From 6ad3088b124504c873e239002b044e4b66607986 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Mon, 15 Oct 2018 23:55:47 +0200
Subject: libgxps: fix CVE-2018-10733

---
 pkgs/desktops/gnome-3/core/libgxps/default.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'pkgs/desktops')

diff --git a/pkgs/desktops/gnome-3/core/libgxps/default.nix b/pkgs/desktops/gnome-3/core/libgxps/default.nix
index c9312c228829..68193bad5833 100644
--- a/pkgs/desktops/gnome-3/core/libgxps/default.nix
+++ b/pkgs/desktops/gnome-3/core/libgxps/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, meson, ninja, pkgconfig, glib, gobjectIntrospection, cairo
-, libarchive, freetype, libjpeg, libtiff, gnome3
+, libarchive, freetype, libjpeg, libtiff, gnome3, fetchpatch
 }:
 
 let
@@ -13,6 +13,19 @@ in stdenv.mkDerivation rec {
     sha256 = "412b1343bd31fee41f7204c47514d34c563ae34dafa4cc710897366bd6cd0fae";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-10733-1.patch";
+      url = https://gitlab.gnome.org/GNOME/libgxps/commit/b458226e162fe1ffe7acb4230c114a52ada5131b.patch;
+      sha256 = "0pqg9iwkg69qknj7vkgn26c32fndy55byxivd4km0vjfhfyx69hd";
+    })
+    (fetchpatch {
+      name = "CVE-2018-10733-2.patch";
+      url = https://gitlab.gnome.org/GNOME/libgxps/commit/133fe2a96e020d4ca65c6f64fb28a404050ebbfd.patch;
+      sha256 = "19n01x8zs05wf801mkz4mypvapph7h941md3hr3rj0ry6r88pkir";
+    })
+  ];
+
   nativeBuildInputs = [ meson ninja pkgconfig gobjectIntrospection ];
   buildInputs = [ glib cairo freetype libjpeg libtiff ];
   propagatedBuildInputs = [ libarchive ];
-- 
cgit 1.4.1