From 8f4f9b62238da74bd3c78fe5708369d543c3e690 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Dec 2017 19:16:36 +0100
Subject: [PATCH 1/3] jbig2dec: bugfix 0.13 -> 0.14

Many of the fixes seem to have potential to be vulnerabilities,
though most aren't labeled with a CVE number.  /cc #32459
---
 pkgs/development/libraries/jbig2dec/default.nix | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix
index 45df4876be1f..8731bd8e7366 100644
--- a/pkgs/development/libraries/jbig2dec/default.nix
+++ b/pkgs/development/libraries/jbig2dec/default.nix
@@ -1,21 +1,13 @@
 { stdenv, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
-  name = "jbig2dec-0.13";
+  name = "jbig2dec-0.14";
 
   src = fetchurl {
     url = "http://downloads.ghostscript.com/public/jbig2dec/${name}.tar.gz";
-    sha256 = "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s";
+    sha256 = "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11";
   };
 
-  patches =
-    [ (fetchpatch {
-        url = "http://git.ghostscript.com/?p=jbig2dec.git;a=patch;h=e698d5c11d27212aa1098bc5b1673a3378563092";
-        sha256 = "1fc8xm1z98xj2zkcl0zj7dpjjsbz3vn61b59jnkhcyzy3iiczv7f";
-        name = "CVE-2016-9601.patch";
-      })
-    ];
-
   meta = {
     homepage = https://www.ghostscript.com/jbig2dec.html;
     description = "Decoder implementation of the JBIG2 image compression format";

From 146355628be1ac3663b4aecffeaa3b7b23ff3d68 Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Sat, 9 Dec 2017 14:54:16 -0500
Subject: [PATCH 2/3] linux-copperhead: 4.14.3.a -> 4.14.4.a

---
 pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
index 707ed10ea0c3..365f6ce54a07 100644
--- a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
+++ b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
@@ -3,9 +3,9 @@
 with stdenv.lib;
 
 let
-  version = "4.14.3";
+  version = "4.14.4";
   revision = "a";
-  sha256 = "18pcmi927gw4a0ih09fq1wv0jbzp1z42a8kga8ralcac828i6gi3";
+  sha256 = "1h99nhm3yd528gj0wg71lzi8v314r6r00m8zh2cw2sz82k7fds4w";
 
   # modVersion needs to be x.y.z, will automatically add .0 if needed
   modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));

From 48b0e5ddbc3c5fd72e2d126dccb7491fa82fa838 Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Sat, 9 Dec 2017 14:57:59 -0500
Subject: [PATCH 3/3] linux: 4.4.104 -> 4.4.105

---
 pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index e247392e6c70..04fc40638d78 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.4.104";
+  version = "4.4.105";
   extraMeta.branch = "4.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0bhc4ay8ikvhqxj191mbm5kshh2zj46n5snwfa1d6bqzdkgg5s5h";
+    sha256 = "0h0ivdw74m3s2j9llh0hnigv790jgy6lhcf6jn2csxmvg3ai5sfn";
   };
 } // (args.argsOverride or {}))