diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2023-04-26 01:42:17 +0200 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2023-04-26 01:42:17 +0200 |
commit | 64fed11531cf24c68f4de4ed11b48ad38425eb93 (patch) | |
tree | 9cbe5d09a0c5580d16f32ef63d7c341122baf1d6 /pkgs/servers/calibre-web | |
parent | 64a2fcb824b6451a56c3cbced5c180689b8e55f9 (diff) |
calibre-web: 0.6.19 -> 0.6.20
Fixes CVE-2022-2525 and CVE-2023-2106. https://github.com/janeczku/calibre-web/releases/tag/0.6.20
Diffstat (limited to 'pkgs/servers/calibre-web')
-rw-r--r-- | pkgs/servers/calibre-web/default.nix | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/pkgs/servers/calibre-web/default.nix b/pkgs/servers/calibre-web/default.nix index e52685f1a2087..699c33c2d43d4 100644 --- a/pkgs/servers/calibre-web/default.nix +++ b/pkgs/servers/calibre-web/default.nix @@ -21,13 +21,13 @@ let in python.pkgs.buildPythonApplication rec { pname = "calibre-web"; - version = "0.6.19"; + version = "0.6.20"; src = fetchFromGitHub { owner = "janeczku"; repo = "calibre-web"; rev = version; - hash = "sha256-mNYLQ+3u6xRaoZ5oH6HdylFfgz1fq1ZB86AWk9vULWQ="; + hash = "sha256-0lArY1aTpO4sgIVDSqClYMGlip92f9hE/L2UouTLK8Q="; }; propagatedBuildInputs = with python.pkgs; [ @@ -38,9 +38,10 @@ python.pkgs.buildPythonApplication rec { flask-login flask_principal flask-wtf + flask-limiter iso-639 lxml - pypdf3 + pypdf requests sqlalchemy tornado @@ -58,12 +59,6 @@ python.pkgs.buildPythonApplication rec { # and exit. This is gonna be used to configure calibre-web declaratively, as most of its configuration parameters # are stored in the DB. ./db-migrations.patch - # Handle version 3.0 of flask-babel - (fetchpatch { - url = "https://github.com/janeczku/calibre-web/commit/94a6931d48d347ae6c07e2b5f0301e8cf97cf53d.patch"; - excludes = [ "requirements.txt" ]; - hash = "sha256-0DQ+LbIOOwjBXQh+b1w8dYQ3s+xZ6nFoH5GvgJdBAFI="; - }) ]; # calibre-web doesn't follow setuptools directory structure. The following is taken from the script @@ -81,12 +76,12 @@ python.pkgs.buildPythonApplication rec { --replace "APScheduler>=3.6.3,<3.10.0" "APScheduler>=3.6.3" \ --replace "chardet>=3.0.0,<4.1.0" "chardet>=3.0.0,<6" \ --replace "Flask>=1.0.2,<2.1.0" "Flask>=1.0.2" \ - --replace "Flask-Babel>=0.11.1,<2.1.0" "Flask-Babel>=0.11.1" \ + --replace "Flask-Babel>=0.11.1,<3.1.0" "Flask-Babel>=0.11.1" \ --replace "Flask-Login>=0.3.2,<0.6.2" "Flask-Login>=0.3.2" \ --replace "flask-wtf>=0.14.2,<1.1.0" "flask-wtf>=0.14.2" \ --replace "lxml>=3.8.0,<4.9.0" "lxml>=3.8.0" \ --replace "tornado>=4.1,<6.2" "tornado>=4.1,<7" \ - --replace "PyPDF3>=1.0.0,<1.0.7" "PyPDF3>=1.0.0" \ + --replace "PyPDF>=3.0.0,<3.6.0" "PyPDF>=3.0.0" \ --replace "requests>=2.11.1,<2.28.0" "requests" \ --replace "unidecode>=0.04.19,<1.4.0" "unidecode>=0.04.19" \ --replace "werkzeug<2.1.0" "" |