echosa/gist:64e78d1033f61535e1ad0069dc8228e8 Secret

## gistfile1.txt
Generation 1	Mar 16 2021 14:50:54
  guix 109f584
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
Generation 2	Mar 16 2021 15:14:10
  guix 109f584
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
Generation 3	Mar 17 2021 09:24:14
  guix d79d63e
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: d79d63e7829d53f6a501d8df7e264ff70033abca
  1 new package: lolcode-lci
  5 packages upgraded: emacs-marginalia@0.4, gnome-autoar@0.3.1,
    komikku@0.27.0, meson@0.57.1, tig@2.5.3
Generation 4	Mar 19 2021 13:05:15
  guix 1ab03fb
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 1ab03fb74505458e7754dce338a5da29dc754d80
  5 new packages: countdown, dragon-drop, emacs-kotlin-mode,
    libucl, psi
  28 packages upgraded: bind@9.16.13, busybox@1.33.0,
    cpupower@5.11.7, dhewm3@1.5.1, di@4.49, elixir@1.11.4,
    emacs-flymake-shellcheck@0.1-1.ac534e9, emacs-leaf@4.4.4, freefall@5.11.7,
    goffice@0.10.49, guile2.2-guix@1.2.0-17.ec7fb66, guix@1.2.0-17.ec7fb66,
    java-openmpi@4.1.0, linux-libre-bpf@5.11.7, linux-libre-headers@5.11.7,
    linux-libre@5.11.7, openmpi-thread-multiple@4.1.0, openmpi@4.1.0,
    perf@5.11.7, ruby-kramdown@2.3.1, srt2vtt@0.2, swi-prolog@8.3.20,
    tmon@5.11.7, turbostat@5.11.7, ungoogled-chromium-wayland@89.0.4389.90-1,
    ungoogled-chromium@89.0.4389.90-1, vis@0.7, x86-energy-perf-policy@5.11.7

News for channel 'guix'
  Update on previous `guix-daemon' local privilege escalation
    commit 9ade2b720af91acecf76278b4d9b99ace406781e

    The previous news item described a potential local privilege escalation in
    `guix-daemon', and claimed that systems with the Linux ``protected
    hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt) feature
    enabled were unaffected by the vulnerability.

    This is not entirely correct.  Exploiting the bug on such systems is harder,
    but not impossible.  To avoid unpleasant surprises, all users are advised to
    upgrade `guix-daemon'.  Run `info "(guix) Upgrading Guix"' for info on how
    to do that.  See
    `https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-gu
    ix-daemon/' for more information on this bug.
  Risk of local privilege escalation via `guix-daemon'
    commit ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf

    A security vulnerability that can lead to local privilege escalation has
    been found in `guix-daemon'.  It affects multi-user setups in which
    `guix-daemon' runs locally.

    It does _not_ affect multi-user setups where `guix-daemon' runs on a
    separate machine and is accessed over the network, via `GUIX_DAEMON_SOCKET',
    as is customary on cluster setups.  Machines where the Linux ``protected
    hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt) feature
    is enabled, which is common, are also unaffected---this is the case when the
    contents of `/proc/sys/fs/protected_hardlinks' are `1'.

    The attack consists in having an unprivileged user spawn a build process,
    for instance with `guix build', that makes its build directory
    world-writable.  The user then creates a hardlink within the build directory
    to a root-owned file from outside of the build directory, such as
    `/etc/shadow'.  If the user passed the `--keep-failed' option and the build
    eventually fails, the daemon changes ownership of the whole build tree,
    including the hardlink, to the user.  At that point, the user has write
    access to the target file.

    You are advised to upgrade `guix-daemon'.  Run `info "(guix) Upgrading
    Guix"', for info on how to do that.  See `https://issues.guix.gnu.org/47229'
    for more information on this bug.

