On Wed, Sep 28, 2016 at 05:25:52PM +, ng0 wrote:
> Leo Famulari writes:
>
> > [ Unknown signature status ]
> > On Wed, Sep 28, 2016 at 05:02:56PM +, ng0 wrote:
> >> Subject: [PATCH] gnu: Add python-mailmanclient.
> >>
> >> * gnu/packages/
On Wed, Sep 21, 2016 at 10:01:30PM +0200, Stefan Reichör wrote:
> Subject: [PATCH] gnu: Add xonsh.
>
> * gnu/packages/python.scm (xonsh): New variable.
I corrected the license to bsd-2 [0], moved the package definition to
(gnu packages shells) and pushed as 1d51585573f491.
Thanks!
[0]
https://g
On Wed, Sep 28, 2016 at 10:44:26AM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > So the attached patch moves attic after borg and supersedes it. Is it
> > expected that we have to shuffle the package definition around like
> > this?
>
> Yes, because ‘proper
On Tue, Sep 27, 2016 at 02:26:53PM -0400, Leo Famulari wrote:
> > Note that you’ll then need to commit the resulting HTML to CVS(!) to
> > that the update pages show up, as per the instructions available on the
> > Savannah project page. If you’re unsure or anything, I can do t
kdesu has a string handling bug, CVE-2016-7787:
http://seclists.org/oss-sec/2016/q3/653
David, since you added all the KDE packages, can you look into this bug
and see what we need to do to protect against it?
This patches fixes an integer overflow in libgd:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
http://seclists.org/oss-sec/2016/q3/639
From b125d20c4e60cfd204a99fd7df174de73df067a2 Mon Sep 17 00:00:00 2001
From: Leo Famulari
Date: Thu, 29 Sep 2016 11:32:34 -0400
Subject: [PATCH
056f08 Mon Sep 17 00:00:00 2001
From: Danny Milosavljevic
Date: Thu, 29 Sep 2016 12:39:42 -0400
Subject: [PATCH 1/2] gnu: xonsh: Remove bundled PLY.
* gnu/packages/shells.scm (xonsh)[source]: Add snippet to remove bundled
python-ply.
[inputs]: Add python-ply.
Signed-off-by: Leo Famulari
---
gnu/pack
On Thu, Sep 29, 2016 at 08:52:34PM +0200, David Craven wrote:
> Ah just checked our linter doesn't flag a CVE, so I think we're ok...
The linter is a good tool for catching things that we miss, but it's not
a substitute for manual investigation :)
First, our package's name might not match the nam
On Thu, Sep 29, 2016 at 09:39:58PM +0200, Danny Milosavljevic wrote:
> Oops, I don't think the xonsh tarball contains the docs. In which case we
> need neither sphinx nor numpydoc.
>
> Strange, does it have online-only docs? Or do we need another tarball?
It turns out the GitHub tarball does inc
On Thu, Sep 29, 2016 at 09:08:08PM +0200, Danny Milosavljevic wrote:
> > I think this should be two commits. What do you think of the patches I
> > attached?
>
> LGTM!
Okay, I pushed the "unbundle ply" patch as cfb7e269e9d.
On Thu, Sep 29, 2016 at 08:35:53PM +0200, David Craven wrote:
> > David, since you added all the KDE packages, can you look into this bug
> > and see what we need to do to protect against it?
>
> They have a vendored kdesu. The source files look pretty different
> now, and I'm having a little trou
On Wed, Sep 21, 2016 at 11:19:45AM +1000, Ben Woodcroft wrote:
> On 21/09/16 05:05, Leo Famulari wrote:
> > On Tue, Sep 20, 2016 at 03:17:42PM +1000, Ben Woodcroft wrote:
> > > On 20/09/16 12:06, Leo Famulari wrote:
> > > > Ruby users,
> > > >
>
On Fri, Sep 30, 2016 at 06:17:42PM +0200, Ludovic Courtès wrote:
> Hi!
