bug#54453: crash running 'guix pull'

Hi, On Mon, 21 Mar 2022 at 16:23, Peter Bhat Harkins wrote: > The VPS was created almost two years ago, and 'guix pull' was run many > times, though not in the last few months. Did you garbage collect “guix gc”? For instance with the option ’-F 5G’ or this option ’-d 9m’. Because if you pull

bug#54495: unexpected download after gc

On Fri, 18 Mar 2022 14:50:01 +0100 zimoun wrote: > Hi, > > Considering this with revision a03936a: > > guix gc > guix install python-ipython -p tools > guix gc > guix install python-ipython -p tools > > I am surprised that: > > 1. the second GC collects things > 2. the secon

bug#54525: [PATCH 5/5] gnu: thunar: Add search path for "THUNARX_DIRS".

From: Feng Shu * gnu/packages/xfce.scm (thunar)[native-search-paths]: new field. [source]: Add thunar-search-paths.patch. --- .../patches/thunar-search-paths.patch | 211 ++ gnu/packages/xfce.scm | 12 +- 2 files changed, 222 insertions(+), 1 dele

bug#54525: [PATCH 4/5] gnu: Add thunar-vcs-plugin.

From: Feng Shu * gnu/packages/xfce.scm (thunar-vcs-plugin): New variable. --- gnu/packages/xfce.scm | 37 + 1 file changed, 37 insertions(+) diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index 083e890cc7..d3a414ec15 100644 --- a/gnu/packages/xfce

bug#54525: [PATCH 2/5] gnu: Add thunar-shares-plugin.

From: Feng Shu * gnu/packages/xfce.scm (thunar-shares-plugin): New variable. --- gnu/packages/xfce.scm | 22 ++ 1 file changed, 22 insertions(+) diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index 9de3db3cc4..ba4e51a2f3 100644 --- a/gnu/packages/xfce.scm +++ b/g

bug#54525: [patchs] Let thunar support plugin search patchs and add some thunar plugins.

--

bug#54525: [PATCH 1/5] gnu: Add thunar-archive-plugin.

From: Feng Shu * gnu/packages/xfce.scm (thunar-archive-plugin): New variable. --- gnu/packages/xfce.scm | 21 + 1 file changed, 21 insertions(+) diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index b58a517257..9de3db3cc4 100644 --- a/gnu/packages/xfce.scm +++ b/g

bug#54525: [PATCH 3/5] gnu: Add thunar-media-tags-plugin.

From: Feng Shu * gnu/packages/xfce.scm (thunar-media-tags-plugin): New variable. --- gnu/packages/xfce.scm | 23 +++ 1 file changed, 23 insertions(+) diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index ba4e51a2f3..083e890cc7 100644 --- a/gnu/packages/xfce.scm ++

bug#54528: STORE-DIRECTORY-PREFIX is global, per generation, to all bootloader menu entries

Hello Guix, Recently I noticed after reconfiguring with the following operating system definition: --8<---cut here---start->8--- (use-modules (gnu bootloader) (gnu bootloader grub) (gnu packages linux) (gnu system file-sys

bug#53368: Missing needed alsa-plugins

Sending an amended patch; After installing on another machine than my daily driver, I found that `alsa-plugins` and `alsa-plugins:pulseaudio` were needed for orca-lang to have reliable MIDI output. Going to add them as propagated inputs; If there's a better way to do so, please let me know.

bug#47420: binutils is vulnerable to CVE-2021-20197 (and various others)

Hi, Maxime Devos writes: > On Fri, 2021-03-26 at 21:41 +0100, Léo Le Bouter via Bug reports for GNU Guix > wrote: >> CVE-2021-20197 18:15 >> There is an open race window when writing output in the following >> utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, >> ranli

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270

Léo Le Bouter writes: > CVE-2021-2027023.03.21 18:15 > An infinite loop in SMLLexer in Pygments > versions 1.5 to 2.7.3 may lead to denial of service when performing > syntax highlighting of a Standard ML (SML) source file, as demonstrated > by input that only contains the "exception" key

bug#47319: python-lxml is vulnerable to CVE-2021-28957

Hi, Léo Le Bouter writes: > CVE-2021-2895721.03.21 06:15 > lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in > html/defs.py) for later use in input sanitization, but does not do the > same for the HTML5 formaction attribute. > > Upstream fixed it in 4.6.3 ( > https://g

bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"

