Merge #206078: glib: Pick GVariant security patches

...into staging

1 files changed, 14 insertions, 0 deletions

diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index e444dcb806161..25acf1350486b 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -118,6 +118,20 @@ stdenv.mkDerivation (finalAttrs: {
     # Disable flaky test.
     # https://gitlab.gnome.org/GNOME/glib/-/issues/820
     ./skip-timer-test.patch
+
+    # GVariant security fixes
+    # https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
+    (fetchpatch {
+      url = "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126.patch";
+      sha256 = "CNCxouYy8xNHt4eJtPZ2eOi9b0SxzI2DkklNfQMk3d8=";
+    })
+
+    # Menu model security fix
+    # https://discourse.gnome.org/t/fixes-for-gdbusmenumodel-crashes-in-glib/12846
+    (fetchpatch {
+      url = "https://gitlab.gnome.org/GNOME/glib/-/commit/4f4d770a1e40f719d5a310cffdac29cbb4e20c11.patch";
+      sha256 = "+S44AnC86HfbMwkRe1ll54IK9pLxaFD3LqiVhPelnXI=";
+    })
   ];
 
   outputs = [ "bin" "out" "dev" "devdoc" ];