From 91db3f6b4518ca8ebea6cfe38766f72d142ce36b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Thu, 21 Aug 2014 12:15:45 +0200
Subject: [PATCH] kde4: security patch for CVE-2014-5033

---
 pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
index 396adf9ba752..1698abfd00f7 100644
--- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
+++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
@@ -4,7 +4,7 @@
 , automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee
 , docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst
 , udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt
-, pkgconfig
+, pkgconfig, fetchpatch
 }:
 
 kde {
@@ -28,7 +28,15 @@ kde {
   # There are a few hardcoded paths.
   # Split plugins from libs?
 
-  patches = [ ../files/polkit-install.patch ];
+  patches = [
+    ../files/polkit-install.patch
+    (fetchpatch {
+      name = "CVE-2014-5033.patch";
+      url = "http://quickgit.kde.org/?p=kdelibs.git"
+        + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23";
+      sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
+    })
+  ];
 
   cmakeFlags = [
     "-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook"