Merge remote-tracking branch 'nixpkgs/nixos-unstable'

2 files changed, 16 insertions, 9 deletions

diff --git a/nixpkgs/pkgs/development/libraries/glib/default.nix b/nixpkgs/pkgs/development/libraries/glib/default.nix
index 0e8ed605a2d6..ce64bef95adb 100644
--- a/nixpkgs/pkgs/development/libraries/glib/default.nix
+++ b/nixpkgs/pkgs/development/libraries/glib/default.nix
@@ -45,11 +45,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "glib";
-  version = "2.66.4";
+  version = "2.66.8";
 
   src = fetchurl {
     url = "mirror://gnome/sources/glib/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "l9+GcOMvn9T3OSsJgOZh3WJQEgFdWDUNoeWOND9K+YQ=";
+    sha256 = "sha256-l7yH3ZE2VYmvXLv+oldIM66nobcYQP02Xs0oUsdrnIs=";
   };
 
   patches = optionals stdenv.isDarwin [
@@ -92,6 +92,7 @@ stdenv.mkDerivation rec {
   buildInputs = [
     libelf setupHook pcre
     bash gnum4 # install glib-gettextize and m4 macros for other apps to use
+    gtk-doc
   ] ++ optionals stdenv.isLinux [
     libselinux
     util-linuxMinimal # for libmount
@@ -99,8 +100,10 @@ stdenv.mkDerivation rec {
     AppKit Carbon Cocoa CoreFoundation CoreServices Foundation
   ]);
 
+  strictDeps = true;
+
   nativeBuildInputs = [
-    meson ninja pkg-config perl python3 gettext gtk-doc docbook_xsl docbook_xml_dtd_45
+    meson ninja pkg-config perl python3 gettext gtk-doc docbook_xsl docbook_xml_dtd_45 libxml2
   ];
 
   propagatedBuildInputs = [ zlib libffi gettext libiconv ];
@@ -120,6 +123,8 @@ stdenv.mkDerivation rec {
     "-DG_DISABLE_CAST_CHECKS"
   ];
 
+  hardeningDisable = [ "pie" ];
+
   postPatch = ''
     chmod +x gio/tests/gengiotypefuncs.py
     patchShebangs gio/tests/gengiotypefuncs.py
@@ -144,7 +149,7 @@ stdenv.mkDerivation rec {
     cp -r ${buildPackages.glib.devdoc} $devdoc
   '';
 
-  checkInputs = [ tzdata libxml2 desktop-file-utils shared-mime-info ];
+  checkInputs = [ tzdata desktop-file-utils shared-mime-info ];
 
   preCheck = optionalString doCheck ''
     export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
diff --git a/nixpkgs/pkgs/development/libraries/glib/schema-override-variable.patch b/nixpkgs/pkgs/development/libraries/glib/schema-override-variable.patch
index 1cb5a730351b..f98af04a7f24 100644
--- a/nixpkgs/pkgs/development/libraries/glib/schema-override-variable.patch
+++ b/nixpkgs/pkgs/development/libraries/glib/schema-override-variable.patch
@@ -1,12 +1,14 @@
+diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
+index 1282c10a1..feadfe3aa 100644
 --- a/gio/gsettingsschema.c
 +++ b/gio/gsettingsschema.c
-@@ -352,6 +352,9 @@
+@@ -360,6 +360,9 @@ initialise_schema_sources (void)
  
        try_prepend_data_dir (g_get_user_data_dir ());
  
-+      if ((path = g_getenv ("NIX_GSETTINGS_OVERRIDES_DIR")) != NULL)
++      if (!is_setuid && (path = g_getenv ("NIX_GSETTINGS_OVERRIDES_DIR")) != NULL)
 +        try_prepend_dir (path);
 +
-       if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
-         try_prepend_dir (path);
- 
+       /* Disallow loading extra schemas if running as setuid, as that could
+        * allow reading privileged files. */
+       if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)