mirror/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-04-25 21:21:19 +02:00
Code Issues Projects Releases Packages Wiki Activity
Transactional package manager, declarative GNU/Linux distribution, reproducible deployment tool, and more! https://guix.gnu.org
185,666 commits 75 branches 40 tags 763 MiB
  • Scheme 77.8%
  • Tree-sitter Query 19.5%
  • C++ 1.2%
  • Shell 0.7%
  • Makefile 0.4%
  • Other 0.1%
Find a file
Exact
Ian Eure e5e2aaaf55
 gnu: librewolf: Update to 150.0-1. [security-updates] 
Contains fixes for:
CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
CVE-2026-6747: Use-after-free in the WebRTC component
CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs
               component
CVE-2026-6749: Information disclosure due to uninitialized memory in
               the Graphics: Canvas2D component
CVE-2026-6750: Privilege escalation in the Graphics: WebRender
               component
CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs
               component
CVE-2026-6752: Incorrect boundary conditions in the WebRTC component
CVE-2026-6753: Incorrect boundary conditions in the WebRTC component
CVE-2026-6754: Use-after-free in the JavaScript Engine component
CVE-2026-6755: Mitigation bypass in the DOM: postMessage component
CVE-2026-6756: Mitigation bypass in Firefox for Android
CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly
               component
CVE-2026-6758: Use-after-free in the JavaScript: WebAssembly component
CVE-2026-6759: Use-after-free in the Widget: Cocoa component
CVE-2026-6760: Mitigation bypass in the Networking: Cookies component
CVE-2026-6761: Privilege escalation in the Networking component
CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component
CVE-2026-6763: Mitigation bypass in the File Handling component
CVE-2026-6764: Incorrect boundary conditions in the DOM: Device
               Interfaces component
CVE-2026-6765: Information disclosure in the Form Autofill component
CVE-2026-6766: Incorrect boundary conditions in the Libraries
               component in NSS
CVE-2026-6767: Other issue in the Libraries component in NSS
CVE-2026-6768: Mitigation bypass in the Networking: Cookies component
CVE-2026-6769: Privilege escalation in the Debugger component
CVE-2026-6770: Other issue in the Storage: IndexedDB component
CVE-2026-6771: Mitigation bypass in the DOM: Security component
CVE-2026-6772: Incorrect boundary conditions in the Libraries
               component in NSS
CVE-2026-6773: Denial-of-service due to integer overflow in the
               Graphics: WebGPU component
CVE-2026-6774: Mitigation bypass in the DOM: Security component
CVE-2026-6775: Incorrect boundary conditions in the WebRTC component
CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking
               component
CVE-2026-6777: Other issue in the Networking: DNS component
CVE-2026-6778: Invalid pointer in the Audio/Video: Playback component
CVE-2026-6779: Other issue in the JavaScript Engine component
CVE-2026-6780: Denial-of-service in the Audio/Video: Playback
               component
CVE-2026-6781: Denial-of-service in the Audio/Video: Playback
               component
CVE-2026-6782: Information disclosure in the IP Protection component
CVE-2026-6783: Incorrect boundary conditions, integer overflow in the
               Audio/Video: Playback component
CVE-2026-6784: Memory safety bugs fixed in Firefox 150 and Thunderbird
               150
CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox
               ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and
               Thunderbird 150
CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10,
               Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

* gnu/packages/patches/librewolf-150.0-encoding_rs-rust-fix.patch: New file.
* gnu/local.mk: Add new patch to dist_patch_DATA.
* gnu/packages/librewolf.scm (make-librewolf-source): Apply new patch.
* gnu/packages/librewolf.scm (librewolf): Update to 150.0-1.
[arguments #:phases use-mozzarella]: Update Mozzarella URLs.  Fixes #1923.

Change-Id: I7696abc0ac44d689190d9ef1e12704905c11d431
2026-04-25 09:50:42 -07:00
.forgejo .forgejo: pull_request_template: Compute closure size increase. 2026-04-01 10:46:10 +02:00
.mumi Add mumi config. 2023-04-24 15:32:54 +01:00
build-aux tests: keys: Moving to openpgp subdirectory. 2026-04-10 14:55:04 +09:00
doc doc: Add a note reminder to checkout the correct tag for rust crates. 2026-04-23 14:33:58 +02:00
etc teams: rust: Improve audit-rust-crates script. 2026-04-21 17:05:52 +03:00
gnu gnu: librewolf: Update to 150.0-1. [security-updates] 2026-04-25 09:50:42 -07:00
guix publish: Ignore ‘--advertise’ and warn when listening to localhost. 2026-04-24 22:58:43 +02:00
m4 doc, gnu: Update URL of several packages formerly at notabug.org. 2026-03-14 12:14:49 +01:00
nix daemon: Dereference symlinks for /etc/services & co. 2026-03-29 22:20:58 +02:00
po gnu: Move bincfg, ifdtool and intelmetool to coreboot.scm. 2026-04-12 20:19:35 +02:00
scripts
tests tests: style: Fix tests for guile > 3.0.9. 2026-04-24 22:57:49 +02:00
.codespellrc Add codespell hint file. 2025-09-08 10:03:39 +03:00
.dir-locals.el .dir-locals: Add with-fluids indentation rule. 2026-04-10 14:45:44 +09:00
.editorconfig .editorconfig: Adjust max_line_length to 80 columns. 2025-04-26 20:40:02 +09:00
.gitattributes Add git configuration templates to improve diff hunk header detection. 2021-10-14 00:24:34 +02:00
.gitignore etc: Add AppArmor profile for the daemon. 2025-12-22 22:48:57 +01:00
.guix-authorizations .guix-authorizations: Authorise Nguyễn Gia Phong's key. 2026-03-29 01:00:00 +01:00
.guix-channel maint: Change main repository URL to git.guix.gnu.org. 2025-05-23 11:19:07 +02:00
.mailmap Update Nguyễn Gia Phong's new email address. 2025-12-18 17:16:43 +00:00
.patman gnu: patman: Apply patch for new Change-Id setting. 2023-10-22 16:09:04 -04:00
AUTHORS
bootstrap maint: Generate doc/version[-LANG].texi using `mdate-from-git.scm'. 2024-04-19 16:45:41 +02:00
ChangeLog
CODE-OF-CONDUCT CODE-OF-CONDUCT: Add a top notice. 2022-03-01 13:18:01 -05:00
CODEOWNERS teams: embedded: adopt gnu/packages/coreboot.scm. 2026-04-20 13:33:18 +03:00
config-daemon.ac daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
configure.ac serialization: Use ‘bytevector-slice’ from Guile >= 3.0.9. 2026-01-27 13:01:14 +01:00
COPYING
gnu.scm
guix.scm guix: Really export 'define-public'. 2022-07-12 01:17:45 +02:00
HACKING
Makefile.am guix: Implement fossil-download. 2026-04-15 23:10:25 +02:00
manifest.scm manifest.scm: Handle unsupported packages gracefully. 2026-02-18 17:51:19 +09:00
NEWS guix: Implement fossil-download. 2026-04-15 23:10:25 +02:00
README README: Adjust for Codeberg's org mode parser. 2025-09-18 15:07:27 +09:00
README.org maint: Add README.org symlink pointing to README. 2025-05-27 14:48:07 +08:00
ROADMAP The #guix channel is hosted by Libera Chat. 2021-05-20 01:58:04 +02:00
THANKS Thank Christine under her updated name. 2021-09-12 22:52:58 -04:00
TODO doc: Fix some misspellings. 2025-02-19 11:28:40 +02:00

