Fixes <https://bugs.gnu.org/27172>.
* gnu/packages/fonts.scm (font-iosevka): Switch to font-build-system.
[source]: Use url-fetch/zipbomb.
[native-inputs]: Remove dependency on unzip.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/packages/patches/openldap-CVE-2017-9287.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/openldap.scm (openldap)[replacement]: New field.
(openldap/fixed): New variable.
Fixes <https://bugs.gnu.org/27120>.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add a snippet
to delete bundled libraries.
[version]: Bump the package revision counter to 3.
Reported by Alex Griffin <a@ajgrf.com>.
Fixes <http://bugs.gnu.org/27135>.
* gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
call.
* gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
git ls-files will return paths relative to the repository directory. This
commit prepends the repository directory to those paths when calling lstat,
such that 'git-predicate' works if the current working directory is not the
repository directory.
* guix/git-download.scm (git-predicate): Prepend repository directory to the
file path when calling lstat.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reported-by: Ludovic Courtès <ludo@gnu.org>
This fixes a regression introduced by commit
8ca0c88a89.
* doc/htmlxref.cnf (EMACS_GUIX): Fix the link to 'html_node'.
Reported by Mark H Weaver <mhw@netris.org>
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>.
* guix/build/download.scm (set-certificate-credentials-x509-trust-file!*):
New procedure.
(make-credendials-with-ca-trust-files): Use it instead of
'set-certificate-credentials-x509-trust-file!'.
* gnu/packages/image.scm (jasper): Update to 2.0.13.
[source]: Use GitHub URL and set the file-name. Remove
'jasper-CVE-2017-6850.patch'.
* gnu/packages/patches/jasper-CVE-2017-6850.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Previously:
./pre-inst-env guile -c '(use-modules (gnu packages gcc))'
would fail due to circular dependencies.
* gnu/packages/cross-base.scm (%xgcc): Turn into a macro.
This allows 'guix publish' threads as well as 'guix substitute' and
'guix offload' processes to be properly labeled in 'top', 'pstree', etc.
* guix/workers.scm (worker-thunk): Add #:thread-name parameter and honor it.
(make-pool): Likewise.
* guix/scripts/publish.scm (http-write): Add calls to 'set-thread-name'
in bodies of 'call-with-new-thread'.
(guix-publish): Call 'set-thread-name'. Pass #:thread-name to 'make-pool'.
* guix/scripts/offload.scm (guix-offload): Call 'set-thread-name'.
* guix/scripts/substitute.scm (guix-substitute): Likewise.
* gnu/packages/patches/rxvt-unicode-escape-sequences.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (rxvt-unicode)[source]: Use it.
See 'ChangeLog' in the source distribution for more information about
the bugs and security issues fixed in this release.
* gnu/packages/image.scm (libtiff)[replacement]: Replace with libtiff-4.0.8.
(libtiff/fixed): Replace with ...
(libtiff-4.0.8): New variable.
* gnu/packages/patches/libtiff-CVE-2017-7593.patch,
gnu/packages/patches/libtiff-CVE-2017-7594.patch,
gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.