2 files changed, 16 insertions, 3 deletions

diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix
index 40bb9a5a140d..cfc31c120b45 100644
--- a/pkgs/development/libraries/libimobiledevice/default.nix
+++ b/pkgs/development/libraries/libimobiledevice/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, python, pkgconfig, usbmuxd, glib, libgcrypt,
+{ stdenv, fetchurl, fetchpatch, python, pkgconfig, usbmuxd, glib, libgcrypt,
   libtasn1, libplist, readline, libusbmuxd, openssl }:
 
 stdenv.mkDerivation rec {
@@ -8,7 +8,13 @@ stdenv.mkDerivation rec {
   buildInputs = [ readline ];
   propagatedBuildInputs = [ libusbmuxd glib libgcrypt libtasn1 libplist openssl ];
 
-  patches = [ ./disable_sslv3.patch ];
+  patches = [
+    ./disable_sslv3.patch
+    (fetchpatch { # CVE-2016-5104
+      url = "https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e.patch";
+      sha256 = "06ygb9aqcvm4v08wrldsddjgyqv5bkpq6lxzq2a1nwqp9mq4a4k1";
+    })
+  ];
 
   postPatch = ''sed -e 's@1\.3\.21@@' -i configure'';
   passthru.swig = libplist.swig;
diff --git a/pkgs/development/libraries/libusbmuxd/default.nix b/pkgs/development/libraries/libusbmuxd/default.nix
index edc3d3df9cb4..458798f9382a 100644
--- a/pkgs/development/libraries/libusbmuxd/default.nix
+++ b/pkgs/development/libraries/libusbmuxd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, libplist }:
+{ stdenv, fetchurl, fetchpatch, pkgconfig, libplist }:
 
 stdenv.mkDerivation rec {
   name = "libusbmuxd-1.0.10";
@@ -7,6 +7,13 @@ stdenv.mkDerivation rec {
     sha256 = "1wn9zq2224786mdr12c5hxad643d29wg4z6b7jn888jx4s8i78hs";
   };
 
+  patches = [
+    (fetchpatch { # CVE-2016-5104
+      url = "https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196.patch";
+      sha256 = "0cl3vys7bkwbdzf64d0rz3zlqpfc30w4l7j49ljv01agh42ywhgk";
+    })
+  ];
+
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ libplist ];