diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2019-01-30 23:50:48 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2019-01-30 23:50:48 +0100 |
commit | 66601282cca987bb23a8eac95aac0c1e4d3c9e2f (patch) | |
tree | 04378af7dfedff04d5c3310c5f397b911aaa8ec3 /pkgs/development/libraries/qt-5 | |
parent | 4a200fbbf0a26c55e5ecb280cf173569bd813197 (diff) | |
download | nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar.gz nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar.bz2 nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar.lz nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar.xz nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.tar.zst nixlib-66601282cca987bb23a8eac95aac0c1e4d3c9e2f.zip |
qt59.qtvirtualkeyboard: fix CVE-2018-19865
CVE-2018-19865 tracks the issue of qtvirtualkeyboard where it logs all user input. With this commit we are applying the recommended patches form the upstream project. More details can be obtained from the Qt annoucement [1]. [1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
Diffstat (limited to 'pkgs/development/libraries/qt-5')
-rw-r--r-- | pkgs/development/libraries/qt-5/5.9/default.nix | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/pkgs/development/libraries/qt-5/5.9/default.nix b/pkgs/development/libraries/qt-5/5.9/default.nix index 4acc6a6393f1..68c6745bcb52 100644 --- a/pkgs/development/libraries/qt-5/5.9/default.nix +++ b/pkgs/development/libraries/qt-5/5.9/default.nix @@ -17,7 +17,7 @@ top-level attribute to `top-level/all-packages.nix`. { newScope, - stdenv, fetchurl, makeSetupHook, + stdenv, fetchurl, fetchpatch, makeSetupHook, bison, cups ? null, harfbuzz, libGL, perl, gstreamer, gst-plugins-base, gtk3, dconf, cf-private, @@ -44,6 +44,25 @@ let qtserialport = [ ./qtserialport.patch ]; qttools = [ ./qttools.patch ]; qtwebkit = [ ./qtwebkit.patch ]; + qtvirtualkeyboard = [ + (fetchpatch { + name = "CVE-2018-19865-A.patch"; + url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=61780a113f02b3c62fb14516fe8ea47d91f9ed9a"; + sha256 = "0jd4nzaz9ndm9ryvrkav7kjs437l661288diklhbmgh249f8gki0"; + }) + (fetchpatch { + name = "CVE-2018-19865-B.patch"; + url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c0ac7a4c684e2fed60a72ceee53da89eea3f95a7"; + sha256 = "0yvxrx5vx6845vgnq8ml3q93y61py5j0bvhqj7nqvpbmyj1wy1p3"; + + }) + (fetchpatch { + name = "CVE-2018-19865-C.patch"; + url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=a2e7b8412f56841e12ed20a39f4a38e32d3c1e30"; + sha256 = "1yijysa9gy5xbxndx5ri0dkfrjqja0d1bsx52qz4mhzi4pkbib02"; + }) + ]; + }; mkDerivation = |