From 07b2b092be1f3ccadc4553cfbb296139c3591574 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Wed, 14 Jul 2021 10:08:43 +0200
Subject: [PATCH 1/2] libsForQt5.kimageformats: fix CVE-2021-36083

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit 3d260a2d0edffce5095a5f813e9227c4864e9715)
---
 .../libraries/kde-frameworks/kimageformats.nix    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/kde-frameworks/kimageformats.nix b/pkgs/development/libraries/kde-frameworks/kimageformats.nix
index 3d9c5851f24..f78d8168b45 100644
--- a/pkgs/development/libraries/kde-frameworks/kimageformats.nix
+++ b/pkgs/development/libraries/kde-frameworks/kimageformats.nix
@@ -1,5 +1,5 @@
 {
-  mkDerivation, lib,
+  mkDerivation, lib, fetchpatch,
   extra-cmake-modules,
   ilmbase, karchive, openexr, qtbase
 }:
@@ -8,8 +8,21 @@ let inherit (lib) getDev; in
 
 mkDerivation {
   name = "kimageformats";
+
+  patches = [
+    (fetchpatch { # included in kimageformats >= 5.82
+      name = "CVE-2021-36083.patch";
+      url = "https://invent.kde.org/frameworks/kimageformats/-/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f.diff";
+      sha256 = "16axaljgaar0j5796x1mjps93y92393x8zywh3nzw7rm9w2qxzml";
+    })
+  ];
+
   nativeBuildInputs = [ extra-cmake-modules ];
   buildInputs = [ karchive openexr qtbase ];
   outputs = [ "out" ]; # plugins only
   CXXFLAGS = "-I${getDev ilmbase}/include/OpenEXR";
+
+  meta = with lib; {
+    broken = versionOlder qtbase.version "5.14";
+  };
 }

From 10d8aa800385eb48215e5d88cffdbd014bae80ec Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Mon, 28 Jun 2021 23:15:54 +0000
Subject: [PATCH 2/2] hugo: 0.84.1 -> 0.84.2

(cherry picked from commit 0432fe1034f8780170157e86b0383f68cb4e2c5e)
---
 pkgs/applications/misc/hugo/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/hugo/default.nix b/pkgs/applications/misc/hugo/default.nix
index bf5fe070cbf..bb925ceb2fb 100644
--- a/pkgs/applications/misc/hugo/default.nix
+++ b/pkgs/applications/misc/hugo/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "hugo";
-  version = "0.84.1";
+  version = "0.84.2";
 
   src = fetchFromGitHub {
     owner = "gohugoio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-ULZa0tepq00v2VHDR3+aYYvRfbxYKcjcltRgRmbVmRA=";
+    sha256 = "sha256-NE4vXtczzcL5f0/aDYeGnleBwsDBTzojSaek/LzowFo=";
   };
 
-  vendorSha256 = "sha256-jY/g92ON5OxjuZzPHJNduXYMgPU8/0ioAYvp4iqjGnU=";
+  vendorSha256 = "sha256-ImXTOtN6kQL7Q8IBlmK7+i47cWtyZT0xcnQdCw3NvWM=";
 
   doCheck = false;