Merge pull request #70264 from ttuegel/security--CVE-2019-14744

Patch kdelibs for CVE-2019-14744

pkgs/development/python-modules/pykde4/default.nix

@@ -37,6 +37,7 @@ in stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     platforms = platforms.linux;
+    hydraPlatforms = platforms.none;
     description = "Python bindings for KDE";
     license = with licenses; [ gpl2 lgpl2 ];
     homepage = https://api.kde.org/pykde-4.3-api/;

pkgs/development/python-modules/pykde4/kdelibs.nix

@@ -1,5 +1,5 @@
 {
-  stdenv, fetchurl,
+  stdenv, fetchurl, fetchpatch,
   automoc4, cmake_2_8, libxslt, perl, pkgconfig, shared-mime-info,
   attica, docbook_xml_dtd_42, docbook_xsl, giflib,
   libdbusmenu_qt, libjpeg, phonon, qt4, openssl
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
     url = "mirror://kde/stable/applications/17.08.3/src/${pname}-${version}.tar.xz";
     sha256 = "1zn3yb09sd22bm54is0rn98amj0398zybl550dp406419sil7z9p";
   };
+  patches = [
+    # https://phabricator.kde.org/D22989
+    (fetchpatch {
+      url = "https://cgit.kde.org/kdelibs.git/patch/?id=2c3762feddf7e66cf6b64d9058f625a715694a00";
+      sha256 = "1wbzywh8lcc66n6y3pxs18h7cwkq6g216faz27san33jpl8ra1i9";
+      name = "CVE-2019-14744.patch";
+    })
+  ];
 
   enableParallelBuilding = true;
 
@@ -32,7 +40,9 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     platforms = platforms.linux;
+    hydraPlatforms = platforms.none;
     homepage = http://www.kde.org;
     license = with licenses; [ gpl2 fdl12 lgpl21 ];
+    maintainers = with maintainers; [ gnidorah ];
   };
 }