kde5.kcoreaddons: fix HTML injection CVE-2016-7966

See https://www.kde.org/info/security/advisory-20161006-1.txt for more information.
2024-12-26 04:43:09 +03:00 · 2016-10-12 08:46:43 -05:00 · 2016-10-12 08:46:43 -05:00 · 8b7f04c25a
commit 8b7f04c25a
parent 259dcac753
1 changed files with 8 additions and 1 deletions
--- a/pkgs/development/libraries/kde-frameworks/kcoreaddons.nix
+++ b/pkgs/development/libraries/kde-frameworks/kcoreaddons.nix
@ -1,8 +1,15 @@
-{ kdeFramework, lib, ecm, shared_mime_info }:
+{ kdeFramework, lib, fetchurl, ecm, shared_mime_info }:

 kdeFramework {
  name = "kcoreaddons";
  meta = { maintainers = [ lib.maintainers.ttuegel ]; };
+  patches = [
+    (fetchurl {
+      url = "https://packaging.neon.kde.org/frameworks/kcoreaddons.git/plain/debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-url-as-foo-.patch?id=ab7258dd8a87668ba63c585a69f41f291254aa43";
+      sha256 = "0svdqbikmslc0n2gdwwlbdyi61m5qgy0lxxv9iglbs3ja09xqs0p";
+      name = "kcoreaddons-CVE-2016-7966.patch";
+    })
+  ];
  nativeBuildInputs = [ ecm ];
  propagatedBuildInputs = [ shared_mime_info ];
 }