Includes fixes for CVE-2021-43536, CVE-2021-43537, CVE-2021-43538,
CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,
CVE-2021-43545, CVE-2021-43546, and MOZ-2021-0009.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Remove icecat-CVE-2021-43527.patch, which is now included
in upstream icecat. Update the gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-CVE-2021-43527.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/syncthing.scm (go-github-com-golang-snappy)[source]: Add
patch to skip a test on 32-bit systems.
* gnu/packages/patches/go-github-com-golang-snappy-32bit-test.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/icecat-CVE-2021-43527.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat-source): Apply it.
* gnu/packages/patches/nss-CVE-2021-43527.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nss.scm (nss/fixed): New variable
(nss)[replacement]: New field.
* gnu/packages/coq.scm (coq): Update to 8.14.0.
(coq-bignums): Update to 8.14.0.
(coq-equations): Update to 1.3.
* gnu/packages/patches/coq-fix-envvars.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/finance.scm (trezor-agent): Add comment on why the
undoing of the wrapping is done, and also delete the irrelevant sideffect of
the now undone wrapping.
(python-trezor-agent): Add a patch that changes the python code to handle the
argv[0] changed by the wrapping.
* gnu/packages/patches/trezor-agent-fix-argv0.patch: New file.
* gnu/local.mk (dist_patch_DATA): Reference patch.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* gnu/packages/bootloaders.scm (%u-boot-rk3399-enable-emmc-phy-patch): New
variable.
(u-boot)[origin]: Register it.
* gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ocaml.scm (ocaml-qcheck): Update to 0.18.
* gnu/packages/patches/ocaml-qcheck-fix-test-whitespace.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Update genimage from version 11 to 14. A patch is required for the
tests due to differences in ext tooling.
* gnu/local.mk (dist_patch_DATA): Replace patch reference.
* gnu/packages/genimage.scm: Update package source.
* gnu/packages/patches/genimage-mke2fs-test.patch: New patch file.
* gnu/packages/patches/genimage-signedness.patch: Delete obsolete patch.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
QEMU guest agent hardcodes paths to /sbin/hwclock and /sbin/shutdown. Patch
the source to try binaries under /run/current-system/profile/sbin first.
* gnu/packages/patches/qemu-fix-agent-paths.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register the patch.
* gnu/packages/virtualization.scm (qemu)[origin]: Apply it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnuzilla.scm (mozilla-compare-locales)
(all-mozilla-locales, %icecat-version, %icecat-build-id): Update.
(icecat-source): Update upstream source hash. Update to latest gnuzilla
commit. Remove the hack that provided 'rename' as 'prename'; set RENAME_CMD
environment variable instead. Add python to PATH. Set PYTHONPATH
appropriately. Adapt substitutions for the reorganized 'makeicecat' script.
Run 'makeicecat' outside of the IceCat source directory.
(icecat)[inputs]: Add cairo, font-dejavu, libpng-apng, libvpx, pciutils,
hunspell, libnotify, sqlite, and zlib. Update icu4c to version 69.
[native-inputs]: Update rust and cargo to 1.51. Update rust-cbindgen to 0.19.
Update llvm and clang to 11. Add m4. Remove autoconf.
[description]: Update embedded version number to 91.
[arguments]: Remove "#:out-of-source? #t". Add "#:validate-runpath? #f". In
configure-flags, add "--enable-application=browser", "--enable-rust-simd",
"--enable-release", "--enable-optimize", "--enable-strip",
"--disable-elf-hack", "--with-system-png", and "--with-system-zlib". Adjust
the set of modules. Remove the 'link-libxul-with-libraries' and 'bootstrap'
phases. Remove the sandbox whitelist population code from the
'fix-ffmpeg-runtime-linker' phase. Add a new 'build-sandbox-whitelist' phase.
The new whitelist code now adds <font-dejavu>/share/fonts to the whitelist,
and also the runpaths of all libraries in the 'mesa' package. Update the
'configure' phase to use clang-11 and llvm-11 for compilation (previously we
used gcc), to create a 'mozconfig' file and run './mach configure' (previously
we passed flags to './configure'). Update the 'build' and 'install' phases to
use './mach'. Update and simplify the 'neutralise-store-references' phase.
Move the 'install-desktop-entry' phase to happen after 'wrap-program', whereas
previously it was run after 'configure'. In the 'wrap-program' phase, add
libpng-apng and libnotify to LD_LIBRARY_PATH.
(mozilla-78-compare-locales, all-mozilla-78-locales, %icecat-78-version)
(icecat-78-source): New variables, containing the previous values of
mozilla-compare-locales, all-mozilla-locales, %icecat-version, and
icecat-source, respectively.
(icedove)[source]: Use 'icecat-78-source'.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to the reorganized
'makeicecat' script.
* gnu/packages/patches/icecat-78-makeicecat.patch: New file,
containing previous contents of icecat-makeicecat.patch.
* gnu/local.mk: Add icecat-78-makeicecat.patch.
Fixes <https://issues.guix.gnu.org/50672>.
This makes users of python-peachpy bit-reproducible, such as nnpack.
* gnu/packages/patches/python-peachpy-determinism.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python-xyz.scm (python-peachpy)[source]: Use it.
Co-authored-by: Kyle Meyer <kyle@kyleam.com>
