public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

qt59.qtvirtualkeyboard: fix CVE-2018-19865 

CVE-2018-19865 tracks the issue of qtvirtualkeyboard where it logs all
user input. With this commit we are applying the recommended patches
form the upstream project.

More details can be obtained from the Qt annoucement [1].

[1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
This commit is contained in:
Andreas Rammhold 2019-01-30 23:50:48 +01:00
parent 4a200fbbf0
commit 66601282cc
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkgs/development/libraries/qt-5/5.9/default.nix
View File

@ -17,7 +17,7 @@ top-level attribute to `top-level/all-packages.nix`.
{ {
newScope, newScope,
stdenv, fetchurl, makeSetupHook, stdenv, fetchurl, fetchpatch, makeSetupHook,
bison, cups ? null, harfbuzz, libGL, perl, bison, cups ? null, harfbuzz, libGL, perl,
gstreamer, gst-plugins-base, gtk3, dconf, gstreamer, gst-plugins-base, gtk3, dconf,
cf-private, cf-private,
@ -44,6 +44,25 @@ let
qtserialport = [ ./qtserialport.patch ]; qtserialport = [ ./qtserialport.patch ];
qttools = [ ./qttools.patch ]; qttools = [ ./qttools.patch ];
qtwebkit = [ ./qtwebkit.patch ]; qtwebkit = [ ./qtwebkit.patch ];
qtvirtualkeyboard = [
(fetchpatch {
name = "CVE-2018-19865-A.patch";
url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=61780a113f02b3c62fb14516fe8ea47d91f9ed9a";
sha256 = "0jd4nzaz9ndm9ryvrkav7kjs437l661288diklhbmgh249f8gki0";
})
(fetchpatch {
name = "CVE-2018-19865-B.patch";
url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c0ac7a4c684e2fed60a72ceee53da89eea3f95a7";
sha256 = "0yvxrx5vx6845vgnq8ml3q93y61py5j0bvhqj7nqvpbmyj1wy1p3";
})
(fetchpatch {
name = "CVE-2018-19865-C.patch";
url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=a2e7b8412f56841e12ed20a39f4a38e32d3c1e30";
sha256 = "1yijysa9gy5xbxndx5ri0dkfrjqja0d1bsx52qz4mhzi4pkbib02";
})
];
}; };
mkDerivation = mkDerivation =

2
pkgs/top-level/all-packages.nix
View File

@ -12080,7 +12080,7 @@ in
qt59 = recurseIntoAttrs (makeOverridable qt59 = recurseIntoAttrs (makeOverridable
(import ../development/libraries/qt-5/5.9) { (import ../development/libraries/qt-5/5.9) {
inherit newScope; inherit newScope;
inherit stdenv fetchurl makeSetupHook; inherit stdenv fetchurl fetchpatch makeSetupHook;
bison = bison2; # error: too few arguments to function 'int yylex(... bison = bison2; # error: too few arguments to function 'int yylex(...
inherit cups; inherit cups;
harfbuzz = harfbuzzFull; harfbuzz = harfbuzzFull;