xdg-desktop-portal-hyprland: add security patch

This patch fixes a long-standing RCE vulnerability in xdg-desktop-portal-hyprland (https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242), which was only discovered recently.
2024-11-26 08:53:21 +00:00 · 2024-07-23 21:40:56 +03:00 · 2024-07-23 21:40:56 +03:00 · 300e06cf56
commit 300e06cf56
parent 8adff84f43
1 changed files with 10 additions and 0 deletions
--- a/pkgs/applications/window-managers/hyprwm/xdg-desktop-portal-hyprland/default.nix
+++ b/pkgs/applications/window-managers/hyprwm/xdg-desktop-portal-hyprland/default.nix
@ -1,5 +1,6 @@
 { lib
 , stdenv
+, fetchpatch
 , fetchFromGitHub
 , cmake
 , pkg-config
@ -33,6 +34,15 @@ stdenv.mkDerivation (self: {
    hash = "sha256-wP611tGIWBA4IXShWbah7TxqdbvhfcfT2vnXalX/qzk=";
  };

+  patches = [
+    # Fixes a long-standing RCE vulnerability (hyprwm/xdg-desktop-portal-hyprland#242)
+    # Can be removed after v1.3.3
+    (fetchpatch {
+      url = "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/84a9cdca3adcf1cb288c2d38f8c6fc1835a3ae23.patch";
+      hash = "sha256-rdu+8KDa1o125GZKTYquZfS8JG05odlzDzz8QxRoQYk=";
+    })
+  ];
+
  nativeBuildInputs = [
    cmake
    pkg-config