>
> Leo Famulari skribis:
>
> > I spent some time looking at the Bash package definition, but I'm stuck
> > on how to handle all the Bash %patch-series machinery. There are
> > currently no
On Fri, Sep 30, 2016 at 05:47:35PM +, ng0 wrote:
> https://vms.drweb.com/virus/?_is=1&i=8598428
>
> As far as I see it, Guix as GuixSD and systems with just Guix but with
> software/files which is coming from Guix assumed by this trojan to exist in
> 'normal' locations should not be able to ge
On Fri, Sep 30, 2016 at 02:08:36PM +0200, Ludovic Courtès wrote:
> Hey Leo,
>
> Leo Famulari skribis:
>
> > On Tue, Sep 27, 2016 at 02:26:53PM -0400, Leo Famulari wrote:
> >> > Note that you’ll then need to commit the resulting HTML to CVS(!) to
> >> >
On Fri, Sep 30, 2016 at 06:19:17PM +, ng0 wrote:
> > On Fri, Sep 30, 2016 at 05:47:35PM +, ng0 wrote:
> >> https://vms.drweb.com/virus/?_is=1&i=8598428
> >>
> >> As far as I see it, Guix as GuixSD and systems with just Guix but with
> >> software/files which is coming from Guix assumed by
On Sat, Oct 01, 2016 at 02:20:35PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > This patches fixes an integer overflow in libgd:
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
> > http://seclists.org/os
On Sat, Oct 01, 2016 at 09:45:21AM +0200, Ricardo Wurmus wrote:
> I’m preparing a patch to remove propagation from all Haskell packages.
> Now the question is only whether to do this all in one patch or in one
> patch per package… :)
I'd say whichever method is easiest :) And then we can test it w
On Sat, Oct 01, 2016 at 02:19:05PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > An aside, the CVE linter gives false positives for grafted packages. For
> > example, try `guix lint -c cve openssl@1.0`.
>
> That’s been annoying me for some time so I’d like to se
On Sat, Oct 01, 2016 at 03:22:36PM +0200, Ludovic Courtès wrote:
> I pushed simplified versions of these two patches as
> 56ee1d2015e9b2c55d34f19c70b06eefe8a20c76 and
> 156c0810e936413ac554e2883343b3b40695cfdc.
>
> I think this was the last non-bug-fix change for this core-updates
> cycle. :-)
C
This is a depend of Krita.
From 808b47b3b7a9d769f3a6a873d19a0051f64720f7 Mon Sep 17 00:00:00 2001
From: Leo Famulari
Date: Fri, 30 Sep 2016 13:38:20 -0400
Subject: [PATCH] gnu: Add Vc.
* gnu/packages/maths.scm (vc): New variable.
---
gnu/packages/maths.scm | 34
On Sat, Oct 01, 2016 at 06:24:12PM -0400, Leo Famulari wrote:
> This is a depend of Krita.
... dependency
> From 808b47b3b7a9d769f3a6a873d19a0051f64720f7 Mon Sep 17 00:00:00 2001
> From: Leo Famulari
> Date: Fri, 30 Sep 2016 13:38:20 -0400
> Subject: [PATCH] gnu: Add Vc.
>
On Fri, Sep 16, 2016 at 10:50:09AM +, ng0 wrote:
> Subject: [PATCH 1/4] gnu: Add libkqueue.
>
> * gnu/local.mk: Include gnu/packages/libdispatch.scm .
> * gnu/packages/libdispatch.scm: Add new file.
> * gnu/packages/libdispatch.scm (libkqueue): New variable.
LGTM
> Subject: [PATCH 2/4] gnu:
On Thu, Sep 29, 2016 at 10:38:07AM +, ng0 wrote:
> * gnu/packages/psyc.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> +(source
> + (origin
> + (method url-fetch)
> + (uri (string-append "http://perl.psyc.eu/";
> + "perlpsyc-" versi
On Thu, Sep 29, 2016 at 08:58:29AM +, ng0 wrote:
> Leo Famulari writes:
> > On Wed, Sep 21, 2016 at 06:46:31PM +, ng0 wrote:
> >> Subject: [PATCH 1/2] gnu: Add psyclpc.
> >>
> >> * gnu/packages/psyc.scm (psyclpc): New variable.
> >
On Thu, Sep 29, 2016 at 01:02:04PM +0200, Danny Milosavljevic wrote:
>
> * gnu/packages/admin.scm (sunxi-tools): New variable.
What's the story with the 'bin/' [0] directory? I'm not familiar with
these file types.
