bug#47578: bug found running guix pull

root@guixrig ~# guix pull --fallback Updating channel 'gooby-channel' from Git repository at 'https://gentooserver.dehnel.info/gitea/nathan/gooby-channel.git'... Updating channel 'nonguix' from Git repository at 'https://gitlab.com/nonguix/nonguix'... Updating channel 'guix' from Git repository at

bug#47576: [security] ibus-daemon launches ungrafted subprocesses

Here's an obvious check that I should have included in my last message: --8<---cut here---start->8--- mhw@jojen ~$ guix gc --referrers /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22 mhw@jojen ~$

bug#47576: [security] ibus-daemon launches ungrafted subprocesses

Several processes on my Guix system load shared libraries from the *ungrafted* glib: specifically, all of the subprocesses of 'ibus-daemon'. The 'ibus-daemon' process itself seems to be properly grafted. However, its subprocesses are from an old, ungrafted build of 'ibus': --8<---cut

bug#33253: nss cannot build

Hi, Björn Höfling writes: > On Sun, 4 Nov 2018 09:52:44 + > Gnu Röoty wrote: > >> HI from 2 days I build the installation of guixSD to >> berlin.guixsd.org and nss-3.36.6 cant build. > > This was also reported on guix-help by Brian Woodcox. > > Here is some analysis I reported to that threa

bug#46756: guix deploy not copying remote-gexp.scm

Hi! pkill9 writes: > I keep getting this error: > > ``` > (system-error "open-file" "~A: ~S" ("No such file or directory" > "/gnu/store/p3ahdfcwa5yd65l5nzsnzshw9s7x3xc7-remote-exp.scm") (2)) > ``` > > when I try to run `guix deploy`. This is on the remote machine. I can > get it to work by using

bug#47557: attempting to package MegaZeux

Am Donnerstag, den 01.04.2021, 17:08 -0700 schrieb vi...@riseup.net: > Hello! > > I am attempting to package this piece of software: > > https://github.com/AliceLR/megazeux > > However I am having issues understanding exactly how to deal with its > non-standard build process. > > I have attache

bug#33848: Store references in SBCL-compiled code are "invisible"

Here's a preliminary draft patch to add support for UTF-32 and UTF-16 references to our grafting code. I haven't yet measured the efficiency impact of these changes, but I suspect it's not too bad. I'd be curious to know whether it fixes the Nyxt graft. Mark >From 0fcfd804570fd1c07ffb1f6c

bug#47573: make check-system fails on master

Hello! $ ./pre-inst-env guix describe Git checkout: repository: /home/lle-bout/src/guix branch: master commit: 8d89d3c9bf7cacd9c79b4aacf348044d4fe7800b $ make check-system Compiling Scheme modules... ice-9/eval.scm:142:16: In procedure compile-top-call: error: channel-source->package: unboun

bug#47567: Error at the end of installer

Sorry for not specifying extra details, I forgot: I used guided partitioning for the whole disk. Selected XFCE as the only DE, the SSH daemon and NSS certs as extra stuff, and the system language as Romanian. Access to the internet was provided through an Ethernet cable. -- Alexandru-Sergiu Marto

bug#47428: Problems building the up-to-date "devel" manual for the website

On Fri, Apr 02, 2021 at 11:33:57AM +0200, Mathieu Othacehe wrote: > > > ). Please consider running po4a-updatepo to refresh it. > > Your input po file ./guix-manual.de.po seems outdated (The amount of > > entries differ between files: 10012 is not 325 > > ). Please consider running po4a-updatepo

bug#47563: [PATCH v2] gnu: curl: Update to 7.76.0 [security fixes].

On Fri, Apr 02, 2021 at 09:33:02PM +0200, Léo Le Bouter via Bug reports for GNU Guix wrote: > Fixes CVE-2021-22876 and CVE-2021-22890. > > * gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New patch. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/curl.scm (curl/fixed): N

bug#47570: libvirt still embeds full path to qemu-system in saved .xml files

Hello, I tried to add my comment to issue 31365, but it has been archived and made read-only. This issue is not fully fixed. I’m using gnome-boxes to create virtual machines, and I noticed something similar to what is experienced in this issue. The hard-coded path is in /gnu/store/xxx-profile/,

bug#47563: [PATCH v2] gnu: curl: Update to 7.76.0 [security fixes].