README.org

-- mode: org --

GNU Guix (IPA: ɡiːks) is a purely functional package manager, and associated free software distribution, for the GNU system. In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection.

It provides Guile Scheme APIs, including a high-level embedded domain-specific languages (EDSLs) to describe how packages are to be built and composed.

GNU Guix can be used on top of an already-installed GNU/Linux distribution, or it can be used standalone (we call that “Guix System”).

Guix is based on the Nix package manager.

Requirements

If you are building Guix from source, please see the manual for build instructions and requirements, either by running:

info -f doc/guix.info "Requirements"

or by checking the web copy of the manual.

Installation

See the manual for the installation instructions, either by running

info -f doc/guix.info "Installation"

or by checking the web copy of the manual.

Building from Git

For information on building Guix from a Git checkout, please see the relevant section in the manual, either by running

info -f doc/guix.info "Building from Git"

or by checking the web_copy of the manual.

How It Works

Guix does the high-level preparation of a derivation. A derivation is the promise of a build; it is stored as a text file under /gnu/store/xxx.drv. The (guix derivations) module provides the `derivation' primitive, as well as higher-level wrappers such as `build-expression->derivation'.

Guix does remote procedure calls (RPCs) to the build daemon (the guix-daemon command), which in turn performs builds and accesses to the store on its behalf. The RPCs are implemented in the (guix store) module.

Contact

GNU Guix is hosted at https://codeberg.org/guix/guix/.

Please email mailto:help-guix@gnu.org for questions. Bug reports should be submitted via https://codeberg.org/guix/guix/issues/. Email mailto:gnu-system-discuss@gnu.org for general issues regarding the GNU system.

Join #guix on irc.libera.chat.

Guix & Nix

GNU Guix is based on the Nix package manager. It implements the same package deployment paradigm, and in fact it reuses some of its code. Yet, different engineering decisions were made for Guix, as described below.

Nix is really two things: a package build tool, implemented by a library and daemon, and a special-purpose programming language. GNU Guix relies on the former, but uses Scheme as a replacement for the latter.

Using Scheme instead of a specific language allows us to get all the features and tooling that come with Guile (compiler, debugger, REPL, Unicode, libraries, etc.) And it means that we have a general-purpose language, on top of which we can have embedded domain-specific languages (EDSLs), such as the one used to define packages. This broadens what can be done in package recipes themselves, and what can be done around them.

Technically, Guix makes remote procedure calls to the nix-worker daemon to perform operations on the store. At the lowest level, Nix “derivations” represent promises of a build, stored in .drv files in the store. Guix produces such derivations, which are then interpreted by the daemon to perform the build. Thus, Guix derivations can use derivations produced by Nix (and vice versa).

With Nix and the Nixpkgs distribution, package composition happens at the Nix language level, but builders are usually written in Bash. Conversely, Guix encourages the use of Scheme for both package composition and builders. Likewise, the core functionality of Nix is written in C++ and Perl; Guix relies on some of the original C++ code, but exposes all the API as Scheme.

Related software

  • Nix, Nixpkgs, and NixOS, functional package manager and associated software distribution, are the inspiration of Guix
  • GNU Stow builds around the idea of one directory per prefix, and a symlink tree to create user environments
  • STORE shares the same idea
  • GNOME's OSTree allows bootable system images to be built from a specified set of packages
  • The GNU Source Release Collection (GSRC) is a user-land software distribution; unlike Guix, it relies on core tools available on the host system

Copyright Notices

GNU Guix is made available under the GNU GPL version 3 or later license, and authors retain their copyright. For copyright notices, we adhere to the guidance documented in (info "(maintain) Copyright Notices"), and explicitly allow ranges instead of individual years. Here's an example of the preferred style used for copyright notices in source file headers:

Copyright © 2019-2023, 2025 Your Name <your@email.com>

Meaning there were copyright-able changes made for the years 2019, 2020, 2021, 2022, 2023 and 2025.