The tarball includes:
bin/fel-pio.bin
bin/fel-pio.nm
bin/fel-sdboot.sunxi
bin/jt
On Thu, Sep 29, 2016 at 08:35:04AM +, ng0 wrote:
> Hi,
>
> thanks for reviewing this.
>
> Should I wait until the updates to the python buildsystem harmut sent
> are merged? Including this now would require one more set of python2
> packages to be changed.
> I want this off my todo list and t
On Wed, Sep 28, 2016 at 03:58:13PM +0200, Hartmut Goebel wrote:
> this is a patch-series fixing bug 20765.
>
> Bug 20765 is about problems caused by python packages being installed as
> "zipped eggs" (basically these are zip-files).
Thanks for taking this on!
I will read it more thoroughly tomor
On Sat, Oct 01, 2016 at 10:27:54PM -0400, Leo Famulari wrote:
> On Wed, Sep 28, 2016 at 03:58:13PM +0200, Hartmut Goebel wrote:
> > this is a patch-series fixing bug 20765.
> >
> > Bug 20765 is about problems caused by python packages being installed as
> > "zippe
On Sun, Oct 02, 2016 at 07:31:01PM +0200, Hartmut Goebel wrote:
> Am 02.10.2016 um 16:24 schrieb Ludovic Courtès:
> >
> >> Subject: [PATCH 2/2] guix: python-build-system: Import setuptools before
> >> calling `setup.py'.
> >>
> >> This is needed for packages using "distutils" instead of "setuptool
* gnu/packages/web.scm (json-c): Update to 0.12.1.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 923b39e..b59496b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -254,7 +254,7 @@ da
On my machines, e2fsprogs fails to build with:
"make[2]: *** No rule to make target '../lib/libss.so', needed by
'debugfs'. Stop."
It works when I disable parallel builds.
Leo Famulari (1):
gnu: e2fsprogs: Disable parallel build.
gnu/packages/linux.scm | 3 ++-
* gnu/packages/linux.scm (e2fsprogs)[arguments]: Add #:parallel-build? #f.
---
gnu/packages/linux.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 693558f..27233a9 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/
On Sun, Oct 02, 2016 at 10:56:57AM +0200, Hartmut Goebel wrote:
> Hi,
>
> I discovered that Python setuptools includes pre-compiled .exe files.
> First I thought, these can be savely removed from the source. But when I
> researched on this, I found [1] saying: " These installers can even be
> crea
On Sun, Oct 02, 2016 at 03:38:58PM +0200, Ludovic Courtès wrote:
> Hi!
>
> Leo Famulari skribis:
>
> > On Sat, Oct 01, 2016 at 03:22:36PM +0200, Ludovic Courtès wrote:
> >> I pushed simplified versions of these two patches as
> >> 56ee1d20
On Sun, Oct 02, 2016 at 02:50:34PM -0400, Leo Famulari wrote:
> On Sun, Oct 02, 2016 at 03:38:58PM +0200, Ludovic Courtès wrote:
> > We could wait an additional day for libarchive if it’s more convenient,
> > but maybe not longer than that.
> >
> > What do you think w
/v1.6.7-ReleaseNotes
Leo Famulari (1):
gnu: cryptsetup: Update to 1.7.2.
gnu/packages/cryptsetup.scm | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
--
2.10.0
* gnu/packages/cryptsetup.scm (cryptsetup): Update to 1.7.2.
[source]: Use kernel mirror.
[home-page]: Update URL.
---
gnu/packages/cryptsetup.scm | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm
index 725a39
On Mon, Oct 03, 2016 at 06:10:10PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > I understand if this approach of cherry-picking a handful of commits is
> > not acceptable. It's hard to judge the full impact of taking only these
> > changes, some of which a
* gnu/packages/linux.scm (lvm2)[arguments]: Use 'modify-phases'.
---
gnu/packages/linux.scm | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 693558f..28a2e81 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/
* gnu/packages/linux.scm (lvm2): Update to 2.02.166.
---
gnu/packages/linux.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 28a2e81..d977be1 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1631,1
This updates LVM2 to the latest upstream release, and also makes sure
the compiled objects can be stripped.
GRUB depends on LVM2, so I reconfigured and rebooted on x86_64 bare
metal.
