evince: patch CVE-2017-1000083 + minor changes

This removes help for now but fixes #27388.
The minor update might be related to the patch so it's included.
This commit is contained in:
Vladimír Čunát 2017-07-15 10:06:46 +02:00
parent 371ad29661
commit efe66e221f
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
2 changed files with 17 additions and 4 deletions

View File

@ -4,12 +4,23 @@
, librsvg, gobjectIntrospection
, recentListSize ? null # 5 is not enough, allow passing a different number
, supportXPS ? false # Open XML Paper Specification via libgxps
, fetchpatch, autoreconfHook
}:
stdenv.mkDerivation rec {
inherit (import ./src.nix fetchurl) name src;
nativeBuildInputs = [ pkgconfig wrapGAppsHook ];
patches = [
(fetchpatch {
name = "CVE-2017-1000083"; # https://bugzilla.gnome.org/show_bug.cgi?id=784630
url = "https://git.gnome.org/browse/evince/patch/?id=fa072dbbfd96";
sha256 = "12xg00jvbsh54dr2dyq2ha5a05x2bpzd1lh2k3sppq3h7a02lsjy";
})
];
# missing help for now; fixing the autogen phase seemed too difficult
postPatch = "sed '/@YELP_HELP_RULES@/d' -i help/Makefile.am";
nativeBuildInputs = [ pkgconfig wrapGAppsHook autoreconfHook/*for patches*/ ];
buildInputs = [
intltool perl perlXMLParser libxml2
@ -43,6 +54,8 @@ stdenv.mkDerivation rec {
gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${shared_mime_info}/share")
'';
enableParallelBuilding = true;
doCheck = false; # would need pythonPackages.dogTail, which is missing
meta = with stdenv.lib; {

View File

@ -1,10 +1,10 @@
# Autogenerated by maintainers/scripts/gnome.sh update
fetchurl: {
name = "evince-3.22.0";
name = "evince-3.22.1";
src = fetchurl {
url = mirror://gnome/sources/evince/3.22/evince-3.22.0.tar.xz;
sha256 = "22ebabf890057e8b43020ffdebdbb57d6a586beba031838f0f0c8a596c479d46";
url = mirror://gnome/sources/evince/3.22/evince-3.22.1.tar.xz;
sha256 = "f3d439db3b5a5745d26175d615a71dffa1535235b1e3aa0b85d397ea33ab231c";
};
}