Generation 5	Mar 22 2021 09:17:16
  guix ee4fc3b
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: ee4fc3b662994e9d041027c4d0799a173a12d35a
  30 new packages: fzf, git2cl, go-github-com-akosmarton-papipes,
    go-github-com-kisielk-gotool, go-github-com-mesilliac-pulse-simple,
    go-github-com-pborman-getopt, go-go-uber-org-atomic,
    go-go-uber-org-multierr, go-go-uber-org-zap, go-golang-org-x-lint,
    go-honnef-co-go-tools, guile-quickcheck, julia-benchmarktools,
    julia-bufferedstreams, julia-http, julia-inifile, julia-jllwrappers,
    julia-mbedtls, julia-mbedtls-jll, julia-uris, kappanhang, movim-desktop,
    psi-plus, qhttp, qite, r-chromstar, r-chromstardata, r-lsa, r-signac,
    usrsctp
  48 packages upgraded: abseil-cpp@20200923.3, balsa@2.6.2,
    cpupower@5.11.8, drumkv1@0.9.21, emacs-ebuild-mode@1.52, emilua@0.3.0,
    fet@5.49.1, fluidsynth@2.1.8, freefall@5.11.8, gnumeric@1.12.49,
    guile-lib@0.2.7, guile2.0-lib@0.2.7, guile2.2-lib@0.2.7, haveged@1.9.14,
    inxi-minimal@3.3.03-1, inxi@3.3.03-1, jasper@2.0.27, linux-libre-bpf@5.11.8,
    linux-libre-headers@5.11.8, linux-libre@5.11.8, mbpfan@2.2.1, msmtp@1.8.15,
    nyxt@2-pre-release-6, oil@0.8.8, openresolv@3.12.0, padthv1@0.9.21,
    perf@5.11.8, perl-net-http@6.21, poke@1.1, python-httpretty@1.0.5,
    python-pikepdf@2.9.1, python-pygithub@1.54.1, qtractor@0.9.21,
    rng-tools@6.12, rust-syn@1.0.64, samplv1@0.9.21, sbcl@2.1.2, synthv1@0.9.21,
    tmon@5.11.8, turbostat@5.11.8, vim-full@8.2.2632, vim@8.2.2632, wcslib@7.5,
    webkitgtk@2.30.6, x86-energy-perf-policy@5.11.8, xfsprogs@5.11.0,
    xxd@8.2.2632, youtube-dl@2021.03.14
Generation 6	Mar 23 2021 10:44:55
  guix 5802858
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 5802858be335c945a80eb4d3528cc3cd55f2bbbe
  4 new packages: disarchive, emacs-ivy-avy, emacs-ivy-hydra,
    emacs-password-store-otp
  24 packages upgraded: borg@1.1.16, celluloid@0.21, cgal@5.2.1,
    cuirass@1.0.0-2.6f4a203, diffoscope@170, efibootmgr@17, emacs-auctex@13.0.5,
    fcitx5-qt@5.0.5, gtk-layer-shell@0.6.0, libime@1.0.5, man-pages@5.11,
    minetest-mineclone@0.71.0, minetest@5.4.0, mpg123@1.26.5,
    perl-moosex-getopt@0.75, python-duniterpy@0.62.0, rpm@4.16.1.3,
    rust-env-logger@0.8.3, wesnoth-server@1.14.16, wesnoth@1.14.16,
    wildmidi@0.4.4, xcb-imdkit@1.0.3, xchm@1.32, yggdrasil@0.3.16
Generation 7	Mar 23 2021 16:34:52
  guix aa13529
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: aa13529baf498362b5d0c2310d1349692f71a260
  2 new packages: libheif, snapcast
  7 packages upgraded: giac@1.7.0-1,
    icecat@78.9.0-guix0-preview1, parallel@20210322, rust-beef@0.5.0,
    rust-time@0.2.23, rust-tuikit@0.4.5, skim@0.9.4
Generation 8	Mar 24 2021 09:25:27
  guix 55685e4
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 55685e45be072b8b688f5a2bda4fc68147febd3f
  5 new packages: cbonsai, java-mxparser, java-xmlpull-api-v1,
    libdecaf, python-pylibacl
  7 packages upgraded: bcunit@3.0.2-0.74021cc,
    bitcoin-core@0.21.0, ccache@4.2, gnuradio-iqbalance@0.38.2-0.fbee239,
    gnuradio-osmosdr@0.2.3-0.a100eb0, gnuradio@3.9.0.0, java-xstream@1.4.16
Generation 9	Mar 25 2021 08:36:11
  guix 3f1b2bd
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5
  9 new packages: cl-html-template, cl-quickproject, drawing,
    ecl-html-template, ecl-quickproject, emacs-vterm-toggle, gsequencer,
    sbcl-html-template, sbcl-quickproject
  15 packages upgraded: cpupower@5.11.9, emacs-git-gutter@0.91,
    exo@4.16.1, freefall@5.11.9, linux-libre-bpf@5.11.9,
    linux-libre-headers@5.11.9, linux-libre@5.11.9, perf@5.11.9, thunar@4.16.6,
    tmon@5.11.9, turbostat@5.11.9, x86-energy-perf-policy@5.11.9,
    xfce4-battery-plugin@1.1.4, xfce4-netload-plugin@1.4.0,
    xfce4-systemload-plugin@1.3.1
Generation 10	Apr 07 2021 14:38:16	(current)
  guix 02297d3
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 02297d3fe680371a4b97b9c1b770932cbdd55615
  106 new packages: build, camlidl, cfm, cl-bodge-math,
    cl-bodge-utilities, cl-conspack, cl-cpus, cl-opengl, cl-rtg-math, cl-shadow,
    cl-umbra, cli, dream, ecl-bodge-math, ecl-bodge-utilities, ecl-cl-conspack,
    ecl-cl-cpus, ecl-cl-opengl, ecl-rtg-math, ecl-shadow, ecl-umbra,
    emacs-cascading-dir-locals, emacs-julia-repl, emacs-julia-snail,
    emacs-nice-citation, emacs-relative-buffers, emacs-sdcv, emacs-showtip,
    entt, go-gitlab.com-shackra-goimapnotify, gpart, guile-imanifest, hikari,
    interception-dual-function-keys, interception-tools, jami-gnome, jami-qt,
    julia-abstractffts, julia-calculus, julia-chainrules, julia-chainrulescore,
    julia-chainrulestestutils, julia-colors, julia-colortypes,
    julia-commonsubexpressions, julia-compilersupportlibraries-jll,
    julia-constructionbase, julia-diffresults, julia-diffrules, julia-difftests,
    julia-example, julia-fillarrays, julia-finitedifferences, julia-forwarddiff,
    julia-irtools, julia-macrotools, julia-nanmath, julia-openspecfun-jll,
    julia-reexport, julia-requires, julia-richardson, julia-specialfunctions,
    julia-staticarrays, julia-unitful, julia-zygote, julia-zygoterules, libcutl,
    librasterlite2, libxlsxwriter, libxsd-frontend, lime, linphone-desktop,
    mandoc, node-wrappy, opensmtpd-filter-rspamd, pt-scotch-shared,
    python-flake8-continuation, python-flake8-quotes, python-matrix-client,
    python-smartypants, python-typogrify, python-urwid-readline, python-zulip,
    r-gsa, r-samr, rust-endian-type, rust-hamcrest2, rust-nibble-vec,
    rust-radix-trie, sbcl-bodge-math, sbcl-bodge-utilities, sbcl-cl-conspack,
    sbcl-cl-cpus, sbcl-cl-opengl, sbcl-rtg-math, sbcl-shadow, sbcl-umbra,
    scotch-shared, texlive-bera, texlive-fontaxes, texlive-fourier,
    texlive-mathdesign, texlive-utopia, welle-io, xsd, zulip-term
  270 packages upgraded: american-fuzzy-lop@2.57b, asio@1.18.1,
    autocutsel@0.10.1, autofs@5.1.7, avidemux@2.7.8, babl@0.1.86,
