From efe66e221f0cbdcb7a75f6e5e1d7d3ffadc23374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 15 Jul 2017 10:06:46 +0200 Subject: [PATCH] evince: patch CVE-2017-1000083 + minor changes This removes help for now but fixes #27388. The minor update might be related to the patch so it's included. --- .../desktops/gnome-3/3.22/core/evince/default.nix | 15 ++++++++++++++- pkgs/desktops/gnome-3/3.22/core/evince/src.nix | 6 +++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/pkgs/desktops/gnome-3/3.22/core/evince/default.nix b/pkgs/desktops/gnome-3/3.22/core/evince/default.nix index 7629e5b5655..340825cd666 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evince/default.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evince/default.nix @@ -4,12 +4,23 @@ , librsvg, gobjectIntrospection , recentListSize ? null # 5 is not enough, allow passing a different number , supportXPS ? false # Open XML Paper Specification via libgxps +, fetchpatch, autoreconfHook }: stdenv.mkDerivation rec { inherit (import ./src.nix fetchurl) name src; - nativeBuildInputs = [ pkgconfig wrapGAppsHook ]; + patches = [ + (fetchpatch { + name = "CVE-2017-1000083"; # https://bugzilla.gnome.org/show_bug.cgi?id=784630 + url = "https://git.gnome.org/browse/evince/patch/?id=fa072dbbfd96"; + sha256 = "12xg00jvbsh54dr2dyq2ha5a05x2bpzd1lh2k3sppq3h7a02lsjy"; + }) + ]; + # missing help for now; fixing the autogen phase seemed too difficult + postPatch = "sed '/@YELP_HELP_RULES@/d' -i help/Makefile.am"; + + nativeBuildInputs = [ pkgconfig wrapGAppsHook autoreconfHook/*for patches*/ ]; buildInputs = [ intltool perl perlXMLParser libxml2 @@ -43,6 +54,8 @@ stdenv.mkDerivation rec { gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${shared_mime_info}/share") ''; + enableParallelBuilding = true; + doCheck = false; # would need pythonPackages.dogTail, which is missing meta = with stdenv.lib; { diff --git a/pkgs/desktops/gnome-3/3.22/core/evince/src.nix b/pkgs/desktops/gnome-3/3.22/core/evince/src.nix index 36572a58e17..07997a5c095 100644 --- a/pkgs/desktops/gnome-3/3.22/core/evince/src.nix +++ b/pkgs/desktops/gnome-3/3.22/core/evince/src.nix @@ -1,10 +1,10 @@ # Autogenerated by maintainers/scripts/gnome.sh update fetchurl: { - name = "evince-3.22.0"; + name = "evince-3.22.1"; src = fetchurl { - url = mirror://gnome/sources/evince/3.22/evince-3.22.0.tar.xz; - sha256 = "22ebabf890057e8b43020ffdebdbb57d6a586beba031838f0f0c8a596c479d46"; + url = mirror://gnome/sources/evince/3.22/evince-3.22.1.tar.xz; + sha256 = "f3d439db3b5a5745d26175d615a71dffa1535235b1e3aa0b85d397ea33ab231c"; }; }