bug#70581: PHP, glibc, and CVE-2024-2961

Hello Guix, Last week, an overflow bug in glibc's iconv(3) was discovered: https://www.openwall.com/lists/oss-security/2024/04/17/9 It may enable remove code execution through PHP. Due to the immutable nature of Guix, is it possible to hotpatch this using graft, or do we need to rebuild to world

bug#70580: Verilator package fails to build due to failing test

Was trying to install verilator earlier, and it seems to be failing at the check stage. Looks like it is failing on a smoke test. Guessing that there is some sort of issue with trying to access external resources or something. Probably going to look into it myself, but wanted to log the error in

bug#63197: video acceleration/libva segfaults caused by stale mesa shader cache

Hi, Maxim Cournoyer writes: > Hi, > > After reinstalling someone's desktop which has support for VA-API, > 'vainfo' from 'libva-utils' would consume all the memory then crash. > Other applications relying on libva would crash as well, e.g. ffmpeg (or > its users, such as vlc/jami). Here's a sam

bug#40316: nss not reproducible

Hi, I believe I have a fix for this, I'm just waiting on my machine to hurry up and confirm it, might end up running over night, then I'll send my patch up. I'm doing two native builds and two cross-builds. I've also updated to 3.99. Kind regards, Christina On 25/04/2024 15:06, Christina

bug#40316: Core updates status

Hi Steve, It would be good to confirm this one: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40316 Still fails to reproduce with those changes applied. The culprit is in nss/cmd/shlibsign/shlibsign.c: shlibSignHMAC generates a new key-pair each time it's run:     /* Generate a DSA key pai

bug#70539: Flatpak is vulnerable to CVE-2024-32462

Thanks, fix in https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d115af1bcc48f07a40dafd94d1d00926d446d068 signature.asc Description: PGP signature

bug#70529: Several packages have dbus service files with broken file paths

Nathan Dehnel writes: > I was investigating powerdevil and snapper being broken and I > discovered packages with incorrect file paths in the Exec line of > their dbus services > > $ ls -d /gnu/store/**/share/dbus-1/services/** | grep -v > profile/share/dbus-1 | while read line; do grep Exec $line

bug#70529: [PATCH] gnu: kauth: Fix KAUTH_HELPER_INSTALL_ABSOLUTE_DIR.

From: 宋文武 KAuth helpers use KAUTH_HELPER_INSTALL_ABSOLUTE_DIR as the prefix for "Exec=" in their dbus service files, which should really be an absolute directory. Fixes . * gnu/packages/kde-frameworks.scm (kauth)[arguments]<#:phases>: In fix-cmake-install-dire