Printers managed by CUPS might require supplementary files to function,
such as color profiles or filters. CUPS checks permissions on such files
to prevent the execution of unsafe code. One of the conditions-that the
files are owned by root-must be short-circuited on Guix, because this
condition cannot be met on a system with an unprivileged daemon (where
store files are owned by `guix-daemon`).
* gnu/packages/patches/cups-relax-root-ownership-check.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/cups.scm (cups)[source]: Include it.
Change-Id: I77f67f996d057a34bd018ab97cda54577060b0c3
Signed-off-by: John Kehayias <john@guixotic.coop>
Fixes CVE-2025-58060 and CVE-2025-58364.
* gnu/packages/cups.scm(cups): Update to 2.4.14.
[source]: Drop unneeded patch.
* gnu/packages/patches/cups-minimal-Address-PPD-injection-issues.patch: Remove
it.
* gnu/local.mk (dist_patch_DATA): Deregister it.
Change-Id: I719e568716c8739aca16c6ebc29f50c7d2ac83bc
The following CVEs were fixed:
- CVE-2025-24855: Fix use-after-free of XPath context node
- CVE-2024-55549: Fix UAF related to excluded namespaces
Additionally, a patch from Debian for generated IDs and reproduciblity no
longer applies cleanly and is likely problematic or (partially?) unneeded.
See <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902051> for the latest.
* gnu/packages/xml.scm (libxslt): Update to 1.1.43.
(source): Remove patch.
* gnu/packages/patches/libxslt-generated-ids.patch: Delete it.
* gnu/local.mk (dist_patch_DATA): Unregister it.
Change-Id: Ia10d906bab090792d28524beda6aca79a5a21684
* gnu/packages/patches/warzone2100-unbundle-libs.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register patch.
* gnu/packages/games.scm (warzone2100) [version]: Update to 4.6.1.
[source]<patches>: Add patch.
[source]<snippet>: Delete unbundled libraries from source.
[arguments]<configure-flags>: Use ninja backend, disable downloads, and
disable the new, optional GNS backend in lieu of packaging it. Allow vulkan.
[arguments]<phases>: Remove phase modifications, as they were either
integrated into the patch or unnecessary.
[native-inputs]: Remove asciidoc, as it is unused, and add unbundled
basis-universal as well as shaderc for vulkan support.
[inputs]: Remove unused libs and pull in packaged versions of unbundled libs.
Use gnutls instead of openssl as it's only useful when it's the same tls
backend curl uses. Add vulkan-headers for vulkan support.
Closes: #2790
Change-Id: Ic06d2fd7e6b96da16fd64b70da0b1af3a6a65247
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
This file contains two package definitions that should be on wm.scm.
They are not overly complex, not tightly couple and small, so there is
few to no reason keeping them in a dedicated file.
* gnu/packages/openbox.scm (obconf, openbox): Move from here ...
* gnu/packages/wm.scm: ... to here.
* gnu/packages/openbox.scm: Delete file.
* gnu/local.mk: Remove reference to openbox.scm.
* gnu/packages/kde-frameworks.scm: Fixup reference to (gnu packages openbox) module.
* gnu/packages/lxde.scm: Remove reference to (gnu packages openbox) module.
* gnu/packages/lxqt.scm: Fixup reference to (gnu packages openbox) module.
* gnu/tests/install.scm: Remove reference to (gnu packages openbox) module.
* po/packages/POTFILES.in: Remove reference to openbox.scm.
Change-Id: I0b887debb97e8fcc7880c9f05d29981226d06077
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/books.scm (xiphos): New variable.
* gnu/packages/patches/xiphos-glib.patch: New file.
* gnu/local.mk (dist_PATCH_DATA): Add it.
Change-Id: I17f3e14c7721887fcb1852e7f07e80fc48d48a79
Signed-off-by: Andreas Enge <andreas@enge.fr>
The package still used python-six. Luckily a PR was ready for its
removal.
* gnu/packages/python-xyz.scm (python-treelib)[source]: Add patch.
* gnu/packages/patches/python-treelib-remove-python2-compat.patch: Add file.
* gnu/local.mk: Record patch.
Change-Id: I91a37770391cc72f158ade5b9619e80ab9a36bc7
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
This package is no longer needed as per: "unittest2 is a backport of the
new features added to the unittest testing framework in Python 2.7 and
onwards.", it has no users in Guix.
* gnu/packages/check.scm (python-unittest2): Delete variable.
* gnu/local.mk (dist_patch_DATA): Deregister 2 patches.
* gnu/packages/patches/python-unittest2-python3-compat.patch: Delete file.
* gnu/packages/patches/python-unittest2-remove-argparse.patch: Likewise.
Change-Id: I7d67223cdd5a0e656a299d83ac28248d7db7c321
* gnu/packages/check.scm (python-pyfakefs): Update to 5.9.1.
[source]: Switch to git-fetch, not GitHub repository provides proper
releases and tests.
<patches>: Drop it.
[arguments] <test-backend>: Use 'custom.
<test-flags>: Run all self tests without extra packages.
<phases>: Add 'disable-root-tests.
[build-system]: Use pyproject.
[home-page]: Now pyproject.toml points to GitHub page as the main one,
no reference to <http://pyfakefs.org/> in documentation was found.
[native-inputs]: Remove python-pytest; add python-setuptools.
* gnu/packages/patches/python-pyfakefs-remove-bad-test.patch: Remove file.
* gnu/local.mk: Deregister patch.
Change-Id: I4427d889019275b304ad021d8e5d0829bcff518a
* gnu/packages/time.scm (python-dateutil)[source](patches): Remove
the dateutil patch.
* gnu/packages/patches/python-dateutil-pytest-compat.patch: Drop the
patch as seems not required with pytest 8 anymore.
