From f603c1c52c585cd8835f6ec28d9b909064c3cd13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Wed, 2 Jan 2019 09:50:54 +0100
Subject: [PATCH] libjpeg(-turbo): patch CVE-2018-19664

Fixes #52972.
---
 pkgs/development/libraries/libjpeg-turbo/default.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix
index 4e654168d4b..14b01cd9a84 100644
--- a/pkgs/development/libraries/libjpeg-turbo/default.nix
+++ b/pkgs/development/libraries/libjpeg-turbo/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, nasm }:
+{ stdenv, fetchurl, fetchpatch, cmake, nasm }:
 
 stdenv.mkDerivation rec {
   name = "libjpeg-turbo-${version}";
@@ -11,7 +11,14 @@ stdenv.mkDerivation rec {
 
   patches =
     stdenv.lib.optional (stdenv.hostPlatform.libc or null == "msvcrt")
-      ./mingw-boolean.patch;
+      ./mingw-boolean.patch
+  ++ [
+    (fetchpatch {
+      name = "cve-2018-19664.diff";
+      url = "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f8cca819a4fb.diff";
+      sha256 = "1kgfag62qmphlrq0mz15g17zw7zrg9nzaz7d2vg50m6m7m5aw4y5";
+    })
+  ];
 
   outputs = [ "bin" "dev" "out" "man" "doc" ];