This release fixes CVE-2020-6831 and CVE-2020-6464.
* gnu/packages/chromium.scm (%chromium-version): Set to 81.0.4044.138.
(%chromium-origin): Update hash.
* gnu/packages/patches/warsow-qfusion-fix-bool-return-type.patch: New file.
* gnu/local.mk: Include patch.
* gnu/packages/game-development.scm (warsow-qfusion): New variable.
Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388,
CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Apply icecat-use-older-reveal-hidden-html.patch.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/statistics.scm (emacs-ess): Update to 18.10.2.
[source]: Use git-fetch and git-file-name. Fix snippets for removing
julia-mode and removing extra documentation formats. Add snippets for
installing elisp files and stopping installation of info directory.
Remove snippet for old failing test. Add snippet for new failing test.
[arguments]: Remove extra "/".
[native-inputs]: Add r-roxygen2.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/build/vm.scm (install-efi, make-iso9660-image): Remove those procedures
that are now implemented in (gnu build image) module,
(initialize-hard-disk): remove efi support.
* gnu/system/vm.scm (iso9660-image): Remove it,
(qemu-image): adapt it to remove ISO9660 support.
Raw disk-images and ISO9660 images are created in a Qemu virtual machine. This
is quite fragile, very slow, and almost unusable without KVM.
For all these reasons, add support for host image generation. This implies the
use new image generation mechanisms.
- Raw disk images: images of partitions are created using tools such as mke2fs
and mkdosfs depending on the partition file-system type. The partition
images are then assembled into a final image using genimage.
- ISO9660 images: the ISO root directory is populated within the store. GNU
xorriso is then called on that directory, in the exact same way as this is
done in (gnu build vm) module.
Those mechanisms are built upon the new (gnu image) module.
* gnu/image.scm: New file.
* gnu/system/image.scm: New file.
* gnu/build/image: New file.
* gnu/local.mk: Add them.
* gnu/system/vm.scm (system-disk-image): Rename to system-disk-image-in-vm.
* gnu/ci.scm (qemu-jobs): Adapt to new API.
* gnu/tests/install.scm (run-install): Ditto.
* guix/scripts/system.scm (system-derivation-for-action): Ditto.
* gnu/build/bootloader.scm (install-efi): New procedure copied from (gnu build vm).
(install-efi-loader): New exported procedure, wrapping install-efi.
* gnu/build/vm.scm (initialize-hard-disk): Adapt to use install-efi-loader.
There's no need to set the store GID as is will be done by the guix-daemon,
with the following snippet:
if (chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1)
throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir);
* gnu/build/install.scm (directives): Do not set store GID.
Changing ownership may require root permissions. As image can now be generated
without root permissions (no VM involved), ignore those exceptions.
* gnu/build/install.scm (evaluate-populate-directive): Ignore chown
exceptions.
* gnu/packages/crates-io.scm (rust-nettle-sys-2): New variable.
* gnu/packages/patches/rust-nettle-sys-disable-vendor.patch: New file.
* gnu/local.mk: Add it.