graphicsmagick: add patches to fix 3 CVEs

Fixes CVE-2016-8682, CVE-2016-8683, CVE-2016-8684.

cc #20078

1 files changed, 12 insertions, 0 deletions

diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix
index 2e573e09b31..91f8e677adb 100644
--- a/pkgs/applications/graphics/graphicsmagick/default.nix
+++ b/pkgs/applications/graphics/graphicsmagick/default.nix
@@ -26,6 +26,18 @@ stdenv.mkDerivation {
       url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-4/debian/patches/CVE-2016-7800_part2.patch";
       sha256 = "1h4xv3i1aq5avsd584rwa5sa7ca8f7w9ggmh7j2llqq5kymwsv5f";
     })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-8682.patch";
+      sha256 = "1wfirw2yi5y72657kvnbgjs0f9b3rs9nvk8gjbwhb9a03z9ws0y5";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-8683.patch";
+      sha256 = "102252zb34nj6alk1nhh1wbn3apd2v9rzk7clmm237332yj72vif";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-5/debian/patches/CVE-2016-8684.patch";
+      sha256 = "1p36gpz904wnmbz1n64x4pdpg8lp9zs3gx0awklxqdvgl8m82vvy";
+    })
   ];
 
   configureFlags = [