kde5.kcoreaddons: fix HTML injection CVE-2016-7966

See https://www.kde.org/info/security/advisory-20161006-1.txt for more
information.
This commit is contained in:
Thomas Tuegel 2016-10-12 08:46:43 -05:00
parent 259dcac753
commit 8b7f04c25a
No known key found for this signature in database
GPG Key ID: 22CBF5249D4B4D59

View File

@ -1,8 +1,15 @@
{ kdeFramework, lib, ecm, shared_mime_info }: { kdeFramework, lib, fetchurl, ecm, shared_mime_info }:
kdeFramework { kdeFramework {
name = "kcoreaddons"; name = "kcoreaddons";
meta = { maintainers = [ lib.maintainers.ttuegel ]; }; meta = { maintainers = [ lib.maintainers.ttuegel ]; };
patches = [
(fetchurl {
url = "https://packaging.neon.kde.org/frameworks/kcoreaddons.git/plain/debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-url-as-foo-.patch?id=ab7258dd8a87668ba63c585a69f41f291254aa43";
sha256 = "0svdqbikmslc0n2gdwwlbdyi61m5qgy0lxxv9iglbs3ja09xqs0p";
name = "kcoreaddons-CVE-2016-7966.patch";
})
];
nativeBuildInputs = [ ecm ]; nativeBuildInputs = [ ecm ];
propagatedBuildInputs = [ shared_mime_info ]; propagatedBuildInputs = [ shared_mime_info ];
} }