From 4b756e48738dc0775dacb6b97280a17799d66147 Mon Sep 17 00:00:00 2001
From: Piotr Bogdan <ppbogdan@gmail.com>
Date: Mon, 9 Oct 2017 20:22:34 +0100
Subject: [PATCH] foomatic-filters: fix CVE-2015-8327 & CVE-2015-8560

---
 pkgs/misc/drivers/foomatic-filters/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/misc/drivers/foomatic-filters/default.nix b/pkgs/misc/drivers/foomatic-filters/default.nix
index 799b14dec1d..d6ac4fd6a03 100644
--- a/pkgs/misc/drivers/foomatic-filters/default.nix
+++ b/pkgs/misc/drivers/foomatic-filters/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, perl, cups, dbus, enscript }:
+{ stdenv, fetchpatch, fetchurl, pkgconfig, perl, cups, dbus, enscript }:
 
 stdenv.mkDerivation rec {
   name = "foomatic-filters-4.0.17";
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ perl cups dbus enscript ];
 
+  patches = [
+    # for CVE-2015-8327 & CVE-2015-8560
+    (fetchpatch {
+      url = "https://anonscm.debian.org/cgit/collab-maint/foomatic-filters.git/plain/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch";
+      sha256 = "055nwi3sjf578nk40bqsch3wx8m2h65hdih0wmxflb6l0hwkq4p4";
+    })
+  ];
+
   preConfigure =
     ''
       substituteInPlace foomaticrip.c --replace /bin/bash /bin/sh