guix: 1.4.0 -> 1.4.0-unstable-2025-06.24

From bdf4159dd5c1cf925512c0eb8490846c084e3c8c Mon Sep 17 00:00:00 2001

From: Reepca Russelstein

Date: Tue, 24 Jun 2025 22:35:04 -0500

Subject: [PATCH] nix: libutil: add <cstdint> include to seccomp.hh.

* nix/libutil/seccomp.hh (<cstdint>): add include of header.

Change-Id: I0a0b2892d81dbab662eda1ba80f4736178d70c65

---

 nix/libutil/seccomp.hh | 1 +

 1 file changed, 1 insertion(+)

diff --git a/nix/libutil/seccomp.hh b/nix/libutil/seccomp.hh

index 634dfad5f8..a4b449fc66 100644

--- a/nix/libutil/seccomp.hh

+++ b/nix/libutil/seccomp.hh

@@ -4,6 +4,7 @@

 #include <linux/audit.h> /* For AUDIT_ARCH_* */

 #include <linux/seccomp.h>

 #include <linux/filter.h>

+#include <cstdint>

 /* This file provides two preprocessor macros (among other things):

{

  lib,

  stdenv,

  fetchurl,

  fetchpatch,

  fetchDebianPatch,

  fetchgit,

  graphviz,

  gettext,

  autoreconfHook,

  disarchive,

  git,

  pkg-config,

  po4a,

  scheme-bytestructures,

  slirp4netns,

  texinfo,

  bzip2,

  libgcrypt,

  storeDir ? "/gnu/store",

  confDir ? "/etc",

}:

let

  rev = "30a5d140aa5a789a362749d057754783fea83dde";

in

stdenv.mkDerivation rec {

  pname = "guix";

  version = "1.4.0";

  version = "1.4.0-unstable-2025-06-24";

  src = fetchurl {

    url = "mirror://gnu/guix/guix-${version}.tar.gz";

    hash = "sha256-Q8dpy/Yy7wVEmsH6SMG6FSwzSUxqvH5HE3u6eyFJ+KQ=";

  src = fetchgit {

    url = "https://codeberg.org/guix/guix.git";

    inherit rev;

    hash = "sha256-QsOYApnwA2hb1keSv6p3EpMT09xCs9uyoSeIdXzftF0=";

  };

  patches = [

    (fetchpatch {

      name = "CVE-2024-27297_1.patch";

      url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143";

      hash = "sha256-xKo1h2uckC2pYHt+memekagfL6dWcF8gOnTOOW/wJUU=";

    })

    (fetchpatch {

      name = "CVE-2024-27297_2.patch";

      url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=ff1251de0bc327ec478fc66a562430fbf35aef42";

      hash = "sha256-f4KWDVrvO/oI+4SCUHU5GandkGtHrlaM1BWygM/Qlao=";

    })

    # see https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability

    (fetchDebianPatch {

      inherit pname version;

      debianRevision = "8";

      patch = "security/0101-daemon-Sanitize-failed-build-outputs-prior-to-exposi.patch";

      hash = "sha256-cbra/+K8+xHUJrCKRgzJCuhMBpzCSjgjosKAkJx7QIo=";

    })

    (fetchDebianPatch {

      inherit pname version;

      debianRevision = "8";

      patch = "security/0102-daemon-Sanitize-successful-build-outputs-prior-to-ex.patch";

      hash = "sha256-mOnlYtpIuYL+kDvSNuXuoDLJP03AA9aI2ALhap+0NOM=";

    })

    (fetchpatch {

      name = "fix-guile-ssh-detection.patch";

      url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=b8a45bd0473ab2ba9b96b7ef429a557ece9bf06c";

      hash = "sha256-oYkgM694qPK8kqgxatkr4fj/GL73ozTNQADNyDeU6WY=";

    })

    ./missing-cstdint-include.patch

  ];

  postPatch = ''

    autoreconfHook

    disarchive

    git

    graphviz

    gettext

    glibcLocales

    guile

    guile-avahi

    pkg-config

    po4a

    scheme-bytestructures

    slirp4netns

    texinfo

  ];

    guile-zlib

    guile-zstd

    scheme-bytestructures

    slirp4netns

  ];

  configureFlags = [

    "--with-bash-completion-dir=$(out)/etc/bash_completion.d"

  ];

  preAutoreconf = ''

    echo ${version} > .tarball-version

    ./bootstrap

  '';

  enableParallelBuilding = true;

  postInstall = ''

      Guix.

      Guix is based on the Nix package manager.

    '';

    homepage = "http://www.gnu.org/software/guix";

    changelog = "https://git.savannah.gnu.org/cgit/guix.git/plain/NEWS?h=v${version}";

    homepage = "https://guix.gnu.org/";

    changelog = "https://codeberg.org/guix/guix/raw/commit/${rev}/NEWS";

    license = lib.licenses.gpl3Plus;

    mainProgram = "guix";

    maintainers = with lib.maintainers; [