Hello, Leo Famulari writes: > On Fri, Dec 03, 2021 at 07:28:18PM -0500, Mark H Weaver wrote: >> Hi, >> >> For the record, I've pushed commits >> 080a5de2eeb5e0da83ae9fd94488508d5227c4e3 and >> d49e7a592f2f12cd1f9e07edfeebe0a2771f491e to the 'master' branch, which I >> believe should fix this is

bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938

Hello, Léo Le Bouter writes: > CVE-2021-2993807:15 > An issue was discovered in the slice-deque crate through 2021-02-19 for > Rust. A double drop can occur in SliceDeque::drain_filter upon a panic > in a predicate function. > > Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91

bug#53368: [PATCH] Amended wording in description of .guix-authorizations file

--- Sorry, got my wires crossed there for a moment. Please disregard the above; It was meant for a different ticket. Here is a small patch for the documentation, as requested. What do You think? doc/guix.texi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/

bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293

Hi Léo, Léo Le Bouter writes: > Hello! > > pillow-simd is a fork of pillow ( > https://github.com/uploadcare/pillow-simd), it's currently still at > version 7.x and it does not seem like it backports security patches > from pillow. Thanks for the heads-up; our package is currently at 9.0.0, and

bug#47144: security patching of 'patch' package

Hi, Ludovic Courtès writes: > Hi, > > Léo Le Bouter via Bug reports for GNU Guix skribis: > >> * gnu/packages/base.scm (patch/fixed): New variable. >> (patch)[replacement]: Graft. > > It’s (almost) useless to provide a graft of ‘patch’ because patch is > usually a build-time only dependency. (

bug#47019: Rust 1.26.2 from the master branch fails to build on aarch64-linux

Hello, Christopher Baines writes: > The failure seems to occur in the check phase, see the build logs > referenced from: > > https://data.guix-patches.cbaines.net/gnu/store/c3f7d3ziwjfkwg3j7xz47dj44sb2l5av-rust-1.26.2.drv > > This looks like a relevant error: > > [compile-fail] compile-fail

bug#47142: squid package vulnerable to CVE-2021-28116

Hello, Mark H Weaver writes: > I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. > > Mark > > Start of forwarded message > Subject: squid package vulnerable to CVE-2021-28116 > From: Léo Le Bouter > To: guix-de...@gnu.org > Da

bug#47009: Python 3.8.2 build failure during 'guix pull'

Hello, Closing, because we're now on Python 3.9.9. Thanks, Maxim

bug#47116: emacsy-minimal build failure

Hello, Maxim Cournoyer writes: > Hello, > > Maxime Devos writes: > >> On Fri, 2021-03-12 at 15:16 -0900, Christopher Howard wrote: >>> When trying to build nomad, emacsy-minimal build dies with this >>> failure: >>> >>> [...] >> This should be fixed by this patch (not yet applied): >>

bug#46879: Non-deterministic failures while building Guix with Guile 3.0.5

Hi Ludovic, Ludovic Courtès writes: > Ludovic Courtès skribis: > >> In gnu/services/mcron.scm: >>132:13 0 (mcron-shepherd-services _) >> >> gnu/services/mcron.scm:132:13: In procedure mcron-shepherd-services: >> In procedure allocate-struct: Wrong type argument in position 1 >> (expecting

bug#46389: Guix says it will download an output that is already downloaded

Hello, pkill9 writes: >> ‘guix build qtbase’ said it would download both the “out” and the >> “debug” output of qtbase, is that correct? > > Yep > >> It would be ideal if you could send precisely what’s on your terminal. >> >> Thanks, >> Ludo’. > > In this example, I've checked the store path >

bug#47185: grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418

Hello, I'm closing this, since we're now using GRUB 2.06, released in June of last year. Thank you, Maxim