    bcachefs-static@0.1-4.bb6eccc, bcachefs-tools-static@0.1-4.bb6eccc,
    bcachefs-tools@0.1-4.bb6eccc, bctoolbox@4.4.34, belcard@4.4.34,
    belle-sip@4.4.34, belr@4.4.34, bitcoin-unlimited@1.9.1.1, butt@0.1.29,
    bzrtp@4.4.34, ccls@0.20201219, cl-golden-utils@0.0.0-2.62a5cb9,
    cl-ironclad@0.55, cl-postmodern@1.32.9, cl-webkit@2.4-13.db85563,
    containerd@1.4.4, corkscrew@2.0-0.268b71e, cpupower@5.11.11, crypto++@8.5.0,
    cryptsetup-static@2.3.5, cryptsetup@2.3.5, cuirass@1.0.0-7.1b35a77,
    curl@7.76.0, di@4.50, diffoscope@172, doctest@2.4.6, drumstick@2.1.1,
    ecl-cl-webkit@2.4-13.db85563, ecl-golden-utils@0.0.0-2.62a5cb9,
    ecl-ironclad@0.55, ecl-postmodern@1.32.9,
    emacs-all-the-icons-dired@1.0-2.fc2dfa1, emacs-auctex@13.0.6,
    emacs-ggtags@0.9.0, emacs-gif-screencast@1.2,
    emacs-imenu-list@0.9-1.b502223, emacs-minimal@27.2, emacs-no-x-toolkit@27.2,
    emacs-no-x@27.2, emacs-ob-sclang@20210329, emacs-org-contrib@20210329,
    emacs-org-roam@1.2.3-0.8ad57b1, emacs-org@9.4.5, emacs-posframe@0.9.0,
    emacs-tramp@2.5.0.3, emacs-wide-int@27.2, emacs-xwidgets@27.2, emacs@27.2,
    facter@4.0.52, fetchmail@6.4.18, flite@2.2, foo2zjs@20200610.1,
    freefall@5.11.11, gegl@0.4.28, git-annex@8.20210330, git-lfs@2.13.3,
    git-minimal@2.31.1, git@2.31.1, gnu-efi@3.0.13,
    go-github-com-sirupsen-logrus@1.8.1, gphoto2@2.5.27, gptfdisk@1.0.7,
    gramps@5.1.3, grokmirror@2.0.8, guile2.2-guix@1.2.0-19.8f9052d,
    guix-build-coordinator@0-21.6e7e63f, guix-data-service@0.0.1-26.410f58c,
    guix@1.2.0-19.8f9052d, hnsd@1.0.0, icedove-wayland@78.9.0, icedove@78.9.0,
    ilmbase@2.5.5, imagemagick@6.9.12-4, ircii@20210314, knot-resolver@5.3.1,
    knot@3.0.5, krita@4.4.3, libaom@3.0.0, libgphoto2@2.5.27,
    libinstpatch@1.1.6, liblinphone@4.4.34, libpano13@2.9.20_rc3,
    libring@20210326.1.cfba013, libringclient@20210326.1.cfba013,
    librsvg@2.50.3, libupnp@1.14.4, libvirt-glib@4.0.0, libvirt@7.2.0,
    links@2.22, linux-libre-bpf@5.11.11, linux-libre-headers@5.11.11,
    linux-libre@5.11.11, lldpd@1.0.9, mame@0.230, mediastreamer2@4.4.34,
    mgba@0.9.0, minicom@2.8, mousepad@0.5.4, mpop@1.4.13, mpv@0.33.1,
    msamr@1.1.3-0.5ab5c09, msopenh264@1.2.1-0.88697cc, mssilk@1.1.1-0.dd0f31e,
    mswebrtc@1.1.1-0.946ca70, mumi@0.0.1-5.9f070bd, neomutt@20210205,
    nettle@3.7.2, nginx-documentation@1.19.9-2696-f85798c1c70a, nginx@1.19.9,
    nnn@3.6, node@14.16.0, nq@0.4, ntl@11.4.4, nushell@0.29.0, nyacc@1.03.6,
    opendht@2.2.0rc4, openexr@2.5.5, openssl@1.1.1k, ortp@4.4.34,
    pam-mount@2.18, perf@5.11.11, perl-crypt-rijndael@1.16,
    perl-data-validate-ip@0.30, perl-digest-hmac@1.04, perl-moose@2.2015,
    perl-net-cidr-lite@0.22, perl-net-dns@1.30, perl-params-util@1.102,
    perl-path-tiny@0.118, perl-pdf-api2@2.039, perl-scalar-list-utils@1.56,
    perl-test-output@1.033, pidgin@2.14.2, pjproject@2.11, plink-ng@2.00a2.3,
    psm2@11.2.185, python-astor@0.8.1, python-backcall@0.2.0,
    python-beautifulsoup4@4.9.3, python-django@3.1.8, python-dropbox@11.5.0,
    python-flake8@3.9.0, python-icalendar@4.0.7, python-ipaddress@1.0.23,
    python-libvirt@7.2.0, python-pikepdf@2.10.0, python-poppler-qt5@21.1.0,
    python-pycodestyle@2.7.0, python-pyflakes@2.3.1, python-pyserial@3.5,
    python-pytest-flake8@1.0.7, python-pytz@2021.1, python-pytzdata@2020.1,
    python-pyzmq@22.0.3, python-soupsieve@2.2.1, python-tabulate@0.8.9,
    python-toml@0.10.2, python-tornado@6.1, python-urwid@2.1.2,
    python2-astor@0.8.1, python2-beautifulsoup4@4.9.3, python2-flake8@3.9.0,
    python2-ipaddress@1.0.23, python2-libvirt@7.2.0, python2-pycodestyle@2.7.0,
    python2-pyflakes@2.3.1, python2-pyserial@3.5, python2-pytz@2021.1,
    python2-pytzdata@2020.1, python2-pyzmq@22.0.3, python2-tabulate@0.8.9,
    qrencode@4.1.1, quickjs@2021-03-27, restbed@4.7, restinio@0.6.13,
    rtl8812au-aircrack-ng-linux-module@5.6.4.2-4.059e06a, runc@1.0.0-rc93,
    rust-lopdf@0.26.0, rust-nix@0.20.0, rust-nu-ansi-term@0.29.0,
    rust-nu-cli@0.29.0, rust-nu-command@0.29.0, rust-nu-data@0.29.0,
    rust-nu-engine@0.29.0, rust-nu-errors@0.29.0, rust-nu-json@0.29.0,
    rust-nu-parser@0.29.0, rust-nu-plugin-binaryview@0.29.0,
    rust-nu-plugin-chart@0.29.0, rust-nu-plugin-fetch@0.29.0,
    rust-nu-plugin-from-bson@0.29.0, rust-nu-plugin-from-sqlite@0.29.0,
    rust-nu-plugin-inc@0.29.0, rust-nu-plugin-match@0.29.0,
    rust-nu-plugin-post@0.29.0, rust-nu-plugin-ps@0.29.0,
    rust-nu-plugin-s3@0.29.0, rust-nu-plugin-selector@0.29.0,
    rust-nu-plugin-start@0.29.0, rust-nu-plugin-sys@0.29.0,
    rust-nu-plugin-textview@0.29.0, rust-nu-plugin-to-bson@0.29.0,
    rust-nu-plugin-to-sqlite@0.29.0, rust-nu-plugin-tree@0.29.0,
    rust-nu-plugin-xpath@0.29.0, rust-nu-plugin@0.29.0, rust-nu-protocol@0.29.0,
    rust-nu-source@0.29.0, rust-nu-stream@0.29.0, rust-nu-table@0.29.0,
    rust-nu-test-support@0.29.0, rust-nu-value-ext@0.29.0, rust-rand-core@0.6.2,
    rust-rocket-codegen@0.4.7, rust-rocket-http@0.4.7, rust-rocket@0.4.7,
    rust-rustyline@8.0.0, rust-smallvec@1.6.1, rust@1.51.0, saga@7.9.0,
    sbcl-cl-webkit@2.4-13.db85563, sbcl-golden-utils@0.0.0-2.62a5cb9,
    sbcl-ironclad@0.55, sbcl-postmodern@1.32.9, sbcl@2.1.3, sg3-utils@1.46,
    skopeo@1.2.2, spatialite-gui@2.1.0-beta1, spdlog@1.8.5, sqlite@3.32.3,
    strawberry@0.9.2, stunnel@5.59, suitesparse@5.9.0, svt-hevc@1.5.0,
    synapse@1.29.0, terminator@2.1.1, tippecanoe@1.36.0, tmon@5.11.11,
    turbostat@5.11.11, txr@255, tzdata@2021a, ugrep@3.1.11, umoci@0.4.7,
    urlscan@0.9.6, vim-asyncrun@2.8.5, vim-full@8.2.2689, vim@8.2.2689,
    vips@8.10.6, virt-manager@3.2.0, vmpk@0.8.2, vsftpd@3.0.3-32.el8, vtk@9.0.1,
    wavpack@5.4.0, waybar@0.9.5, webkitgtk@2.32.0, wireguard-tools@1.0.20210315,
    wla-dx@9.12, wsjtx@2.3.1, x86-energy-perf-policy@5.11.11, xscreensaver@5.45,
    xxd@8.2.2689, youtube-dl@2021.04.01, zabbix-agentd@5.2.6,
    zabbix-server@5.2.6

