bug#47297: Release 1.2.1 checklist

On Wed, Mar 24, 2021 at 04:11:20AM +0100, zimoun wrote: > > bug#47239: Test failure in tests/publish.scm > > > bug#47173 [PATCH 0/1] Remove Clang 3.6.2. > > And what do you think to address the 4 security bugs 47144-47140 too? I added

bug#47297: Release 1.2.1 checklist

Hi, On Sun, 21 Mar 2021 at 13:38, Leo Famulari wrote: > > Service manager "init scripts" missing from current-guix > > > Remove Qt 4 bug#47239: Test failure in tests/publish.scm

bug#47097: eolie broken => unworking example from manual

Hi, On Thu, 18 Mar 2021 at 21:44, Ludovic Courtès wrote: > Leo Prikler skribis: > >> This fixes errors observed directly at launch of Eolie inside pure >> environments. (See for more information.) >> It is still not possible to launch Eolie inside a container,

bug#47239: Test failure in tests/publish.scm with commit 1955ef93b76e51cab5bed4c90f7eb9df7035355a

I think this is a simple umask issue. Making the test check for just the bits worked for me: diff --git a/tests/publish.scm b/tests/publish.scm index 52101876b5..3e67c435ac 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -452,8 +452,8 @@ References: ~%" (wait-for-file cached) ;; Both

bug#47354: (build-system julia) not reproducible

Hi, Working on Julia packages, see [1], I note that the Julia build system is not reproducible. It is probably linked to this issue: Concretely, let pick the package ’julia-adapt’: --8<---cut here---start->8--- $

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327

One more: CVE-2021-20227 23.03.21 18:15 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270

CVE-2021-20270 23.03.21 18:15 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Upstream version 2.8.1 is not

bug#47342: java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021

Le Tue, 23 Mar 2021 15:33:26 +0100, Léo Le Bouter via Bug reports for GNU Guix a écrit : > Upstream has made a release: 1.4.16 - which fixes all the issues, > following is an unfinished patchset that fixes the issues, java- > mxparser package does not build and help from some more experienced >

bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].

So, mxparser seems to be pretty easy to package, but it depends on xmlpull v1. Unfortunately, it was developped at Extreme! Lab at Indiana University, but their website has recently been "deprecated" and redirects to the internet archive. This is an issue as we have xmlpull v2 and xpp3 whose

bug#47283: Performance regression in narinfo fetching

Ludovic Courtès writes: > Christopher Baines skribis: > >> Ludovic Courtès writes: >> >>> Indeed, there’s one place on the hot path where we install exception >>> handlers: in ‘http-multiple-get’ (from commit >>> 205833b72c5517915a47a50dbe28e7024dc74e57). I don’t think it’s needed, >>> is

bug#47229: Hardlink mitigation limits

Hello, I'm sharing here for future reference why protected hardlinks alone did not mitigate the recent LPE security advisory, pre-patch: "The reasons why are lines 2633 and 2637 of nix/libstore/build.cc: * https://git.savannah.gnu.org/cgit/guix.git/tree/nix/libstore/build.cc#n2633 *

bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].

On Tue, Mar 23, 2021 at 03:38:40PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote: > Fixes CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, > CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, > CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351. > > *

bug#47319: python-lxml is vulnerable to CVE-2021-28957

On Mon, Mar 22, 2021 at 03:09:24PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote: > CVE-2021-2895721.03.21 06:15 > lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in > html/defs.py) for later use in input sanitization, but does not do the > same for the HTML5

bug#47319: python-lxml is vulnerable to CVE-2021-28957

I pushed a9d540cfa87ef3a5de3296188f650fb0d037efbd on core-updates, how to fix it on master considering the amount of dependents remains to be agreed on. signature.asc Description: This is a digitally signed message part

bug#47342: [PATCH 1/2] gnu: Add java-mxparser.

* gnu/packages/xml.scm (java-mxparser): New variable. --- gnu/packages/xml.scm | 28 1 file changed, 28 insertions(+) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 2a72fc6ad2..96287b3174 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@

bug#47342: java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021

Upstream has made a release: 1.4.16 - which fixes all the issues, following is an unfinished patchset that fixes the issues, java- mxparser package does not build and help from some more experienced Java packagers is welcome to fix and push this patchset. signature.asc Description: This is a

bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].

Fixes CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351. * gnu/packages/xml.scm (java-xstream): Update to 1.4.16. [inputs]: Replace java-xpp3 with java-mxparser, the

bug#47315: Inkscape is missing imagemagick

Am Mon, Mar 22, 2021 at 07:16:28AM -0400 schrieb Julien Lepiller: > I think this has already been fixed a few days ago on master. Have you tried > pulling and upgrading inkscape again? Indeed, closing this bug, thanks! The discussion on grafts and version numbers is continued here:

bug#47329: efibootmgr failed to register the boot entry: Input/output error

David Dashyan 写道： Also. While rebooting (I had to boot to ubuntu live cd first) I noted that ubuntu has efibootmgr version 17. And It works there. Maybe we just need to update it? Done on master. Kind regards, T G-R signature.asc Description: PGP signature

bug#47329: efibootmgr failed to register the boot entry: Input/output error

David, David Dashyan 写道： After running `rm /sys/firmware/efi/efivars/dump-*` followed by reboot guix system reconfigure went without errors. Happy to hear that! I *think* that's a safe thing to do, at least on Lenovo devices. Also. While rebooting (I had to boot to ubuntu live cd first) I

bug#47335: xmonad fails to recompile on guix system

Package: guix Version: 1.2.0-17.ec7fb6 I am trying to recompile xmonad with a fairly simple xmonad.hs The package itself builds, installs, and runs correctly, but it throws errors when recompiling my configuration. Configuration is very short but is pasted here: http://paste.debian.net/1190543/

bug#47312: [website] Showing channel news

Hi Luis, Luis Felipe skribis: > On Monday, March 22, 2021 8:07 AM, Ludovic Courtès wrote: > >> Hello! >> >> I figured it would be nice to display channel news (as shown by ‘guix >> pull --news’) on the web site. Perhaps the three latest items could be >> shown on the front page, as is done for

bug#47265: Guix System: improve support for intentional statefullness.

Hi, Vitaliy Shatrov skribis: >> create an FHS environment, right? > > And to put in the manual the best way to get it. Alright, I guess we can tag it as “wishlist” then. :-) Thanks for clarifying, Ludo’.