On Fri, Apr 02, 2021 at 09:34:31PM +0200, Léo Le Bouter via Bug reports for GNU Guix wrote: > To me, that last patch is ready to merge. > > Please push if you feel that's OK too, don't wait for me! Building now to test... signature.asc Description: PGP signature

bug#47569: ‘qt-build-system’ retains too many references via wrappers

I just noticed this: --8<---cut here---start->8--- $ guix size ktouch | tail -1 total: 1752.4 MiB --8<---cut here---end--->8--- Sounds a lot for a touch typing tutor. Turns out ktouch references all its build-time dependenci

bug#47557: attempting to package MegaZeux

Hello! I am attempting to package this piece of software: https://github.com/AliceLR/megazeux However I am having issues understanding exactly how to deal with its non-standard build process. I have attached the work I have already done to this email. Could anyone help me understand where I am

bug#47563: [PATCH v2] gnu: curl: Update to 7.76.0 [security fixes].

To me, that last patch is ready to merge. Please push if you feel that's OK too, don't wait for me! Thanks! signature.asc Description: This is a digitally signed message part

bug#47563: [PATCH v2] gnu: curl: Update to 7.76.0 [security fixes].

Fixes CVE-2021-22876 and CVE-2021-22890. * gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/curl.scm (curl/fixed): New variable. Apply patch. (curl)[replacement]: Graft. --- gnu/local.mk

bug#47563: [PATCH] gnu: curl: Update to 7.76.0 [security fixes].

Fixes CVE-2021-22876 and CVE-2021-22890. * gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/curl.scm (curl/fixed): New variable. Apply patch. (curl)[replacement]: Graft. --- gnu/local.mk

bug#47428: Problems building the up-to-date "devel" manual for the website

Hi Mathieu, Thanks for fixing this! Mathieu Othacehe skribis: > There's another error though: > > ). Please consider running po4a-updatepo to refresh it. > Your input po file ./guix-manual.de.po seems outdated (The amount of entries > differ between files: 10012 is not 325 > ). Please consider

bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.

On Fri, 2021-04-02 at 14:22 -0400, Leo Famulari wrote: > > Can we try grafting an "upgrade" to 7.76.0? In my experience, most > curl > upgrades are graftable. > > Curl's developers are very careful with their ABI and even maintain > their own page on the subject:

bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.

On Fri, Apr 02, 2021 at 04:09:39PM +0200, Léo Le Bouter via Bug reports for GNU Guix wrote: > curl-CVE-2021-22876.patch was rebased onto 7.74.0, but > curl-CVE-2021-22890.patch > does not apply and please I need help rebasing it, it looks quite complex. > > I pushed an upgrade of curl to 7.76.0

bug#47541: libvirt does not work

Hi Ludo, Ludovic Courtès writes: > Hi Pierre, > > Pierre Langlois skribis: > >> I'll see if I can look into it at the weekend, although I'm not sure >> I'll be able to get to it, so in the meantime we should probably just >> revert the updates. Thanks a lot for investigating though, I think we >

bug#47541: libvirt does not work

Hi Pierre, Pierre Langlois skribis: > I'll see if I can look into it at the weekend, although I'm not sure > I'll be able to get to it, so in the meantime we should probably just > revert the updates. Thanks a lot for investigating though, I think we > ought to write a system test that uses virs

bug#33848: Store references in SBCL-compiled code are "invisible"

Hi Mark, Mark H Weaver skribis: > Ludovic Courtès writes: >> What could have been nice is if there’s a way to mark specific strings >> as being ASCII, or if there’s a “byte vector” data type compatible with >> strings, for instance. > > Do we know that all strings containing store references wi

bug#42861: emacspeak won't shut up about TTS sync states

Hello, Kei writes: > How are you able to tell (aside from looking at the command line arguments)? > I'm unable to distinguish the startup processes using Emacs on Debian and Guix > even if I install "etc/emacspeak.sh" as the startup script instead of > "run". On Debian, the voice kicks in afte

bug#47563: [PATCH 1/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.

