calibre: apply fix for CVE-2026-25636 (#488503)

        url = "https://github.com/debian-calibre/calibre/raw/refs/tags/debian/${finalAttrs.version}+${debian-source}/debian/patches/hardening/0007-Hardening-Qt-code.patch";

        hash = "sha256-lKp/omNicSBiQUIK+6OOc8ysM6LImn5GxWhpXr4iX+U=";

      })

      # Fix CVE-2026-25636

      # http://tracker.security.nixos.org/issues/NIXPKGS-2026-0160

      # https://github.com/NixOS/nixpkgs/issues/488052

      # Fixed upstream in 9.1.0.

      #

      # Both patches appear to be needed to fix the CVE.

      (fetchpatch {

        name = "CVE-2026-25636.1.patch";

        url = "https://github.com/kovidgoyal/calibre/commit/267bfd34020a4f297c2de9cc0cde50ebe5d024d4.patch";

        hash = "sha256-5CKlJG0e0v/VXiIeAqiByThRgMs+gwRdgOzPHupB8A8=";

      })

      (fetchpatch {

        name = "CVE-2026-25636.2.patch";

        url = "https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726.patch";

        hash = "sha256-hpWFSQXyOAVRqou0v+5oT5zIrBbyP2Uv2z1Vg811ZG0=";

      })

    ]

    ++ lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch;