From 15a5894ab3ed1e8ebafb72dc903052b091b6155f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Wed, 25 Dec 2013 11:08:19 +0100
Subject: [PATCH] netpbm: fix CVE-2005-2471

---
 pkgs/tools/graphics/netpbm/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/tools/graphics/netpbm/default.nix b/pkgs/tools/graphics/netpbm/default.nix
index dc16f4887d9..2e3274ca0ff 100644
--- a/pkgs/tools/graphics/netpbm/default.nix
+++ b/pkgs/tools/graphics/netpbm/default.nix
@@ -10,6 +10,11 @@ stdenv.mkDerivation {
     sha256 = "0csx6g0ci66nx1a6z0a9dkpfp66mdvcpp5r7g6zrx4jp18r9hzb2";
   };
 
+  postPatch = /* CVE-2005-2471, from Arch */ ''
+    substituteInPlace converter/other/pstopnm.c \
+      --replace '"-DSAFER"' '"-DPARANOIDSAFER"'
+  '';
+
   NIX_CFLAGS_COMPILE = "-fPIC"; # Gentoo adds this on every platform
 
   buildInputs = [ pkgconfig flex zlib perl libpng libjpeg libxml2 makeWrapper libX11 libtiff ];