Leo Famulari (3):
gnu: lvm2: Use 'modify-phases'.
gnu: lvm2: Update to 2.02.166.
gnu: lvm2:
* gnu/packages/linux.scm (lvm2)[arguments]: Add 'make-objects-writeable' phase.
---
gnu/packages/linux.scm | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d977be1..91c7a8a 100644
--- a/gnu/packages/linux.scm
+++
On Mon, Oct 03, 2016 at 11:36:48PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > On Sat, Oct 01, 2016 at 02:19:05PM +0200, Ludovic Courtès wrote:
> >> Leo Famulari skribis:
> >> > An aside, the CVE linter gives false positives for grafted packag
On Sun, Oct 02, 2016 at 10:35:43AM +, ng0 wrote:
> Leo Famulari writes:
>
> > On Thu, Sep 29, 2016 at 10:38:07AM +, ng0 wrote:
> >> * gnu/packages/psyc.scm: New file.
> >> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> >
> >> +(source
>
On Wed, Oct 05, 2016 at 12:01:57AM +0200, Ricardo Wurmus wrote:
>
> ng0 writes:
>
> > ng0 writes:
> >
> >> So the build machine was still on guix-0.10something. I had to use
> >> --fallback and while at-spi2-core is gone too, this machine fails
> >> differently:
> >
> > and --without-grafs it s
* gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxi)[replacement]: New field.
(libxi/fixed): New variable.
---
gnu/local.mk | 1 +
.../libxi-CVE-2016-7945-CVE-2016
* gnu/packages/patches/libxfixes-CVE-2016-7944.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxfixes)[replacement]: New field.
(libxfixes/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/patches/libxfixes-CVE-
* gnu/packages/patches/libx11-CVE-2016-7942.patch,
gnu/packages/patches/libx11-CVE-2016-7943.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xorg.scm (libx11)[replacement]: New field.
(libx11/fixed): New variable.
---
gnu/local.mk|
There is an Xorg security advisory:
https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
This patch series applies the patches recommended by upstream using
grafts.
Leo Famulari (8):
gnu: libx11: Fix CVE-2016-{7942,7943}.
gnu: libxfixes: Fix CVE-2016-7944.
gnu: libxi: Fix
* gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxrandr)[replacement]: New field.
(libxrandr/fixed): New variable.
---
gnu/local.mk | 1 +
.../libxrandr-CVE-20
* gnu/packages/patches/libxvmc-CVE-2016-7953.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxvmc)[replacement]: New field.
(libxvmc/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/patches/libxvmc-CVE-2016-7953.
* gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxtst)[replacement]: New field.
(libxtst/fixed): New variable.
---
gnu/local.mk | 1 +
.../libxtst-CVE-2016-7951-
* gnu/packages/patches/libxv-CVE-2016-5407.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxv)[replacement]: New field.
(libxv/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/patches/libxv-CVE-2016-5407.patch | 1
* gnu/packages/patches/libxrender-CVE-2016-7949.patch,
gnu/packages/patches/libxrender-CVE-2016-7950.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xorg.scm (libxrender)[replacement]: New field.
(libxrender/fixed): New variable.
---
gnu/local.mk
On Wed, Oct 05, 2016 at 01:55:53PM -0400, Leo Famulari wrote:
> There is an Xorg security advisory:
> https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
>
> This patch series applies the patches recommended by upstream using
> grafts.
BTW, I'm looking for
On Wed, Oct 05, 2016 at 12:26:27PM +, ng0 wrote:
> * gnu/packages/lisp.scm (lispf4): Delete variable.
> The package in its current state is unusable and documentation
> with unclear licenses is included.
Pushed with some additional comments.
On Wed, Oct 05, 2016 at 02:27:20PM +0200, Ricardo Wurmus wrote:
> * gnu/packages/bioinformatics.scm (r-bsgenome-celegans-ucsc-ce10): New
> variable.
Looks reasonable to this layperson.
On Mon, Oct 03, 2016 at 10:45:15AM +0200, Ricardo Wurmus wrote:
> The rest looks good to me! Thanks!
Thanks for the review. Pushed with your suggestions :)
On Wed, Oct 05, 2016 at 09:55:23AM +, ng0 wrote:
> Can someone apply this trivial patch? Thanks in advance.
