Contains fixes for:
CVE-2026-0877: Mitigation bypass in the DOM: Security component
CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in
the Graphics: CanvasWebGL component
CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in
the Graphics component
CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
component
CVE-2026-0881: Sandbox escape in the Messaging System component
CVE-2026-0882: Use-after-free in the IPC component
CVE-2026-0883: Information disclosure in the Networking component
CVE-2026-0884: Use-after-free in the JavaScript Engine component
CVE-2026-0885: Use-after-free in the JavaScript: GC component
CVE-2026-0886: Incorrect boundary conditions in the Graphics component
CVE-2026-0887: Clickjacking issue, information disclosure in the PDF
Viewer component
CVE-2026-0888: Information disclosure in the XML component
CVE-2026-0889: Denial-of-service in the DOM: Service Workers component
CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop
component
CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7,
Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
CVE-2026-0892: Memory safety bugs fixed in Firefox 147 and Thunderbird
147
* gnu/packages/librewolf.scm (librewolf-bsys6): New variable.
* gnu/packages/librewolf.scm (make-librewolf-source): Don’t attempt to GPG
sign the source tarball, the key isn’t available.
* gnu/packages/librewolf.scm (librewolf): Update to 147.0.1-3.
[native-inputs] Add librewolf-bsys6.
[phases 'patch-icu-lookup]: Delete.
[phases 'install-desktop-entry]: Use the .desktop file template from librewolf-bsys6.
Change-Id: Ic7ff0197294cbb2485cb8db2f42f4fb499e39277
* gnu/packages/icu4c.scm (icu4c-78): New variable.
* gnu/local.mk (dist_patch_DATA): Add icu4c patches.
* gnu/packages/patches/icu4c-78-double-conversion.patch: New file.
* gnu/packages/patches/icu4c-bug-1706949-wasi-workaround.patch: New file.
* gnu/packages/patches/icu4c-bug-1790071-ICU-22132-standardize-vtzone-output.patch: New file.
* gnu/packages/patches/icu4c-bug-1856290-ICU-20548-dateinterval-timezone.patch: New file.
* gnu/packages/patches/icu4c-bug-1954138-dtitvfmt-adopt-calendar.patch: New file.
* gnu/packages/patches/icu4c-bug-1972781-chinese-based-calendar.patch: New file.
* gnu/packages/patches/icu4c-bug-2000225-ICU-23264-increase-measure-unit-capacity.patch: New file.
* gnu/packages/patches/icu4c-bug-2002735-ICU-23277-coptic-single-era.patch: New file.
* gnu/packages/patches/icu4c-suppress-warnings.patch: New file.
* gnu/packages/graphics.scm (openscenegraph) [inputs]: Remove labels.
[native-inputs]: Fit on a single line.
Change-Id: Icccd3e3b6c0a49c771c1359dd9a9fe6e795bd59b
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
* gnu/packages/game-development.scm (openmw):
[version]: Update to 0.50.0.
[arguments]:
{configure-flags}: Remove desired Qt version.
{phases}: Add Qt::Svg as it is used in components.
{phases}: Force disable clip control extension on Mesa.
[inputs]: Add Qt6 dependencies.
Change-Id: Ib8f0deb303645e6e04a7e5bc99cdc2357653704e
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
* gnu/tests/foreign.scm (qcow-image-with-marionette):
- Create .autorelabel file to make copied Guile work
on SELinux-enabled systems.
(resize-lvm-xfs-partition): New variable.
(run-foreign-install-test): Increase RAM for VM to 1024
as 512 is not sufficient to run Guix installation
on Fedora.
(fedora-qcow2): New variable.
(%test-fedora-install): New variable.
Change-Id: Ib247a174dfea8630d830763410391077516a8c16
Merges: #5007
This one is a bit more complicated than the other ones, because the qcow2
image is too small to hold the tarball contents. So I have decided to add in
logic to resize the qemu img, the partition and the filesystem.
* gnu/tests/foreign.scm
(ubuntu-qcow2): New variable.
(ubuntu-uidmap-deb-file): New variable.
(ubuntu-libsuid4-deb-file): New variable.
(%test-ubuntu-install): New variable.
Change-Id: Ib705cfe0aeab5e6ede284b8eff06483aea617349e
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Merges: #4997
Change-Id: I17472d160665fa4965d1c1ee00d671746bd5fb74
* gnu/tests/foreign.scm
(qcow-image-with-marionette): Add resize-image and
resize-proc to resize the image, the partition and the file system.
(resize-ext4-partition): New variable.
(run-foreign-install-test): Add resize-image and resize-proc; Pass them to
qcow-image-with-marionette.
Change-Id: I92dbe0cdcafb5ff0a0b6c3e9b96205b4ad9d10e8
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
This is a followup to d5cf3b5def.
* doc/guix.texi (Upgrading Guix): Use markup for commands.
Change-Id: I0b751ddc7f0e8e57813be23c809c23ade1e6cbd1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Merges: #5724
* doc/guix.texi (Binary Installation): Link to the script upfront rather than
in a footnote.
Change-Id: Icd89d0e9bb0c701b6b956ce214015e5466299bf3
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
* doc/guix.texi (Binary Installation): Move paragraphs about ‘guix’ packages
of other distros to the bottom.
Change-Id: Ie7c3484e40fb0dbe502e81f17e2d74b7afa0e777
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
This reverts 0f9fe721be.
The rationale is that there’s no reason to single out Parabola and, more
importantly, it obscures the message of this section.
* doc/guix.texi (Binary Installation): Remove Parabola instructions.
Change-Id: Ib7b2b0629d8e3a90cd09705cc2dcde15df8f51a2
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
* gnu/services/desktop.scm
(desktop-services-for-system): Use gdm on all 64-bit systems.
* gnu/services/xorg.scm (set-xorg-configuration): Adapt to
desktop-services-for-system change.
* gnu/system/examples/desktop.tmpl: Determine the support of Gnome by checking
for supported package.
Fixes: #5388
Change-Id: I0d512a7c31188cea0335e66f00a6d65ae59d09a4
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
