jhead: add patches for CVE-2019-1010301, CVE-2019-1010302

(#73115) (cherry picked from commit 7dacaa056c4a1054759ae813eb9f91b0633601de)
author: Robert Scott <code@humanleg.org.uk> 2019-11-10 13:44:53 +0000
committer: Renaud <c0bw3b@users.noreply.github.com> 2019-11-10 14:44:53 +0100
commit: e5bd0cfcd530f261670dfc7ea54cf416841179e5 (patch)
tree: 31437189134db97cb4f718cd135f1665f54d2a5d
parent: 4beb94ccc001b20ffa44aa076983c1023b192cd5 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/tools/graphics/jhead/default.nix b/pkgs/tools/graphics/jhead/default.nix
index e4405455097d2..e6d2465efe1c8 100644
--- a/pkgs/tools/graphics/jhead/default.nix
+++ b/pkgs/tools/graphics/jhead/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libjpeg }:
+{ stdenv, fetchurl, fetchpatch, libjpeg }:
 
 stdenv.mkDerivation rec {
   name = "jhead-${version}";
@@ -9,6 +9,19 @@ stdenv.mkDerivation rec {
     sha256 = "1hn0yqcicq3qa20h1g313l1a671r8mccpb9gz0w1056r500lw6c2";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-1010301.patch";
+      url = "https://sources.debian.org/data/main/j/jhead/1:3.03-3/debian/patches/36_CVE-2019-1010301";
+      sha256 = "1vvrg50z5y7sjhfi973wh1q1v79sqp7hk5d4z0dlnx3fqgkjrx7q";
+    })
+    (fetchpatch {
+      name = "CVE-2019-1010302.patch";
+      url = "https://sources.debian.org/data/main/j/jhead/1:3.03-3/debian/patches/37_CVE-2019-1010302";
+      sha256 = "1h11mpsi7hpwbi8kpnkjwn6zpqf88f132h0rsg8sggcs3vva2x8y";
+    })
+  ];
+
   buildInputs = [ libjpeg ];
 
   patchPhase = ''
author	Robert Scott <code@humanleg.org.uk>	2019-11-10 13:44:53 +0000
committer	Renaud <c0bw3b@users.noreply.github.com>	2019-11-10 14:44:53 +0100
commit	e5bd0cfcd530f261670dfc7ea54cf416841179e5 (patch)
tree	31437189134db97cb4f718cd135f1665f54d2a5d
parent	4beb94ccc001b20ffa44aa076983c1023b192cd5 (diff)