Done!
> ng0 writes:
>
> > [ Unknown signature status ]
> > This is in a patchset which is waiting for review, but as new patches
> > get added, this should be applied.
> > I am retiri
On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > There is an Xorg security advisory:
> > https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
> >
> > This patch series applies the patches recommende
On Wed, Oct 05, 2016 at 11:19:18PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > On my machines, e2fsprogs fails to build with:
> >
> > "make[2]: *** No rule to make target '../lib/libss.so', needed by
> > 'debugfs'. Stop.&
On Wed, Oct 05, 2016 at 05:38:12PM -0400, Leo Famulari wrote:
> On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote:
> > (On core-updates it’s probably best to upgrade these libraries instead
> > of patching them, as you wrote on IRC.)
>
> I'll send those in a couple hours.
Done!
On Mon, Sep 26, 2016 at 01:01:38PM -0400, Leo Famulari wrote:
> Subject: [PATCH] gnu: openssl: Update replacement to 1.0.2j [fixes
> CVE-2016-7052].
>
> * gnu/packages/tls.scm (openssl): Update replacement to 1.0.2j.
> (openssl-1.0.2i): Replace with...
> (openssl-1.0.2j): ... n
* gnu/packages/patches/libupnp-CVE-2016-6255.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libupnp.scm (libupnp): Use it.
---
gnu/local.mk | 1 +
gnu/packages/libupnp.scm | 2 +
gnu/packages/patches/libupnp-C
/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
Leo Famulari (1):
gnu: libupnp: Fix CVE-2016-6255.
gnu/local.mk | 1 +
gnu/packages/libupnp.scm | 2 +
gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86
On Thu, Oct 06, 2016 at 09:36:37PM +0200, Ludovic Courtès wrote:
> John Darrington skribis:
>
> > * gnu/packages/base.scm (tzdata)[arguments]: Replace alist- procedures
> > with modify-phases
>
> OK for core-updates!
I took the opportunity to update tzdata to the latest release, 2016g.
On Thu, Oct 06, 2016 at 09:53:47PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > On Mon, Sep 26, 2016 at 01:01:38PM -0400, Leo Famulari wrote:
> >> Subject: [PATCH] gnu: openssl: Update replacement to 1.0.2j [fixes
> >> CVE-2016-7052].
> >>
On Wed, Oct 05, 2016 at 08:07:35PM +, Tobias Geerinckx-Rice wrote:
> nckx pushed a commit to branch master
> in repository guix.
>
> commit 151df6ab3dd15c1c8fba3347022ebcb7bc05a5d5
> Author: Tobias Geerinckx-Rice
> Date: Wed Oct 5 22:06:46 2016 +0200
>
> gnu: btrfs-progs: Update to 4.8
On Thu, Oct 06, 2016 at 10:02:18PM +, ng0 wrote:
> Hi,
>
> you are probably busy so I'd like to ask if this requires further
> changes or if it is good to go. Someone else can review it too.
Can you submit a revised patch using 'non-copyleft' for the license? Or
are there more packages on the
On Thu, Oct 06, 2016 at 08:48:31PM -0400, Kei Kebreau wrote:
> HTTPS connections using lynx work on my machine with this patch. Would
> someone else like to see about this?
Thanks for working on this!
It still fails for me, but in a different way than before [0]:
-
$ lynx https://famulari.na
On Fri, Oct 07, 2016 at 10:42:38AM -0400, Kei Kebreau wrote:
> I get the same problem here. Lynx does mention that GnuTLS support is
> experimental. Your and Tobias' page work using OpenSSL instead. Try the
> new patch attached.
> From ee3a889e6902686de4d7c949afcb8cd4a810bd0f Mon Sep 17 00:00:00 2
On Sat, Oct 08, 2016 at 10:00:44AM +0200, Ricardo Wurmus wrote:
> * gnu/packages/guile.scm (guile-next)[properties]: Set timeout to
> 20 hours.
Seems fine if that's how long it takes. Wow!
On Sat, Oct 08, 2016 at 11:18:55AM +0200, Ricardo Wurmus wrote:
>
> Roel Janssen writes:
> > Also, I know that Calibre is broken (it compiles file, but it doesn't
> > start anymore) since we are missing the QtWebKit module.
