glib: 2.66.4 -> 2.66.8

rebased the schema override patch, adding the same upstream safety but
not duplicating the ability to pass multiple directories as this does
not appear to be necessary for nix overrides

2 files changed, 9 insertions, 7 deletions

diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index b18ce099dced6..ce64bef95adba 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -45,11 +45,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "glib";
-  version = "2.66.4";
+  version = "2.66.8";
 
   src = fetchurl {
     url = "mirror://gnome/sources/glib/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "l9+GcOMvn9T3OSsJgOZh3WJQEgFdWDUNoeWOND9K+YQ=";
+    sha256 = "sha256-l7yH3ZE2VYmvXLv+oldIM66nobcYQP02Xs0oUsdrnIs=";
   };
 
   patches = optionals stdenv.isDarwin [
diff --git a/pkgs/development/libraries/glib/schema-override-variable.patch b/pkgs/development/libraries/glib/schema-override-variable.patch
index 1cb5a730351b1..f98af04a7f245 100644
--- a/pkgs/development/libraries/glib/schema-override-variable.patch
+++ b/pkgs/development/libraries/glib/schema-override-variable.patch
@@ -1,12 +1,14 @@
+diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
+index 1282c10a1..feadfe3aa 100644
 --- a/gio/gsettingsschema.c
 +++ b/gio/gsettingsschema.c
-@@ -352,6 +352,9 @@
+@@ -360,6 +360,9 @@ initialise_schema_sources (void)
  
        try_prepend_data_dir (g_get_user_data_dir ());
  
-+      if ((path = g_getenv ("NIX_GSETTINGS_OVERRIDES_DIR")) != NULL)
++      if (!is_setuid && (path = g_getenv ("NIX_GSETTINGS_OVERRIDES_DIR")) != NULL)
 +        try_prepend_dir (path);
 +
-       if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
-         try_prepend_dir (path);
- 
+       /* Disallow loading extra schemas if running as setuid, as that could
+        * allow reading privileged files. */
+       if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)