News for channel 'guix'
  Risk of local privilege escalation during user account creation
    commit 2161820ebbbab62a5ce76c9101ebaec54dc61586

    A security vulnerability that can lead to local privilege escalation has
    been found in the code that creates user accounts on Guix System---Guix on
    other distros is unaffected.  The system is only vulnerable during the
    activation of user accounts that do not already exist.

    This bug is fixed and Guix System users are advised to upgrade their system,
    with a command along the lines of:

         guix system reconfigure /run/current-system/configuration.scm

    The attack can happen when `guix system reconfigure' is running.  Running
    `guix system reconfigure' can trigger the creation of new user accounts if
    the configuration specifies new accounts.  If a user whose account is being
    created manages to log in after the account has been created but before
    ``skeleton files'' copied to its home directory have the right ownership,
    they may, by creating an appropriately-named symbolic link in the home
    directory pointing to a sensitive file, such as `/etc/shadow', get root
    privileges.

    See `https://issues.guix.gnu.org/47584' for more information on this bug.
  New supported platform: powerpc64le-linux
    commit e52ec6c64a17a99ae4bb6ff02309067499915b06

    A new platform, powerpc64le-linux, has been added for little-endian 64-bit
    Power ISA processors using the Linux-Libre kernel.  This includes POWER9
    systems such as the RYF Talos II mainboard
    (https://www.fsf.org/news/talos-ii-mainboard-and-talos-ii-lite-mainboard-now
    -fsf-certified-to-respect-your-freedom).  This platform is available as a
    "technology preview": although it is supported, substitutes are not yet
    available from the build farm, and some packages may fail to build.  In
    addition, Guix System is not yet available on this platform.  That said, the
    Guix community is actively working on improving this support, and now is a
    great time to try it and get involved!
	Generation 1 Mar 16 2021 14:50:54
	guix 109f584
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
	Generation 2 Mar 16 2021 15:14:10
	guix 109f584
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
	Generation 3 Mar 17 2021 09:24:14
	guix d79d63e
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: d79d63e7829d53f6a501d8df7e264ff70033abca
	1 new package: lolcode-lci
	5 packages upgraded: emacs-marginalia@0.4, gnome-autoar@0.3.1,
	komikku@0.27.0, meson@0.57.1, tig@2.5.3
	Generation 4 Mar 19 2021 13:05:15
	guix 1ab03fb
	repository URL: https://git.savannah.gnu.org/git/guix.git
	commit: 1ab03fb74505458e7754dce338a5da29dc754d80
	5 new packages: countdown, dragon-drop, emacs-kotlin-mode,
	libucl, psi
	28 packages upgraded: bind@9.16.13, busybox@1.33.0,
	cpupower@5.11.7, dhewm3@1.5.1, di@4.49, elixir@1.11.4,
	emacs-flymake-shellcheck@0.1-1.ac534e9, emacs-leaf@4.4.4, freefall@5.11.7,
	goffice@0.10.49, guile2.2-guix@1.2.0-17.ec7fb66, guix@1.2.0-17.ec7fb66,
	java-openmpi@4.1.0, linux-libre-bpf@5.11.7, linux-libre-headers@5.11.7,
	linux-libre@5.11.7, openmpi-thread-multiple@4.1.0, openmpi@4.1.0,
	perf@5.11.7, ruby-kramdown@2.3.1, srt2vtt@0.2, swi-prolog@8.3.20,
	tmon@5.11.7, turbostat@5.11.7, ungoogled-chromium-wayland@89.0.4389.90-1,
	ungoogled-chromium@89.0.4389.90-1, vis@0.7, x86-energy-perf-policy@5.11.7

	News for channel 'guix'
	Update on previous `guix-daemon' local privilege escalation
	commit 9ade2b720af91acecf76278b4d9b99ace406781e

	The previous news item described a potential local privilege escalation in
	`guix-daemon', and claimed that systems with the Linux ``protected
	hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt) feature
	enabled were unaffected by the vulnerability.

	This is not entirely correct. Exploiting the bug on such systems is harder,
	but not impossible. To avoid unpleasant surprises, all users are advised to
	upgrade `guix-daemon'. Run `info "(guix) Upgrading Guix"' for info on how
	to do that. See
	`https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-gu
	ix-daemon/' for more information on this bug.
	Risk of local privilege escalation via `guix-daemon'
	commit ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf

	A security vulnerability that can lead to local privilege escalation has
	been found in `guix-daemon'. It affects multi-user setups in which
	`guix-daemon' runs locally.

	It does _not_ affect multi-user setups where `guix-daemon' runs on a
	separate machine and is accessed over the network, via `GUIX_DAEMON_SOCKET',
	as is customary on cluster setups. Machines where the Linux ``protected
	hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt) feature
	is enabled, which is common, are also unaffected---this is the case when the
	contents of `/proc/sys/fs/protected_hardlinks' are `1'.

	The attack consists in having an unprivileged user spawn a build process,
	for instance with `guix build', that makes its build directory
	world-writable. The user then creates a hardlink within the build directory
	to a root-owned file from outside of the build directory, such as
	`/etc/shadow'. If the user passed the `--keep-failed' option and the build
	eventually fails, the daemon changes ownership of the whole build tree,
	including the hardlink, to the user. At that point, the user has write
	access to the target file.

	You are advised to upgrade `guix-daemon'. Run `info "(guix) Upgrading
	Guix"', for info on how to do that. See `https://issues.guix.gnu.org/47229'
	for more information on this bug.

