diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-07-15 10:06:46 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-07-15 10:07:45 +0200 |
| commit | efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374 (patch) | |
| tree | 45ac7170448d2b0b0072c5381b37081a5fc1509e /pkgs/desktops | |
| parent | 371ad29661df49b77922acb78f307b12ddc0ade7 (diff) | |
| download | nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar.gz nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar.bz2 nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar.lz nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar.xz nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.tar.zst nixlib-efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374.zip | |
evince: patch CVE-2017-1000083 + minor changes
This removes help for now but fixes #27388. The minor update might be related to the patch so it's included.
Diffstat (limited to 'pkgs/desktops')
| -rw-r--r-- | pkgs/desktops/gnome-3/3.22/core/evince/default.nix | 15 | ||||
| -rw-r--r-- | pkgs/desktops/gnome-3/3.22/core/evince/src.nix | 6 |
2 files changed, 17 insertions, 4 deletions
diff --git a/pkgs/desktops/gnome-3/3.22/core/evince/default.nix b/pkgs/desktops/gnome-3/3.22/core/evince/default.nix index 7629e5b56550..340825cd6668 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evince/default.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evince/default.nix @@ -4,12 +4,23 @@ , librsvg, gobjectIntrospection , recentListSize ? null # 5 is not enough, allow passing a different number , supportXPS ? false # Open XML Paper Specification via libgxps +, fetchpatch, autoreconfHook }: stdenv.mkDerivation rec { inherit (import ./src.nix fetchurl) name src; - nativeBuildInputs = [ pkgconfig wrapGAppsHook ]; + patches = [ + (fetchpatch { + name = "CVE-2017-1000083"; # https://bugzilla.gnome.org/show_bug.cgi?id=784630 + url = "https://git.gnome.org/browse/evince/patch/?id=fa072dbbfd96"; + sha256 = "12xg00jvbsh54dr2dyq2ha5a05x2bpzd1lh2k3sppq3h7a02lsjy"; + }) + ]; + # missing help for now; fixing the autogen phase seemed too difficult + postPatch = "sed '/@YELP_HELP_RULES@/d' -i help/Makefile.am"; + + nativeBuildInputs = [ pkgconfig wrapGAppsHook autoreconfHook/*for patches*/ ]; buildInputs = [ intltool perl perlXMLParser libxml2 @@ -43,6 +54,8 @@ stdenv.mkDerivation rec { gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${shared_mime_info}/share") ''; + enableParallelBuilding = true; + doCheck = false; # would need pythonPackages.dogTail, which is missing meta = with stdenv.lib; { diff --git a/pkgs/desktops/gnome-3/3.22/core/evince/src.nix b/pkgs/desktops/gnome-3/3.22/core/evince/src.nix index 36572a58e17e..07997a5c095a 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evince/src.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evince/src.nix @@ -1,10 +1,10 @@ # Autogenerated by maintainers/scripts/gnome.sh update fetchurl: { - name = "evince-3.22.0"; + name = "evince-3.22.1"; src = fetchurl { - url = mirror://gnome/sources/evince/3.22/evince-3.22.0.tar.xz; - sha256 = "22ebabf890057e8b43020ffdebdbb57d6a586beba031838f0f0c8a596c479d46"; + url = mirror://gnome/sources/evince/3.22/evince-3.22.1.tar.xz; + sha256 = "f3d439db3b5a5745d26175d615a71dffa1535235b1e3aa0b85d397ea33ab231c"; }; } |