>
> Yet another package for which we would need to decide: remove the
>
On Sat, Oct 08, 2016 at 07:27:08PM +0200, Danny Milosavljevic wrote:
> > Also if guix build does fail executing some test - can I continue there
> > somehow?
>
> Uhhh... I mean: if a test fails, can I make guix open a shell there (with all
> the right environment etc) so I can examine what's up,
On Sun, Oct 09, 2016 at 01:55:10PM -0400, Kei Kebreau wrote:
> Leo Famulari writes:
>
> > On Fri, Oct 07, 2016 at 10:42:38AM -0400, Kei Kebreau wrote:
> >> I get the same problem here. Lynx does mention that GnuTLS support is
> >> experimental. Your and Tobias&#x
On Sun, Oct 09, 2016 at 06:44:11PM +, ng0 wrote:
> From: ng0
>
> * gnu/packages/irc.scm (epic5): New variable.
Thanks for the updated patch.
Sorry I didn't notice this before...
> +(inputs
> + `(("openssl" ,openssl)
> + ("ncurses" ,ncurses)
> + ("libarchive" ,libarchive
On Thu, Oct 06, 2016 at 09:28:34PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > +From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
> > +From: Matthew Garrett
> > +Date: Tue, 23 Feb 2016 13:53:20 -0800
> > +Subject: [PATCH] Don't a
On Sat, Oct 08, 2016 at 10:55:45AM +0200, Danny Milosavljevic wrote:
> One of the reasons I'm using distributions rather than just
> ./configure ; make ; make install is that distributors stay on top of
> security problems and disable and/or patch packages as problems arise.
> I think many others a
On Sun, Oct 09, 2016 at 04:16:44PM -0400, Kei Kebreau wrote:
> Alright. Does this commit message look good to you?
> From c08ba395fe1c1df29d8509350ee287c0832a1970 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau
> Date: Sun, 9 Oct 2016 16:10:09 -0400
> Subject: [PATCH] gnu: lynx: Update to 2.8.9dev.9
On Thu, Oct 06, 2016 at 12:04:25PM +0100, Marius Bakke wrote:
> None of the patches applied, so I assume they are upstream.
To check if the patches are in the 2.6 release, I cloned the Git repo
and used `git describe --contains`. The patches helpfully include the
Git commit hash, so that commit ca
On Thu, Oct 06, 2016 at 08:36:20PM -0700, Al McElrath wrote:
> Attached is a patch to update sane-backends to 1.0.25. I checked and the
> tests are still failing.
>
> From deaf7c884363361b043e5b1008e30bfc84f7216c Mon Sep 17 00:00:00 2001
> From: Al McElrath
> Date: Thu, 6 Oct 2016 12:01:31 -0700
On Sun, Oct 09, 2016 at 10:33:18PM +0100, Christopher Baines wrote:
> * gnu/packages/mail.scm (notifymuch): New variable.
Thanks for this patch!
> +(version "0.1")
> +(source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.co
On Sun, Oct 09, 2016 at 05:07:34PM -0400, Kei Kebreau wrote:
> Subscribed to the oss-sec list!
Thank you Kei!
signature.asc
Description: PGP signature
* gnu/packages/glib.scm (dbus): Update to 1.10.12.
---
gnu/packages/glib.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 7e247d3..e7419fd 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -64,7 +64,7 @@
f the
vulnerability allows arbitrary code execution, it would mean that root
could execute arbitrary code via the system bus... not a huge problem.
But still undesirable.
What do you think? Should we update this on core-updates? Should we
graft it on master?
Leo Famulari (1):
gnu: dbus: Upda
On Wed, Oct 12, 2016 at 06:57:28AM -0500, Christopher Allan Webber wrote:
> I'd be for using actual upstream, or at least supplying both, so that
> they're mirrors. One concern is, what about the tooling for telling us
> when updates to packages are available?
