Fixes CVEs 2024-4367, 2024-4767, 2024-4768, 2024-4769,
2024-4770 and 2024-4777. See the Mozilla Foundation Security Advisory
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/> for details.
* gnu/packages/tor-browsers.scm (%torbrowser-locales): Update changesets.
(%torbrowser-build-date): Update to 20240510150000.
(%torbrowser-version): Update to 13.0.15.
(%torbrowser-firefox-version): Update to 115.11.0esr-13.0-1-build2.
(torbrowser-translation-base): Update to
a28a8b2cb9e207d12fca11181818c0a0694b56af.
(torbrowser-translation-specific): Update to
e03ffdea5b74ad280616dccd21744cba7b2d4565.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/packages/astronomy.scm: Select just pypi-uri from python build
system module.
Change-Id: I1b02cdd24a6456d58136ee126f7bdb2a01dce9b4
Signed-off-by: Andrew Tropin <andrew@trop.in>
* gnu/packages/gcc.scm (gcc-13)[arguments]: When building for i586-gnu
delete the inherited phase 'patch-hurd-libpthread as it exists upstream.
Change-Id: I0837dcff325b15b6975b34dbd7268faaa223ecdd
* gnu/packages/gcc.scm (make-gccgo)[arguments]: When building gccgo-12
for riscv64-linux don't add a phase to adjust the order of libgo
dependencies.
Change-Id: I600c744ce33ad802a5c466c19df41dcbb29a2be0
* gnu/packages/gnuzilla.scm (mozjs)[arguments]: When building for
riscv64-linux adjust the 'adjust-tests phase to skip 2 more tests
skipped by upstream.
Change-Id: Ia5fbe6782e3d1d8e1904cdf49a35e0666837b277
The kernel has progressively enabled the BPF settings, to the point where
having a separate kernel for it makes little sense, so repatriate the few
non-default BPF-related configs to our main kernel.
* gnu/packages/linux.scm (%bpf-extra-linux-options): Delete variable.
(default-extra-linux-options): Enable CONFIG_NET_CLS_BPF and
CONFIG_NET_ACT_BPF. CONFIG_IKHEADERS is dropped as it adds 4 MiB to the
kernel image and appears somewhat redundant with BTF debug info.
(linux-libre-with-bpf): Deprecate to linux-libre.
Change-Id: Id672241916dcbcdca7cbc16d869d00223446cd3d
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.
* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.
Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
This is needed for software making use of eBPF programs, such as the sysdig
utility, among others. For more information about BPF, see:
<https://brendangregg.com/blog/2020-11-04/bpf-co-re-btf-libbpf.html>.
* gnu/packages/linux.scm (%default-extra-linux-options): Enable
CONFIG_DEBUG_INFO, CONFIG_DEBUG_INFO_BTF,
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT, CONFIG_BPF_JIT,
CONFIG_BPF_JIT_ALWAYS_ON, CONFIG_BPF_SYSCALL and BPF_UNPRIV_DEFAULT_OFF.
Disable CONFIG_DEBUG_INFO_REDUCED.
(make-linux-libre*) [native-inputs]: Add dwarves, python-wrapper and zlib.
Change-Id: Idfc64f82aa404e86168bffcf721a325f9e807f75
This is to allow version-specific options to the list of defaults.
* gnu/packages/linux.scm (%default-extra-linux-options): Transform to...
(default-extra-linux-options): ... this procedure, which accepts a 'version'
argument.
(make-linux-libre, linux-libre-arm-generic, linux-libre-arm-generic-5.10)
(linux-libre-arm-generic-5.4, linux-libre-arm64-generic)
(linux-libre-arm64-generic-5.10, linux-libre-arm64-generic-5.4)
(linux-libre-riscv64-generic, linux-libre-mips64el-fuloong2e)
(linux-libre-with-bpf): Adjust accordingly.
* doc/guix-cookbook.texi (Customizing the Kernel): Adjust accordingly.
Change-Id: Ifd3be8b7ed8699bada224a938dbc84205366ff3d
This reduces the total build time by about 20%.
* gnu/packages/linux.scm (make-linux-libre*) [phases] {install}: Ensure that
-jN is used for the install targets. Also honor make flags.
Change-Id: Ib3f4fdcbdeab736315a91eafa8d6d1dff5b89884
This causes the test suite to run in about in nearly a third of the original
time (from 145 min to 52 minutes on a particular machine).
* gnu/packages/nss.scm (nss/fixed) [phases] {check}: Set NSS_CYCLES
environment variable to 'standard'.
Change-Id: I5dab1ed16b302af2276b0f075a790f6193edbe95