These was previously using different commits, because upstream had
told me that they would be the 0.1.2 releases, and then ended up
changing their mind when they finally got around to tagging them.
The patch is not part of a tagged release yet so we apply it selectively
instead of upgrading whole aerc. While it is originally presented as
a usability problem only for attachments with absolutes filepaths (they
fail to open), there is nothing stopping you from putting a relative
path in there therefore forcing aerc to overwriting any path on the host
system with sender chosen data. It's been marked as CVE-2025-49466
I decided to inline the patches into nixpkgs as they are very short and
the current bot protection of git.sr.ht complicates patch fetching.
They are not doing anything right now. This is in preparation for their
complete removal from the tree.
Note: several changes that affect the derivation inputs (e.g. removal of
references to stub paths in build instructions) were left out. They will
be cleaned up the next iteration and will require special care.
Note: this PR is a result of a mix of ugly regex (not AST) based
automation and some manual labor. For reference, the regex automation
part was hacked in: https://github.com/booxter/nix-clean-apple_sdk
Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
This reverts commit 65a333600d.
This wasn't tested for correctness with something like fodwatch [0],
and should not have been (self-)merged so quickly, especially without
further review.
It also resulted in the breakage of at least one package [1] (and that's
the one we know of and was caught).
A few packages that were updated in between this commit and this revert
were not reverted back to using `rev`, but other than that, this is a
1:1 revert.
[0]: https://codeberg.org/raphaelr/fodwatch
[1]: https://github.com/NixOS/nixpkgs/pull/396904 / 758551e458
