Get libtiff on the same patch level as Debian. The imported patch file contains:

CVE-2017-9935 CVE-2017-11613 CVE-2017-17095 CVE-2017-18013 CVE-2018-5784 CVE-2018-7456 Re #41748 (master) Re #41749 (release-18.03 - needs to be cherry-picked)
2018-06-09 15:49:36 +02:00 · 2018-06-09 15:49:36 +02:00 · cca45cc3e1
commit cca45cc3e1
parent 7468501411
1 changed files with 4 additions and 4 deletions
--- a/pkgs/development/libraries/libtiff/default.nix
+++ b/pkgs/development/libraries/libtiff/default.nix
@ -13,12 +13,12 @@ stdenv.mkDerivation rec {

  prePatch = let
      debian = fetchurl {
-        url = http://snapshot.debian.org/archive/debian-debug/20180128T155203Z//pool/main/t/tiff/tiff_4.0.9-3.debian.tar.xz;
-        sha256 = "0wya42y7kcq093g3h7ca10cm5sns1mgnkjmdd2qdi59v8arga4y4";
+        url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.9-5.debian.tar.xz;
+        sha256 = "15lwcsd46gini27akms2ngyxnwi1hs2yskrv5x2wazs5fw5ii62w";
      };
    in ''
-      tar xf '${debian}'
-      patches="$patches $(cat debian/patches/series | sed 's|^|debian/patches/|')"
+      tar xf ${debian}
+      patches="$patches $(sed 's|^|debian/patches/|' < debian/patches/series)"
    '';

  outputs = [ "bin" "dev" "out" "man" "doc" ];