gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug...
downloading from 
https://ci.guix.gnu.org/nar/lzip/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
 ...
 ada-ed-1.11.2-debug  486KiB1.1MiB/s 00:00 
[##] 100.0%

/gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
/gnu/store/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2
maxim@hurd ~/src/guix-master [env]$ guix gc -D 
/gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
finding garbage collector roots...
[...]
deleting `/gnu/store/trash'
deleting unused links...

note: currently hard linking saves 70907.58 MiB

$ guix build ada-ed
substitute: updating substitutes from 'http://127.0.0.1:8181'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
0.8 MB will be downloaded:
  /gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
  /gnu/store/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2
substituting /gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug...
downloading from 
https://ci.guix.gnu.org/nar/lzip/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
 ...
 ada-ed-1.11.2-debug  486KiB832KiB/s 00:01 
[##] 100.0%

/gnu/store/kq9px99x5wnnx44px5z426gqw07afih7-ada-ed-1.11.2-debug
/gnu/store/s4rz0x57m1ashz99jnfg7a5622ff06v1-ada-ed-1.11.2
--8<---cut here---end--->8---

We can see that it listed *both* output about to be downloaded, then
proceeded to download only the one missing (the debug output).

Thanks,

Maxim

bug#47185: grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418

[Maxim Cournoyer]

Hello,

I'm closing this, since we're now using GRUB 2.06, released in June of
last year.

Thank you,

Maxim