gtk2: apply patch fixing CVE-2024-6655origin/backport-328255-to-release-24.05

Upstream issue: https://gitlab.gnome.org/GNOME/gtk/-/issues/6786 (cherry picked from commit 8e510a059875cdfe17fa97fa47d7773f939e344f)
author: Thomas Gerbet <thomas@gerbet.me> 2024-07-18 22:08:04 +0200
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2024-07-20 07:00:01 +0000
commit: e974b59a33dd60a582fb638fb960990938251c2a (patch)
tree: 779949e3f42ce1b2477c3316fc181eed71e1afb3
parent: Merge #327832: thunderbird: 115.12.2 -> 115.13.0 (diff)
download: nixpkgs-origin/backport-328255-to-release-24.05.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/development/libraries/gtk/2.x.nix b/pkgs/development/libraries/gtk/2.x.nix
index b2afb21b6214..a4a3fa68a5e0 100644
--- a/pkgs/development/libraries/gtk/2.x.nix
+++ b/pkgs/development/libraries/gtk/2.x.nix
@@ -2,6 +2,7 @@
 , lib
 , stdenv
 , fetchurl
+, fetchpatch
 , atk
 , buildPackages
 , cairo
@@ -63,6 +64,12 @@ stdenv.mkDerivation (finalAttrs: {
   patches = [
     ./patches/2.0-immodules.cache.patch
     ./patches/gtk2-theme-paths.patch
+    (fetchpatch {
+      # https://gitlab.gnome.org/GNOME/gtk/-/issues/6786
+      name = "CVE-2024-6655.patch";
+      url = "https://gitlab.gnome.org/GNOME/gtk/-/commit/3bbf0b6176d42836d23c36a6ac410e807ec0a7a7.patch";
+      hash = "sha256-mstOPk9NNpUwScrdEbvGhmAv8jlds3SBdj53T0q33vM=";
+    })
   ] ++ lib.optionals stdenv.isDarwin [
     ./patches/2.0-gnome_bugzilla_557780_306776_freeciv_darwin.patch
     ./patches/2.0-darwin-x11.patch
author	Thomas Gerbet <thomas@gerbet.me>	2024-07-18 22:08:04 +0200
committer	github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2024-07-20 07:00:01 +0000
commit	e974b59a33dd60a582fb638fb960990938251c2a (patch)
tree	779949e3f42ce1b2477c3316fc181eed71e1afb3
parent	Merge #327832: thunderbird: 115.12.2 -> 115.13.0 (diff)
download	nixpkgs-origin/backport-328255-to-release-24.05.tar.gz