From 68c95309980d6e6e1dc315628de55844f8b02ca3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Wed, 18 Jan 2017 15:50:58 +0100
Subject: [PATCH] libtiff: apply security patches from Debian

/cc #21967.
---
 pkgs/development/libraries/libtiff/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix
index 49fddd06c171..c67057031490 100644
--- a/pkgs/development/libraries/libtiff/default.nix
+++ b/pkgs/development/libraries/libtiff/default.nix
@@ -11,6 +11,17 @@ stdenv.mkDerivation rec {
     sha256 = "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz";
   };
 
+  prePatch =let
+      # https://lwn.net/Vulnerabilities/711777/
+      debian = fetchurl {
+        url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.7-5.debian.tar.xz;
+        sha256 = "1ribxdn89wx3nllcyh7ql3dx6wpr1h7z3waglz1w7dklxm43q67l";
+      };
+    in ''
+      tar xf '${debian}'
+      patches="$patches $(cat debian/patches/series | sed 's|^|debian/patches/|')"
+    '';
+
   outputs = [ "bin" "dev" "out" "doc" ];
 
   nativeBuildInputs = [ pkgconfig ];