From 2b2f2733757922c0ea1fd2312662dc0442b59637 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Wed, 2 Nov 2016 17:30:50 +0100
Subject: [PATCH] cairo: add patch to fix CVE-2016-9082

cc #20078
---
 pkgs/development/libraries/cairo/default.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix
index fc3b060b35e1..71aa1874951f 100644
--- a/pkgs/development/libraries/cairo/default.nix
+++ b/pkgs/development/libraries/cairo/default.nix
@@ -1,5 +1,5 @@
-{ stdenv, fetchurl, fetchFromGitHub, pkgconfig, libiconv, libintlOrEmpty
-, expat, zlib, libpng, pixman, fontconfig, freetype, xorg
+{ stdenv, fetchurl, fetchFromGitHub, fetchpatch, pkgconfig, libiconv
+, libintlOrEmpty, expat, zlib, libpng, pixman, fontconfig, freetype, xorg
 , gobjectSupport ? true, glib
 , xcbSupport ? true # no longer experimental since 1.12
 , glSupport ? true, mesa_noglu ? null # mesa is no longer a big dependency
@@ -26,6 +26,15 @@ stdenv.mkDerivation rec {
     sha256 = "1hbrdpm6xcczs2c2iid7by8h7dsd0jcf7an88s150njyqnjzxjg7";
   };
 
+  patches = [
+    # from https://bugs.freedesktop.org/show_bug.cgi?id=98165
+    (fetchpatch {
+      name = "cairo-CVE-2016-9082.patch";
+      url = "https://bugs.freedesktop.org/attachment.cgi?id=127421";
+      sha256 = "03sfyaclzlglip4pvfjb4zj4dmm8mlphhxl30mb6giinkc74bfri";
+    })
+  ];
+
   prePatch = ''
     patches="$patches $(echo $infinality/*_cairo-iu/*.patch)"
   '';