about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix')
-rw-r--r--nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix65
1 files changed, 25 insertions, 40 deletions
diff --git a/nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix b/nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix
index 46ec52f75d84..9641fa728a98 100644
--- a/nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix
+++ b/nixpkgs/pkgs/tools/typesetting/tex/texlive/bin.nix
@@ -212,14 +212,18 @@ core-big = stdenv.mkDerivation {
       url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1009196;filename=lua_fixed_hash.patch;msg=45";
       sha256 = "sha256-FTu1eRd3AUU7IRs2/7e7uwHuvZsrzTBPypbcEZkU7y4=";
     })
-    # fixes a security-issue in luatex that allows arbitrary code execution even with shell-escape disabled, see https://tug.org/~mseven/luatex.html
-    # fixed in LuaTeX 1.17.0, remove patch when upgrading to TL 2024
+    # update to LuaTeX 1.16.1 to prepare for 1.17.0 below
     (fetchpatch {
-      name = "CVE-2023-32700.patch";
-      url = "https://tug.org/~mseven/luatex-files/2023/patch";
-      hash = "sha256-AvMedFkZJAFsCJ51eQqBQM4MpzLzn+GeBrzuTzISVkk=";
-      excludes = [  "build.sh" ];
-      stripLen = 1;
+      name = "luatex-1.16.1.patch";
+      url = "https://github.com/TeX-Live/texlive-source/commit/ad8702a45e317fa9d396ef4d50467c37964a9543.patch";
+      hash = "sha256-qfzUfkJUfW285w+fnbpO8JLArM7/uj3yb9PONgZrJLE=";
+    })
+    # fixes security issues in luatex that allows arbitrary code execution even with shell-escape disabled and network requests, see https://tug.org/~mseven/luatex.html
+    # fixed in LuaTeX 1.17.0, shipped as a rare binary update in TL 2023
+    (fetchpatch {
+      name = "luatex-1.17.0.patch";
+      url = "https://github.com/TeX-Live/texlive-source/commit/6ace460233115bd42b36e63c7ddce11cc92a1ebd.patch";
+      hash = "sha256-2fbIdwnw/XQXci9OqRrb6B5tHiSR0co08NyFgMyXCvc=";
     })
     # Fixes texluajitc crashes on aarch64, backport of the upstream fix
     # https://github.com/LuaJIT/LuaJIT/commit/e9af1abec542e6f9851ff2368e7f196b6382a44c
@@ -322,44 +326,25 @@ context = stdenv.mkDerivation rec {
   };
 };
 
-dvisvgm = stdenv.mkDerivation {
+dvisvgm = stdenv.mkDerivation rec {
   pname = "dvisvgm";
-  inherit (texlive.pkgs.dvisvgm) version;
+  version = "3.2.2";
 
-  inherit (common) src;
+  src = assert lib.assertMsg (version == texlive.pkgs.dvisvgm.version) "dvisvgm: TeX Live version (${texlive.pkgs.dvisvgm.version}) different from source (${version}), please update dvisvgm"; fetchurl {
+    url = "https://github.com/mgieseki/dvisvgm/releases/download/${version}/dvisvgm-${version}.tar.gz";
+    hash = "sha256-8GKL6lqjMUXXWwpqbdGPrYibdSc4y8AcGUGPNUc6HQA=";
+  };
 
-  patches = [
-    # do not use deprecated NEWPDF option with Ghostscript >= 10.02.0
-    # https://github.com/mgieseki/dvisvgm/issues/245
-    (fetchpatch {
-      name = "dont-use-NEWPDF-with-GS-10.02.0.patch";
-      url = "https://github.com/mgieseki/dvisvgm/commit/f31cdf14d73f586e2b92b4b0891d097a90274a0b.patch";
-      hash = "sha256-Yf/GhmJYM87M0ITZ/+7q2ZvSYnac4N2/NkTkFlJ2VII=";
-      stripLen = 1;
-      extraPrefix = "texk/dvisvgm/dvisvgm-src/";
-    })
+  configureFlags = [
+    "--disable-manpage" # man pages are provided by the doc container
   ];
 
-  # since we are running configure directly in texk/dvisvgm,
-  # the option --with-system-potrace is not picked up properly
-  # and dvisvgm tries to build a vendored copy of potrace
+  # PDF handling requires mutool (from mupdf) since Ghostscript 10.01
   postPatch = ''
-    cat > texk/dvisvgm/dvisvgm-src/libs/potrace/Makefile <<EOF
-    all:
-    install:
-    EOF
-  '' +
-    # PDF handling requires mutool (from mupdf) since Ghostscript 10.01
-  ''
-    substituteInPlace texk/dvisvgm/dvisvgm-src/src/PDFHandler.cpp \
-      --replace 'Process("mutool"' "Process(\"$(PATH="$HOST_PATH" command -v mutool)\""
+    substituteInPlace src/PDFHandler.cpp \
+      --replace-fail 'Process("mutool"' "Process(\"$(PATH="$HOST_PATH" command -v mutool)\""
   '';
 
-  preConfigure = "cd texk/dvisvgm";
-
-  configureFlags = common.configureFlags
-    ++ [ "--with-system-kpathsea" ];
-
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ core brotli ghostscript zlib freetype woff2 potrace xxHash mupdf-headless ];
 
@@ -468,7 +453,7 @@ xdvi = stdenv.mkDerivation {
 
   postInstall = ''
     substituteInPlace "$out/bin/xdvi" \
-      --replace "exec xdvi-xaw" "exec '$out/bin/xdvi-xaw'"
+      --replace-fail "exec xdvi-xaw" "exec '$out/bin/xdvi-xaw'"
   '';
   # TODO: it's suspicious that mktexpk generates fonts into ~/.texlive2014
 };
@@ -504,8 +489,8 @@ xindy = stdenv.mkDerivation {
   # hardcode clisp location
   postPatch = ''
     substituteInPlace xindy-*/user-commands/xindy.in \
-      --replace "our \$clisp = ( \$is_windows ? 'clisp.exe' : 'clisp' ) ;" \
-                "our \$clisp = '$(type -P clisp)';"
+      --replace-fail "our \$clisp = ( \$is_windows ? 'clisp.exe' : 'clisp' ) ;" \
+                     "our \$clisp = '$(type -P clisp)';"
   '';
 
   nativeBuildInputs = [
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-13 11:20:04 +0000