* gnu/packages/patches/curl-CVE-2021-22876.patch, gnu/packages/patches/curl-CVE-2021-22890.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/curl.scm (curl): Apply patches. --- gnu/local.mk | 2 + gnu/packages/curl.scm

bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.

curl-CVE-2021-22876.patch was rebased onto 7.74.0, but curl-CVE-2021-22890.patch does not apply and please I need help rebasing it, it looks quite complex. I pushed an upgrade of curl to 7.76.0 which has been much much easier to core-updates already as https://git.savannah.gnu.org/cgit/guix.git/co

bug#47563: curl is vulnerable to CVE-2021-22890 and CVE-2021-22876

CVE-2021-22890 01.04.21 20:15 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy

bug#47541: libvirt does not work

Pierre Langlois writes: > Hello! (snip) > I'll see if I can look into it at the weekend, although I'm not sure > I'll be able to get to it, so in the meantime we should probably just > revert the updates. Thanks a lot for investigating though, I think we > ought to write a system test that uses

bug#47562: java-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade)

Le Fri, 02 Apr 2021 12:37:27 +0200, Léo Le Bouter via Bug reports for GNU Guix a écrit : > CVE-2021-2816501.04.21 17:15 > In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and > 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a > large invalid TLS frame. > > CVE

bug#47562: java-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade)

CVE-2021-28165 01.04.21 17:15 In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28164 01.04.21 17:15 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mod

bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475

Another: CVE-2021-20296 01.04.21 16:15 A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from thi

bug#44593: (guix git) doesn’t honor HTTP/HTTPS proxy settings for submodules

Ludovic Courtès skribis: > Ludovic Courtès skribis: > >> (guix git) does not honor proxy settings when fetching submodules. >> >> In fact, Guile-Git 0.4.0 doesn’t allow us to pass fetch options to >> ‘submodule-update’, which is what needs to be fixed first. > > Implemented here: > > > https:

bug#47428: Problems building the up-to-date "devel" manual for the website

> ). Please consider running po4a-updatepo to refresh it. > Your input po file ./guix-manual.de.po seems outdated (The amount of entries > differ between files: 10012 is not 325 > ). Please consider running po4a-updatepo to refresh it. > mmap(PROT_NONE) failed > builder for > `/gnu/store/86gnwx

bug#47428: Problems building the up-to-date "devel" manual for the website

> This causes the build failure. However, we do not have this makeinfo > error on the master guile-lib. That's because the docs are not compiled > for a reason I don't understand. Ok so I finally understand sorry for the spamming. Guile-lib contains a pre-compiled docs/guile-library.info. This m

bug#47428: Problems building the up-to-date "devel" manual for the website

> MAKEINFO guile-library.info > /tmp/guix-build-guile-lib-0.2.7.drv-0/guile-lib-0.2.7/build-aux/missing: line > 81: makeinfo: command not found Looks like the devel manual generation is fixed. The guile-lib@0.2.7 build failure above only happens when generating the stable manual. In that cas

bug#47428: Problems building the up-to-date "devel" manual for the website

Hello Leo, > ERROR: In procedure %resolve-variable: > Unbound variable: %strict-tokenizer? This variable is provided by guile-lib@0.2.7 while this derivation uses guile-lib@0.2.6.1 from guix-1.2.0-17.ec7fb66. I have restarted mcron which now uses guix-1.2.0-18.6e7ba45 and guile-lib@0.2.7. How

bug#47496: Very slow `guix environment -l nyxt/build-scripts/guix.scm

Hi Pierre, Pierre Neidhardt skribis: > Nyxt provides a "guix.scm" to build Nyxt locally: > > https://github.com/atlas-engineer/nyxt/blob/3239b10d816861d329dce10863cb84f9d0bd76ed/build-scripts/guix.scm > > A few weeks ago (not sure exactly when and why), `guix environment -l > guix.scm` started b

bug#47561: MIA 2.4.6 fails to build

MIA 2.4.6 fails to build as of 9098745b181b3022587a35afd255f7ff1d41ac86 presumably due to CMake shenanigans as reported here: https://issues.guix.gnu.org/46724#9 Build failure looks like this: --8<---cut here---start->8--- [ 13%] Building CXX object mia/cor