Loading pkgs/by-name/gu/guix/missing-cstdint-include.patch 0 → 100644 +24 −0 Original line number Diff line number Diff line From bdf4159dd5c1cf925512c0eb8490846c084e3c8c Mon Sep 17 00:00:00 2001 From: Reepca Russelstein Date: Tue, 24 Jun 2025 22:35:04 -0500 Subject: [PATCH] nix: libutil: add <cstdint> include to seccomp.hh. * nix/libutil/seccomp.hh (<cstdint>): add include of header. Change-Id: I0a0b2892d81dbab662eda1ba80f4736178d70c65 --- nix/libutil/seccomp.hh | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/libutil/seccomp.hh b/nix/libutil/seccomp.hh index 634dfad5f8..a4b449fc66 100644 --- a/nix/libutil/seccomp.hh +++ b/nix/libutil/seccomp.hh @@ -4,6 +4,7 @@ #include <linux/audit.h> /* For AUDIT_ARCH_* */ #include <linux/seccomp.h> #include <linux/filter.h> +#include <cstdint> /* This file provides two preprocessor macros (among other things): pkgs/by-name/gu/guix/package.nix +24 −38 Original line number Diff line number Diff line { lib, stdenv, fetchurl, fetchpatch, fetchDebianPatch, fetchgit, graphviz, gettext, autoreconfHook, disarchive, git, Loading @@ -27,6 +27,7 @@ pkg-config, po4a, scheme-bytestructures, slirp4netns, texinfo, bzip2, libgcrypt, Loading @@ -37,45 +38,21 @@ storeDir ? "/gnu/store", confDir ? "/etc", }: let rev = "30a5d140aa5a789a362749d057754783fea83dde"; in stdenv.mkDerivation rec { pname = "guix"; version = "1.4.0"; version = "1.4.0-unstable-2025-06-24"; src = fetchurl { url = "mirror://gnu/guix/guix-${version}.tar.gz"; hash = "sha256-Q8dpy/Yy7wVEmsH6SMG6FSwzSUxqvH5HE3u6eyFJ+KQ="; src = fetchgit { url = "https://codeberg.org/guix/guix.git"; inherit rev; hash = "sha256-QsOYApnwA2hb1keSv6p3EpMT09xCs9uyoSeIdXzftF0="; }; patches = [ (fetchpatch { name = "CVE-2024-27297_1.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143"; hash = "sha256-xKo1h2uckC2pYHt+memekagfL6dWcF8gOnTOOW/wJUU="; }) (fetchpatch { name = "CVE-2024-27297_2.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=ff1251de0bc327ec478fc66a562430fbf35aef42"; hash = "sha256-f4KWDVrvO/oI+4SCUHU5GandkGtHrlaM1BWygM/Qlao="; }) # see https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability (fetchDebianPatch { inherit pname version; debianRevision = "8"; patch = "security/0101-daemon-Sanitize-failed-build-outputs-prior-to-exposi.patch"; hash = "sha256-cbra/+K8+xHUJrCKRgzJCuhMBpzCSjgjosKAkJx7QIo="; }) (fetchDebianPatch { inherit pname version; debianRevision = "8"; patch = "security/0102-daemon-Sanitize-successful-build-outputs-prior-to-ex.patch"; hash = "sha256-mOnlYtpIuYL+kDvSNuXuoDLJP03AA9aI2ALhap+0NOM="; }) (fetchpatch { name = "fix-guile-ssh-detection.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=b8a45bd0473ab2ba9b96b7ef429a557ece9bf06c"; hash = "sha256-oYkgM694qPK8kqgxatkr4fj/GL73ozTNQADNyDeU6WY="; }) ./missing-cstdint-include.patch ]; postPatch = '' Loading @@ -90,6 +67,8 @@ stdenv.mkDerivation rec { autoreconfHook disarchive git graphviz gettext glibcLocales guile guile-avahi Loading @@ -110,6 +89,7 @@ stdenv.mkDerivation rec { pkg-config po4a scheme-bytestructures slirp4netns texinfo ]; Loading @@ -136,6 +116,7 @@ stdenv.mkDerivation rec { guile-zlib guile-zstd scheme-bytestructures slirp4netns ]; configureFlags = [ Loading @@ -145,6 +126,11 @@ stdenv.mkDerivation rec { "--with-bash-completion-dir=$(out)/etc/bash_completion.d" ]; preAutoreconf = '' echo ${version} > .tarball-version ./bootstrap ''; enableParallelBuilding = true; postInstall = '' Loading Loading @@ -174,8 +160,8 @@ stdenv.mkDerivation rec { Guix. Guix is based on the Nix package manager. ''; homepage = "http://www.gnu.org/software/guix"; changelog = "https://git.savannah.gnu.org/cgit/guix.git/plain/NEWS?h=v${version}"; homepage = "https://guix.gnu.org/"; changelog = "https://codeberg.org/guix/guix/raw/commit/${rev}/NEWS"; license = lib.licenses.gpl3Plus; mainProgram = "guix"; maintainers = with lib.maintainers; [ Loading Loading