* gnu/local.mk (dist_patch_DATA): Deregester patch.
Change-Id: I61ef23a2795f6cecc73bbd337759dd4e088d4807
* gnu/packages/patches/schiffbruch-fix-build-for-gcc-13.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/games.scm (schiffbruch): Apply it.
Change-Id: I539c749e57323dc305a022066d3b07de1cf5ec1d
Reviewed-by: Andreas Enge <andreas@enge.fr>
* gnu/packages/virtualization.scm (vagrant): New variable.
* gnu/packages/patches/vagrant-Support-system-installed-plugins.patch,
gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch
gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch:
New files.
* gnu/local.mk(dist_patch_DATA): Add them
* gnu/packages/patches/opusfile-CVE-2022-47021.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xiph.scm (opusfile): Apply it.
Change-Id: I32ce75de721778165da3627df34cad99e6d79630
Signed-off-by: Gabriel Wicki <gabriel@erlikon.ch>
This is a follow-up to commit 3dc53ee3e7.
* gnu/packages/llvm.scm (dist_patch_DATA): Really unregister
gnu/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch.
Change-Id: Ib49c1b506decfa1c5b0b11947964cfc9af2b61b6
This is a follow-up to commit 2c4acd05d4.
* gnu/packages/patches/clang-3.8-libc-search-path.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Unregister file.
Change-Id: I402f01f1fa442f71b3a0b8c67faa38ae76ac8d6e
* gnu/packages/mruby-xyz.scm: New file.
* gnu/local.mk: Add it.
Change-Id: Ie228b57feefcce6bf868d93d234a028daf5a6e38
Signed-off-by: Gabriel Wicki <gabriel@erlikon.ch>
* gnu/packages/audio.scm (rtosc): New variable.
* gnu/packages/patches/rtosc-0.3.1-fix-invalid-comparison-operator.patch: New
file.
* gnu/local.mk: Register it.
Change-Id: I771b67a2bedc5ea513d6504c6f47db2d9382330c
Signed-off-by: Gabriel Wicki <gabriel@erlikon.ch>
For Firefox/IceCat, this fixes at least CVE-2025-6427, CVE-2025-6428,
CVE-2025-6431, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434, CVE-2025-6435 and
CVE-2025-6436.
For Thunderbird/Icedove, this fixes too many CVEs to be named here. Consult
<https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird> to
read the details.
* gnu/packages/image.scm (libpng-apng-for-librewolf): Rename to...
(libpng-apng-next): ... this.
* gnu/packages/librewolf.scm (librewolf) [inputs]: Adjust accordingly.
* gnu/packages/gnuzilla.scm (icecat-minimal): Update to 140.3.0.
[#:configure-flags]: Add --disable-fhs. Remove --enable-official-branding.
[#:phases] {apply-guix-specific-patches}: Apply
icecat-fhs-configure-option.patch.
{remove-cargo-frozen-flag}: Remove --frozen from rust.mk.
{install}: Also install a policies.json file to disable the Sync feature.
{install-desktop-entry}: Adjust and streamline.
{install-icons}: Use the 'unofficial' branding directory.
[inputs]: Replace libpng-apng with libpng-apng-next. Replace icu4c with
icu4c-77.
[native-search-paths]: Replace ICECAT_SYSTEM_DIR with MOZILLA_SYSTEM_DIR.
(icecat-source): Remove obsolete cleanups. Switch tarball compression to
zstd.
(make-l10n-package): No longer set GUIX_PYTHONPATH.
[#:phases] {build}: Register the "tb_common" mach site.
[native-inputs]: Replace python-wrapper with python. Add python-aiohttp,
python-async-timeout and python-dateutil.
(mozilla-115-compare-locales, mozilla-115-locale, mozilla-115-locales)
(update-mozilla-115-locales, all-mozilla-115-locales, %icecat-115-base-version)
(%icecat-115-version, %icecat-115-build-id
(icecat-115-source): Delete variables.
(mozilla-l10n): Update to correct changeset.
(format-locales): New procedure.
(%icecat-locales): Update.
(%icecat-base-version): Set to the version of mozjs.
(%icecat-build-id): Bump.
(%icedove-build-id): Bump.
(%icedove-version): Set to 140.3.0.
(thunderbird-comm-source): Update accordingly.
[patches]: New field.
(comm-source->locales+changeset): Delete variable.
(%icedove-locales): Regenerate.
(thunderbird-comm-l10n): Adjust URI, and switch to a git-fetch, to be able to
use pre-releases (the official release tarballs lag behind those of Firefox).
(icedove-source): Compress resulting tarball via zstd. Adjust patching based
on changed file names and content. Make "comm" files writable. Patch
MOZ_APP_NAME in "devtools/startup/DevToolsStartup.sys.mjs". Adjust
services.settings.server value to avoid a warning.
Adjust l10n copying, given we're now using a checkout again.
(icedove-minimal) [#:phases] {configure}: Do not set PYTHON. Add
'ac_add_options --enable-rust-simd' flag.
{do-not-verify-vendored-rust-dependencies}: New phase.
{patch-cargo-checksums}: Sync with IceCat, add "comm" directory.
{remove-cargo-frozen-flag}: Sync phase with that of IceCat.
[inputs]: Sort. Add ffmpeg. Remove gtk+-2. Replace nss with nss-rapid.
Replace icu4c with icu4c-77.
[native-inputs]: Replace clang-15 with clang-20, llvm-15 with llvm-20. Replace
rust-cbindgen-0.24 with rust-cbindgen.
* gnu/packages/patches/icedove-observer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/icecat-compare-paths.patch: Update.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: Rework, with the goal
to of upstreaming it.
Change-Id: Ib420388b9e7c7b59baa74920951afbda99cfe5a2