	Generation 5 Mar 22 2021 09:17:16
	guix ee4fc3b
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: ee4fc3b662994e9d041027c4d0799a173a12d35a
	30 new packages: fzf, git2cl, go-github-com-akosmarton-papipes,
	go-github-com-kisielk-gotool, go-github-com-mesilliac-pulse-simple,
	go-github-com-pborman-getopt, go-go-uber-org-atomic,
	go-go-uber-org-multierr, go-go-uber-org-zap, go-golang-org-x-lint,
	go-honnef-co-go-tools, guile-quickcheck, julia-benchmarktools,
	julia-bufferedstreams, julia-http, julia-inifile, julia-jllwrappers,
	julia-mbedtls, julia-mbedtls-jll, julia-uris, kappanhang, movim-desktop,
	psi-plus, qhttp, qite, r-chromstar, r-chromstardata, r-lsa, r-signac,
	usrsctp
	48 packages upgraded: abseil-cpp@20200923.3, balsa@2.6.2,
	cpupower@5.11.8, drumkv1@0.9.21, emacs-ebuild-mode@1.52, emilua@0.3.0,
	fet@5.49.1, fluidsynth@2.1.8, freefall@5.11.8, gnumeric@1.12.49,
	guile-lib@0.2.7, guile2.0-lib@0.2.7, guile2.2-lib@0.2.7, haveged@1.9.14,
	inxi-minimal@3.3.03-1, inxi@3.3.03-1, jasper@2.0.27, linux-libre-bpf@5.11.8,
	linux-libre-headers@5.11.8, linux-libre@5.11.8, mbpfan@2.2.1, msmtp@1.8.15,
	nyxt@2-pre-release-6, oil@0.8.8, openresolv@3.12.0, padthv1@0.9.21,
	perf@5.11.8, perl-net-http@6.21, poke@1.1, python-httpretty@1.0.5,
	python-pikepdf@2.9.1, python-pygithub@1.54.1, qtractor@0.9.21,
	rng-tools@6.12, rust-syn@1.0.64, samplv1@0.9.21, sbcl@2.1.2, synthv1@0.9.21,
	tmon@5.11.8, turbostat@5.11.8, vim-full@8.2.2632, vim@8.2.2632, wcslib@7.5,
	webkitgtk@2.30.6, x86-energy-perf-policy@5.11.8, xfsprogs@5.11.0,
	xxd@8.2.2632, youtube-dl@2021.03.14
	Generation 6 Mar 23 2021 10:44:55
	guix 5802858
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: 5802858be335c945a80eb4d3528cc3cd55f2bbbe
	4 new packages: disarchive, emacs-ivy-avy, emacs-ivy-hydra,
	emacs-password-store-otp
	24 packages upgraded: borg@1.1.16, celluloid@0.21, cgal@5.2.1,
	cuirass@1.0.0-2.6f4a203, diffoscope@170, efibootmgr@17, emacs-auctex@13.0.5,
	fcitx5-qt@5.0.5, gtk-layer-shell@0.6.0, libime@1.0.5, man-pages@5.11,
	minetest-mineclone@0.71.0, minetest@5.4.0, mpg123@1.26.5,
	perl-moosex-getopt@0.75, python-duniterpy@0.62.0, rpm@4.16.1.3,
	rust-env-logger@0.8.3, wesnoth-server@1.14.16, wesnoth@1.14.16,
	wildmidi@0.4.4, xcb-imdkit@1.0.3, xchm@1.32, yggdrasil@0.3.16
	Generation 7 Mar 23 2021 16:34:52
	guix aa13529
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: aa13529baf498362b5d0c2310d1349692f71a260
	2 new packages: libheif, snapcast
	7 packages upgraded: giac@1.7.0-1,
	icecat@78.9.0-guix0-preview1, parallel@20210322, rust-beef@0.5.0,
	rust-time@0.2.23, rust-tuikit@0.4.5, skim@0.9.4
	Generation 8 Mar 24 2021 09:25:27
	guix 55685e4
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: 55685e45be072b8b688f5a2bda4fc68147febd3f
	5 new packages: cbonsai, java-mxparser, java-xmlpull-api-v1,
	libdecaf, python-pylibacl
	7 packages upgraded: bcunit@3.0.2-0.74021cc,
	bitcoin-core@0.21.0, ccache@4.2, gnuradio-iqbalance@0.38.2-0.fbee239,
	gnuradio-osmosdr@0.2.3-0.a100eb0, gnuradio@3.9.0.0, java-xstream@1.4.16
	Generation 9 Mar 25 2021 08:36:11
	guix 3f1b2bd
	repository URL: https://git.savannah.gnu.org/git/guix.git
	branch: master
	commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5
	9 new packages: cl-html-template, cl-quickproject, drawing,
	ecl-html-template, ecl-quickproject, emacs-vterm-toggle, gsequencer,
	sbcl-html-template, sbcl-quickproject
	15 packages upgraded: cpupower@5.11.9, emacs-git-gutter@0.91,
	exo@4.16.1, freefall@5.11.9, linux-libre-bpf@5.11.9,
	linux-libre-headers@5.11.9, linux-libre@5.11.9, perf@5.11.9, thunar@4.16.6,
	tmon@5.11.9, turbostat@5.11.9, x86-energy-perf-policy@5.11.9,
	xfce4-battery-plugin@1.1.4, xfce4-netload-plugin@1.4.0,
	xfce4-systemload-plugin@1.3.1
	Generation 10 Apr 07 2021 14:38:16 (current)
	guix 02297d3
	repository URL: https://git.savannah.gnu.org/git/guix.git
