From 00ac18cdea8bbe9bc4c7f68b7de4e99ed27fdb54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20P=C3=A4ssler?= <mil@nyantec.com>
Date: Mon, 4 Nov 2019 22:50:00 +0100
Subject: [PATCH] qtwebengine: add patch for CVE-2019-13720

---
 pkgs/development/libraries/qt-5/5.12/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/development/libraries/qt-5/5.12/default.nix b/pkgs/development/libraries/qt-5/5.12/default.nix
index 2800f2d77978..9b6534c01b29 100644
--- a/pkgs/development/libraries/qt-5/5.12/default.nix
+++ b/pkgs/development/libraries/qt-5/5.12/default.nix
@@ -79,6 +79,15 @@ let
         url = "https://git.archlinux.org/svntogit/packages.git/plain/trunk/qtbug-77037-workaround.patch?h=packages/qt5-webengine&id=fc77d6b3d5ec74e421b58f199efceb2593cbf951";
         sha256 = "1gv733qfdn9746nbqqxzyjx4ijjqkkb7zb71nxax49nna5bri3am";
       })
+      # patch for CVE-2019-13720, can be removed when it is included in the next upstream release
+      # https://bugreports.qt.io/browse/QTBUG-1019226
+      (fetchpatch {
+        name = "qtwebengine-CVE-2019-13720.patch";
+        url = "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/patch/?id=d6e5fc10";
+        sha256 = "0ywc12m196pr6xn7l5xbascihygkjj4pbcgcn9wxvi5ssdr6z46z";
+        extraPrefix = "src/3rdparty/";
+        stripLen = 1;
+      })
     ]
       ++ optional stdenv.isDarwin ./qtwebengine-darwin-no-platform-check.patch;
     qtwebkit = [ ./qtwebkit.patch ]