From a3dde9d13dab999352d5eb4781fc4e768492f997 Mon Sep 17 00:00:00 2001
From: Piotr Bogdan <ppbogdan@gmail.com>
Date: Tue, 10 Oct 2017 18:34:30 +0100
Subject: [PATCH 1/2] freeimage: fix CVE-2015-0852 & CVE-2016-5684

---
 pkgs/development/libraries/freeimage/default.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/freeimage/default.nix b/pkgs/development/libraries/freeimage/default.nix
index 6ee7670fc29..a2f47da7aaf 100644
--- a/pkgs/development/libraries/freeimage/default.nix
+++ b/pkgs/development/libraries/freeimage/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, unzip, darwin }:
+{ stdenv, fetchpatch, fetchurl, unzip, darwin }:
 
 stdenv.mkDerivation {
   name = "freeimage-3.17.0";
@@ -8,6 +8,17 @@ stdenv.mkDerivation {
     sha256 = "12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v";
   };
 
+  patches = [
+    (fetchpatch {
+      url = "https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/plain/debian/patches/Fix-CVE-2015-0852.patch";
+      sha256 = "0qkb96mvvhji75gz7dma3vj2b71smp96z3kl2ydj6skvnw6slnmc";
+    })
+    (fetchpatch {
+      url = "https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/plain/debian/patches/Fix-CVE-2016-5684.patch";
+      sha256 = "18g5ckrvqfjcldis7zf7hmfl8b3mgnc6akd6x3cdq8c5j7l1y98f";
+    })
+  ];
+
   buildInputs = [ unzip ] ++ stdenv.lib.optional stdenv.isDarwin darwin.cctools;
 
   prePatch = if stdenv.isDarwin

From 1e32c3ee358118f429b8ab6acf23adb8bb27786b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Tue, 24 Oct 2017 21:31:53 +0200
Subject: [PATCH 2/2] freeimage: fetchpatch -> fetchurl

These aren't generated patches, so there's no benefit in fetchpatch.
/cc #30729.
---
 .../libraries/freeimage/default.nix            | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/pkgs/development/libraries/freeimage/default.nix b/pkgs/development/libraries/freeimage/default.nix
index a2f47da7aaf..157f9f3936e 100644
--- a/pkgs/development/libraries/freeimage/default.nix
+++ b/pkgs/development/libraries/freeimage/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchpatch, fetchurl, unzip, darwin }:
+{ stdenv, fetchurl, unzip, darwin }:
 
 stdenv.mkDerivation {
   name = "freeimage-3.17.0";
@@ -8,14 +8,16 @@ stdenv.mkDerivation {
     sha256 = "12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v";
   };
 
-  patches = [
-    (fetchpatch {
-      url = "https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/plain/debian/patches/Fix-CVE-2015-0852.patch";
-      sha256 = "0qkb96mvvhji75gz7dma3vj2b71smp96z3kl2ydj6skvnw6slnmc";
+  patches = let
+    patchURL = https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/plain/debian/patches;
+  in [
+    (fetchurl {
+      url = patchURL + "/Fix-CVE-2015-0852.patch";
+      sha256 = "1vxdck4i5qi5j6i3cjja0gfy79mmbf0lq2qdrnqdsl4kclbvw2c8";
     })
-    (fetchpatch {
-      url = "https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/plain/debian/patches/Fix-CVE-2016-5684.patch";
-      sha256 = "18g5ckrvqfjcldis7zf7hmfl8b3mgnc6akd6x3cdq8c5j7l1y98f";
+    (fetchurl {
+      url = patchURL + "/Fix-CVE-2016-5684.patch";
+      sha256 = "14ffgqbnwg28r6sjvm3z89zbnnm9ghbc81hdhrzxlyk3vwvd6cw3";
     })
   ];