	commit: 02297d3fe680371a4b97b9c1b770932cbdd55615
	106 new packages: build, camlidl, cfm, cl-bodge-math,
	cl-bodge-utilities, cl-conspack, cl-cpus, cl-opengl, cl-rtg-math, cl-shadow,
	cl-umbra, cli, dream, ecl-bodge-math, ecl-bodge-utilities, ecl-cl-conspack,
	ecl-cl-cpus, ecl-cl-opengl, ecl-rtg-math, ecl-shadow, ecl-umbra,
	emacs-cascading-dir-locals, emacs-julia-repl, emacs-julia-snail,
	emacs-nice-citation, emacs-relative-buffers, emacs-sdcv, emacs-showtip,
	entt, go-gitlab.com-shackra-goimapnotify, gpart, guile-imanifest, hikari,
	interception-dual-function-keys, interception-tools, jami-gnome, jami-qt,
	julia-abstractffts, julia-calculus, julia-chainrules, julia-chainrulescore,
	julia-chainrulestestutils, julia-colors, julia-colortypes,
	julia-commonsubexpressions, julia-compilersupportlibraries-jll,
	julia-constructionbase, julia-diffresults, julia-diffrules, julia-difftests,
	julia-example, julia-fillarrays, julia-finitedifferences, julia-forwarddiff,
	julia-irtools, julia-macrotools, julia-nanmath, julia-openspecfun-jll,
	julia-reexport, julia-requires, julia-richardson, julia-specialfunctions,
	julia-staticarrays, julia-unitful, julia-zygote, julia-zygoterules, libcutl,
	librasterlite2, libxlsxwriter, libxsd-frontend, lime, linphone-desktop,
	mandoc, node-wrappy, opensmtpd-filter-rspamd, pt-scotch-shared,
	python-flake8-continuation, python-flake8-quotes, python-matrix-client,
	python-smartypants, python-typogrify, python-urwid-readline, python-zulip,
	r-gsa, r-samr, rust-endian-type, rust-hamcrest2, rust-nibble-vec,
	rust-radix-trie, sbcl-bodge-math, sbcl-bodge-utilities, sbcl-cl-conspack,
	sbcl-cl-cpus, sbcl-cl-opengl, sbcl-rtg-math, sbcl-shadow, sbcl-umbra,
	scotch-shared, texlive-bera, texlive-fontaxes, texlive-fourier,
	texlive-mathdesign, texlive-utopia, welle-io, xsd, zulip-term
	270 packages upgraded: american-fuzzy-lop@2.57b, asio@1.18.1,
	autocutsel@0.10.1, autofs@5.1.7, avidemux@2.7.8, babl@0.1.86,
	bcachefs-static@0.1-4.bb6eccc, bcachefs-tools-static@0.1-4.bb6eccc,
	bcachefs-tools@0.1-4.bb6eccc, bctoolbox@4.4.34, belcard@4.4.34,
	belle-sip@4.4.34, belr@4.4.34, bitcoin-unlimited@1.9.1.1, butt@0.1.29,
	bzrtp@4.4.34, ccls@0.20201219, cl-golden-utils@0.0.0-2.62a5cb9,
	cl-ironclad@0.55, cl-postmodern@1.32.9, cl-webkit@2.4-13.db85563,
	containerd@1.4.4, corkscrew@2.0-0.268b71e, cpupower@5.11.11, crypto++@8.5.0,
	cryptsetup-static@2.3.5, cryptsetup@2.3.5, cuirass@1.0.0-7.1b35a77,
	curl@7.76.0, di@4.50, diffoscope@172, doctest@2.4.6, drumstick@2.1.1,
	ecl-cl-webkit@2.4-13.db85563, ecl-golden-utils@0.0.0-2.62a5cb9,
	ecl-ironclad@0.55, ecl-postmodern@1.32.9,
	emacs-all-the-icons-dired@1.0-2.fc2dfa1, emacs-auctex@13.0.6,
	emacs-ggtags@0.9.0, emacs-gif-screencast@1.2,
	emacs-imenu-list@0.9-1.b502223, emacs-minimal@27.2, emacs-no-x-toolkit@27.2,
	emacs-no-x@27.2, emacs-ob-sclang@20210329, emacs-org-contrib@20210329,
	emacs-org-roam@1.2.3-0.8ad57b1, emacs-org@9.4.5, emacs-posframe@0.9.0,
	emacs-tramp@2.5.0.3, emacs-wide-int@27.2, emacs-xwidgets@27.2, emacs@27.2,
	facter@4.0.52, fetchmail@6.4.18, flite@2.2, foo2zjs@20200610.1,
	freefall@5.11.11, gegl@0.4.28, git-annex@8.20210330, git-lfs@2.13.3,
	git-minimal@2.31.1, git@2.31.1, gnu-efi@3.0.13,
	go-github-com-sirupsen-logrus@1.8.1, gphoto2@2.5.27, gptfdisk@1.0.7,
	gramps@5.1.3, grokmirror@2.0.8, guile2.2-guix@1.2.0-19.8f9052d,
	guix-build-coordinator@0-21.6e7e63f, guix-data-service@0.0.1-26.410f58c,
	guix@1.2.0-19.8f9052d, hnsd@1.0.0, icedove-wayland@78.9.0, icedove@78.9.0,
	ilmbase@2.5.5, imagemagick@6.9.12-4, ircii@20210314, knot-resolver@5.3.1,
	knot@3.0.5, krita@4.4.3, libaom@3.0.0, libgphoto2@2.5.27,
	libinstpatch@1.1.6, liblinphone@4.4.34, libpano13@2.9.20_rc3,
	libring@20210326.1.cfba013, libringclient@20210326.1.cfba013,
	librsvg@2.50.3, libupnp@1.14.4, libvirt-glib@4.0.0, libvirt@7.2.0,
