On Sat, May 06, 2017 at 10:45:57AM -0400, Kei Kebreau wrote:
> * gnu/packages/patches/libtiff-CVE-2017-7593.patch: New file.
> * gnu/packages/patches/libtiff-CVE-2017-7594.patch: New file.
> * gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/image.scm (libtiff)[source]: Use them.

Thank you!

This change should be grafted, since ~2000 packages will be affected.

There's a recent example of appending patches in a replacement package:

+    (source
+      (origin
+        (inherit (package-source libsndfile))
+        (patches
+          (append
+            (origin-patches (package-source libsndfile))
+            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
+                            "libsndfile-CVE-2017-8362.patch")))))))

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1c4a500aae53b8cd33d1266eb3809b859ae2555d