I've noticed that the PyPi tarballs
On Wed, Oct 12, 2016 at 01:42:26AM -0400, Mark H Weaver wrote:
> Hello Guix,
>
> I'm pleased to announce the availability of GNU IceCat 45.3.0-gnu1-beta
> with selected fixes cherry-picked from upstream, including all security
> fixes introduced in Firefox ESR 45.4.0, specifically:
>
> CVE-2016
On Mon, Oct 10, 2016 at 03:24:24PM +0200, Hartmut Goebel wrote:
> Hi Leo,
> > Let us know when the two of you think the code is ready to be tested on
> > Hydra, and I will set it up.
>
> I now have a patch-set ready for testing. The patches will still need
> some clean-up, but the result should be
On Fri, Oct 07, 2016 at 05:13:50PM +0200, Danny Milosavljevic wrote:
> Danny Milosavljevic (5):
> gnu: Add python-snowballstemmer.
> gnu: Add python-sphinx-cloud-sptheme.
> gnu: Add python-sphinx-alabaster-theme.
> gnu: Add python-imagesize.
> gnu: Update Sphinx to 1.4.6.
Thanks for work
On Wed, Oct 12, 2016 at 04:37:06PM +0200, Andreas Enge wrote:
> On Wed, Oct 12, 2016 at 10:29:54AM -0400, Leo Famulari wrote:
> > I'll set up a Hydra jobset for the branch once it has been created.
>
> Maybe it would be good to wait until core-updates is merged? Hydra is
>
On Mon, Oct 10, 2016 at 03:09:59PM +0200, Hartmut Goebel wrote:
> * gnu/packages/python.scm (python2-pytest-runner): Was defined twice, remove
> duplicate definition.
LGTM, good catch!
> ---
> gnu/packages/python.scm | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/gnu/packages/pyth
On Mon, Oct 10, 2016 at 03:10:00PM +0200, Hartmut Goebel wrote:
> * gnu/packages/python.scm (python-pytest-xdist): Add source snippet.
* gnu/packages/python.scm (python-pytest-xdist,
python2-pytest-xdist)[source]: Add snippet.
> ---
> gnu/packages/python.scm | 10 +-
> 1 file changed, 9
On Mon, Oct 10, 2016 at 03:10:01PM +0200, Hartmut Goebel wrote:
> * gnu/package/python.scm (python-zope-testing): Add snippet to strip
> byte-code and garbage from source.
Again, mention both python-zope-testing and python2-zope-testing, and
indicate that the changes are in [source].
Also, I th
On Mon, Oct 10, 2016 at 03:10:03PM +0200, Hartmut Goebel wrote:
> ---
> guix/build/python-build-system.scm | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/guix/build/python-build-system.scm
> b/guix/build/python-build-system.scm
> index 9109fb4..e906e60 100644
> --- a/
On Mon, Oct 10, 2016 at 03:10:02PM +0200, Hartmut Goebel wrote:
> * gnu/packages/python.scm (python-keyring, python-pylockfile): Update
> home-page url. (python-pathlib): Update description.
This should really be separate commits :)
> ---
> gnu/packages/python.scm | 9 ++---
> 1 file chang
On Wed, Oct 12, 2016 at 11:29:07PM +0800, Alex Vong wrote:
> > Package: ghostscript
> > CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978
> > CVE-2016-7979 CVE-2016-8602
> > Debian Bug : 839118 839260 839841 839845 839846 840451
> >
> > Several v
On Wed, Oct 12, 2016 at 12:20:39PM -0400, Leo Famulari wrote:
> I don't know the relationship between GNU Ghostscript and "upstream"
> Ghostscript. Can anyone explain why GNU offers its own distribution?
Some history here:
https://en.wikipedia.org/wiki/Ghostscript#History
H
On Wed, Oct 12, 2016 at 02:38:26PM +0200, Ludovic Courtès wrote:
> Given that core-updates with Guile 2.0.12 is on its way and that master
> is still at 2.0.11, I’d suggest to leave master as-is and focus on
> core-updates.
>
> There we have 2 options:
>
> 1. Changing ‘guile-2.0/fixed’ to 2.0.1
On Mon, Oct 10, 2016 at 10:57:47PM +0200, Ludovic Courtès wrote:
> Yeah, seems hard to exploit. Apparently even if we’re not using systemd
> activations we could be vulnerable, because it’s about how specific
> messages are processed, IIUC.
>
> > What do you think? Should we update this on core-u
301 - 400 of 3787 matches
Mail list logo
