qt6.qtbase: add patch for CVE-2023-51714

2024-01-02 17:10:56 -05:00 · 2024-01-02 17:10:56 -05:00 · ddc8bd3f51
commit ddc8bd3f51
parent 63346afdb8
1 changed files with 10 additions and 0 deletions
--- a/pkgs/development/libraries/qt-6/default.nix
+++ b/pkgs/development/libraries/qt-6/default.nix
@ -66,6 +66,16 @@ let
            revert = true;
            hash = "sha256-cjB2sC4cvZn0UEc+sm6ZpjyC78ssqB1Kb5nlZQ15M4A=";
          })
+          # CVE-2023-51714: Potential Integer Overflow in Qt's HTTP2 implementation
+          # https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation
+          (fetchpatch2 {
+            url = "https://download.qt.io/official_releases/qt/6.5/0001-CVE-2023-51714-qtbase-6.5.diff";
+            hash = "sha256-0Xnolq9dWkKUrmLUlv15uQ9nkZXrY3AsmvChaLX8P2I=";
+          })
+          (fetchpatch2 {
+            url = "https://download.qt.io/official_releases/qt/6.6/0002-CVE-2023-51714-qtbase-6.6.diff";
+            hash = "sha256-+/u3vy5Ci6Z4jy00L07iYAnqHvVdqUzqVnT9uVIqs60=";
+          })
        ];
      };
      env = callPackage ./qt-env.nix { };