From 058a3c0806e2148ae3d0519bcaa929b7c2486c17 Mon Sep 17 00:00:00 2001
From: Timon Stampfli <timon@timon.ch>
Date: Sat, 27 Oct 2018 15:25:52 +0200
Subject: [PATCH] openjpeg: adding patch for CVE-2018-7648

(cherry picked from commit 3dc0838450ad5ec8c25adcd1c7bfe3b8b630b7e5)
Forward-picking from staging-next.  The CVE is marked as critical,
and the amount of rebuilds isn't that high (~500 linux, ~100 darwin).
---
 pkgs/development/libraries/openjpeg/2.x.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkgs/development/libraries/openjpeg/2.x.nix b/pkgs/development/libraries/openjpeg/2.x.nix
index d18c971dc11..77d9e5829a1 100644
--- a/pkgs/development/libraries/openjpeg/2.x.nix
+++ b/pkgs/development/libraries/openjpeg/2.x.nix
@@ -5,4 +5,12 @@ callPackage ./generic.nix (args // rec {
   branch = "2.3";
   revision = "v${version}";
   sha256 = "08plxrnfl33sn2vh5nwbsngyv6b1sfpplvx881crm1v1ai10m2lz";
+
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-7648.patch";
+      url = "https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d.patch";
+      sha256 = "1j5nxmlgyfkxldk2f1ij6h850xw45q3b5brxqa04dxsfsv8cdj5j";
+    })
+  ];
 })