	links@2.22, linux-libre-bpf@5.11.11, linux-libre-headers@5.11.11,
	linux-libre@5.11.11, lldpd@1.0.9, mame@0.230, mediastreamer2@4.4.34,
	mgba@0.9.0, minicom@2.8, mousepad@0.5.4, mpop@1.4.13, mpv@0.33.1,
	msamr@1.1.3-0.5ab5c09, msopenh264@1.2.1-0.88697cc, mssilk@1.1.1-0.dd0f31e,
	mswebrtc@1.1.1-0.946ca70, mumi@0.0.1-5.9f070bd, neomutt@20210205,
	nettle@3.7.2, nginx-documentation@1.19.9-2696-f85798c1c70a, nginx@1.19.9,
	nnn@3.6, node@14.16.0, nq@0.4, ntl@11.4.4, nushell@0.29.0, nyacc@1.03.6,
	opendht@2.2.0rc4, openexr@2.5.5, openssl@1.1.1k, ortp@4.4.34,
	pam-mount@2.18, perf@5.11.11, perl-crypt-rijndael@1.16,
	perl-data-validate-ip@0.30, perl-digest-hmac@1.04, perl-moose@2.2015,
	perl-net-cidr-lite@0.22, perl-net-dns@1.30, perl-params-util@1.102,
	perl-path-tiny@0.118, perl-pdf-api2@2.039, perl-scalar-list-utils@1.56,
	perl-test-output@1.033, pidgin@2.14.2, pjproject@2.11, plink-ng@2.00a2.3,
	psm2@11.2.185, python-astor@0.8.1, python-backcall@0.2.0,
	python-beautifulsoup4@4.9.3, python-django@3.1.8, python-dropbox@11.5.0,
	python-flake8@3.9.0, python-icalendar@4.0.7, python-ipaddress@1.0.23,
	python-libvirt@7.2.0, python-pikepdf@2.10.0, python-poppler-qt5@21.1.0,
	python-pycodestyle@2.7.0, python-pyflakes@2.3.1, python-pyserial@3.5,
	python-pytest-flake8@1.0.7, python-pytz@2021.1, python-pytzdata@2020.1,
	python-pyzmq@22.0.3, python-soupsieve@2.2.1, python-tabulate@0.8.9,
	python-toml@0.10.2, python-tornado@6.1, python-urwid@2.1.2,
	python2-astor@0.8.1, python2-beautifulsoup4@4.9.3, python2-flake8@3.9.0,
	python2-ipaddress@1.0.23, python2-libvirt@7.2.0, python2-pycodestyle@2.7.0,
	python2-pyflakes@2.3.1, python2-pyserial@3.5, python2-pytz@2021.1,
	python2-pytzdata@2020.1, python2-pyzmq@22.0.3, python2-tabulate@0.8.9,
	qrencode@4.1.1, quickjs@2021-03-27, restbed@4.7, restinio@0.6.13,
	rtl8812au-aircrack-ng-linux-module@5.6.4.2-4.059e06a, runc@1.0.0-rc93,
	rust-lopdf@0.26.0, rust-nix@0.20.0, rust-nu-ansi-term@0.29.0,
	rust-nu-cli@0.29.0, rust-nu-command@0.29.0, rust-nu-data@0.29.0,
	rust-nu-engine@0.29.0, rust-nu-errors@0.29.0, rust-nu-json@0.29.0,
	rust-nu-parser@0.29.0, rust-nu-plugin-binaryview@0.29.0,
	rust-nu-plugin-chart@0.29.0, rust-nu-plugin-fetch@0.29.0,
	rust-nu-plugin-from-bson@0.29.0, rust-nu-plugin-from-sqlite@0.29.0,
	rust-nu-plugin-inc@0.29.0, rust-nu-plugin-match@0.29.0,
	rust-nu-plugin-post@0.29.0, rust-nu-plugin-ps@0.29.0,
	rust-nu-plugin-s3@0.29.0, rust-nu-plugin-selector@0.29.0,
	rust-nu-plugin-start@0.29.0, rust-nu-plugin-sys@0.29.0,
	rust-nu-plugin-textview@0.29.0, rust-nu-plugin-to-bson@0.29.0,
	rust-nu-plugin-to-sqlite@0.29.0, rust-nu-plugin-tree@0.29.0,
	rust-nu-plugin-xpath@0.29.0, rust-nu-plugin@0.29.0, rust-nu-protocol@0.29.0,
	rust-nu-source@0.29.0, rust-nu-stream@0.29.0, rust-nu-table@0.29.0,
	rust-nu-test-support@0.29.0, rust-nu-value-ext@0.29.0, rust-rand-core@0.6.2,
	rust-rocket-codegen@0.4.7, rust-rocket-http@0.4.7, rust-rocket@0.4.7,
	rust-rustyline@8.0.0, rust-smallvec@1.6.1, rust@1.51.0, saga@7.9.0,
	sbcl-cl-webkit@2.4-13.db85563, sbcl-golden-utils@0.0.0-2.62a5cb9,
	sbcl-ironclad@0.55, sbcl-postmodern@1.32.9, sbcl@2.1.3, sg3-utils@1.46,
	skopeo@1.2.2, spatialite-gui@2.1.0-beta1, spdlog@1.8.5, sqlite@3.32.3,
	strawberry@0.9.2, stunnel@5.59, suitesparse@5.9.0, svt-hevc@1.5.0,
	synapse@1.29.0, terminator@2.1.1, tippecanoe@1.36.0, tmon@5.11.11,
	turbostat@5.11.11, txr@255, tzdata@2021a, ugrep@3.1.11, umoci@0.4.7,
	urlscan@0.9.6, vim-asyncrun@2.8.5, vim-full@8.2.2689, vim@8.2.2689,
	vips@8.10.6, virt-manager@3.2.0, vmpk@0.8.2, vsftpd@3.0.3-32.el8, vtk@9.0.1,
	wavpack@5.4.0, waybar@0.9.5, webkitgtk@2.32.0, wireguard-tools@1.0.20210315,
	wla-dx@9.12, wsjtx@2.3.1, x86-energy-perf-policy@5.11.11, xscreensaver@5.45,
	xxd@8.2.2689, youtube-dl@2021.04.01, zabbix-agentd@5.2.6,
	zabbix-server@5.2.6

