A list of already-authenticated commits is kept in
~/.cache/guix/authentication. This speeds up subsequent "make
authenticate" invocations.
* build-aux/git-authenticate.scm (authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): New
procedures.
(git-authenticate): Define 'authenticated-commits' and pass it as a
third argument to 'commit-difference'. Add call to
'cache-authenticated-commit'. Don't display signing stats when STATS is
null.
* gnu/packages/emacs-xyz.scm (emacs-telega): Update to 0.5.4.
[arguments]: Working around imagemagick and svg is no longer needed.
[native-inputs]: Replace emacs-minimal with emacs. This is needed because
bytecompilation requires fringe-bitmap support.
`guix lint` reports two CVEs, both are unrelated:
- CVE-2018-5200: for vendor "pandora" and some 4.2.2.x version
- CVE-2019-9133: windows only (I assume it it alsow relates to the "pandora"
vendor, since the version the CVE refers to as "solving the issue" does not
exist at KDE.)
* gnu/packages/kde-multimedia.scm (kmplayer): New variable.
* gnu/packages/patches/kmplayer-aarch64.patch,
gnu/packages/patches/kmplayer-upstream_Fix-build-with-Qt-5.9.patch: New
files.
* gnu/local.mk: Add them.
Patches should fix all CVEs reported by `guix lint`:
CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829,
CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837,
CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095
Since the patches do not reference to CVEs, it's a bit hard to tell which
patch actually closes which CVE. Debian reports all these to be closed by
the patches below and NixPkgs provides references.
* gnu/packages/audio.scm (audiofile): New variable.
* gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch,
gnu/packages/patches/audiofile-fix-sign-conversion.patch,
gnu/packages/patches/audiofile-CVE-2015-7747.patch,
gnu/packages/patches/audiofile-CVE-2018-13440.patch,
gnu/packages/patches/audiofile-CVE-2018-17095.patch,
gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch,
gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch,
gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch,
gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch,
gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch,
gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch,
gnu/packages/patches/audiofile-hurd.patch,
gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch:
New files.
* gnu/local.mk: Add them.
Fixes <https://bugs.gnu.org/38739>. This is a follow-up to commit
88c9408070.
* gnu/packages/wm.scm (i3-gaps)[source](sha256): Change to the correct hash.
[build-system]: Remove field, because it is superfluous.
* gnu/packages/patches/libgeotiff-adapt-test-script-for-proj-6.2.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/geo.scm (libgeotiff): Update to 1.5.1.
[inputs]: Replace proj.4 with proj.
[sources]: Add libgeotiff-adapt-test-script-for-proj-6.2.patch
to patches.
The use of guile-email in this package definition seems to cause errors when
working with other packages, errors like: error: guile-email: unbound variable
I'm not sure why the version of the Guile email package is appropriate here
either, but for now just to avoid the problems, inline the current version of
the package (and add a comment so this is more obvious). This issue was
probably introduced in: c7b2b53980
* gnu/packages/mail.scm (mumimu)[version]: Inline the current value
of (package-version guile-email) as a string.