pkgs/by-name/gu/guix/missing-cstdint-include.patch 0 → 100644 +24 −0 Original line number Diff line number Diff line From bdf4159dd5c1cf925512c0eb8490846c084e3c8c Mon Sep 17 00:00:00 2001 From: Reepca Russelstein Date: Tue, 24 Jun 2025 22:35:04 -0500 Subject: [PATCH] nix: libutil: add <cstdint> include to seccomp.hh. * nix/libutil/seccomp.hh (<cstdint>): add include of header. Change-Id: I0a0b2892d81dbab662eda1ba80f4736178d70c65 --- nix/libutil/seccomp.hh | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/libutil/seccomp.hh b/nix/libutil/seccomp.hh index 634dfad5f8..a4b449fc66 100644 --- a/nix/libutil/seccomp.hh +++ b/nix/libutil/seccomp.hh @@ -4,6 +4,7 @@ #include <linux/audit.h> /* For AUDIT_ARCH_* */ #include <linux/seccomp.h> #include <linux/filter.h> +#include <cstdint> /* This file provides two preprocessor macros (among other things):
pkgs/by-name/gu/guix/package.nix +24 −38 Original line number Diff line number Diff line { lib, stdenv, fetchurl, fetchpatch, fetchDebianPatch, fetchgit, graphviz, gettext, autoreconfHook, disarchive, git, Loading @@ -27,6 +27,7 @@ pkg-config, po4a, scheme-bytestructures, slirp4netns, texinfo, bzip2, libgcrypt, Loading @@ -37,45 +38,21 @@ storeDir ? "/gnu/store", confDir ? "/etc", }: let rev = "30a5d140aa5a789a362749d057754783fea83dde"; in stdenv.mkDerivation rec { pname = "guix"; version = "1.4.0"; version = "1.4.0-unstable-2025-06-24"; src = fetchurl { url = "mirror://gnu/guix/guix-${version}.tar.gz"; hash = "sha256-Q8dpy/Yy7wVEmsH6SMG6FSwzSUxqvH5HE3u6eyFJ+KQ="; src = fetchgit { url = "https://codeberg.org/guix/guix.git"; inherit rev; hash = "sha256-QsOYApnwA2hb1keSv6p3EpMT09xCs9uyoSeIdXzftF0="; }; patches = [ (fetchpatch { name = "CVE-2024-27297_1.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143"; hash = "sha256-xKo1h2uckC2pYHt+memekagfL6dWcF8gOnTOOW/wJUU="; }) (fetchpatch { name = "CVE-2024-27297_2.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=ff1251de0bc327ec478fc66a562430fbf35aef42"; hash = "sha256-f4KWDVrvO/oI+4SCUHU5GandkGtHrlaM1BWygM/Qlao="; }) # see https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability (fetchDebianPatch { inherit pname version; debianRevision = "8"; patch = "security/0101-daemon-Sanitize-failed-build-outputs-prior-to-exposi.patch"; hash = "sha256-cbra/+K8+xHUJrCKRgzJCuhMBpzCSjgjosKAkJx7QIo="; }) (fetchDebianPatch { inherit pname version; debianRevision = "8"; patch = "security/0102-daemon-Sanitize-successful-build-outputs-prior-to-ex.patch"; hash = "sha256-mOnlYtpIuYL+kDvSNuXuoDLJP03AA9aI2ALhap+0NOM="; }) (fetchpatch { name = "fix-guile-ssh-detection.patch"; url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=b8a45bd0473ab2ba9b96b7ef429a557ece9bf06c"; hash = "sha256-oYkgM694qPK8kqgxatkr4fj/GL73ozTNQADNyDeU6WY="; }) ./missing-cstdint-include.patch ]; postPatch = '' Loading @@ -90,6 +67,8 @@ stdenv.mkDerivation rec { autoreconfHook disarchive git graphviz gettext glibcLocales guile guile-avahi Loading @@ -110,6 +89,7 @@ stdenv.mkDerivation rec { pkg-config po4a scheme-bytestructures slirp4netns texinfo ]; Loading @@ -136,6 +116,7 @@ stdenv.mkDerivation rec { guile-zlib guile-zstd scheme-bytestructures slirp4netns ]; configureFlags = [ Loading @@ -145,6 +126,11 @@ stdenv.mkDerivation rec { "--with-bash-completion-dir=$(out)/etc/bash_completion.d" ]; preAutoreconf = '' echo ${version} > .tarball-version ./bootstrap ''; enableParallelBuilding = true; postInstall = '' Loading Loading @@ -174,8 +160,8 @@ stdenv.mkDerivation rec { Guix. Guix is based on the Nix package manager. ''; homepage = "http://www.gnu.org/software/guix"; changelog = "https://git.savannah.gnu.org/cgit/guix.git/plain/NEWS?h=v${version}"; homepage = "https://guix.gnu.org/"; changelog = "https://codeberg.org/guix/guix/raw/commit/${rev}/NEWS"; license = lib.licenses.gpl3Plus; mainProgram = "guix"; maintainers = with lib.maintainers; [ Loading