	News for channel 'guix'
	Risk of local privilege escalation during user account creation
	commit 2161820ebbbab62a5ce76c9101ebaec54dc61586

	A security vulnerability that can lead to local privilege escalation has
	been found in the code that creates user accounts on Guix System---Guix on
	other distros is unaffected. The system is only vulnerable during the
	activation of user accounts that do not already exist.

	This bug is fixed and Guix System users are advised to upgrade their system,
	with a command along the lines of:

	guix system reconfigure /run/current-system/configuration.scm

	The attack can happen when `guix system reconfigure' is running. Running
	`guix system reconfigure' can trigger the creation of new user accounts if
	the configuration specifies new accounts. If a user whose account is being
	created manages to log in after the account has been created but before
	``skeleton files'' copied to its home directory have the right ownership,
	they may, by creating an appropriately-named symbolic link in the home
	directory pointing to a sensitive file, such as `/etc/shadow', get root
	privileges.

	See `https://issues.guix.gnu.org/47584' for more information on this bug.
	New supported platform: powerpc64le-linux
	commit e52ec6c64a17a99ae4bb6ff02309067499915b06

	A new platform, powerpc64le-linux, has been added for little-endian 64-bit
	Power ISA processors using the Linux-Libre kernel. This includes POWER9
	systems such as the RYF Talos II mainboard
	(https://www.fsf.org/news/talos-ii-mainboard-and-talos-ii-lite-mainboard-now
	-fsf-certified-to-respect-your-freedom). This platform is available as a
	"technology preview": although it is supported, substitutes are not yet
	available from the build farm, and some packages may fail to build. In
	addition, Guix System is not yet available on this platform. That said, the
	Guix community is actively working on improving this support, and now is a
	great time to try it and get involved!