From 92535dbc02b3ab4c04cf3e36c36aec92bb04aa37 Mon Sep 17 00:00:00 2001
From: peter woodman <peter@shortbus.org>
Date: Fri, 13 Jan 2023 07:09:05 -0500
Subject: [PATCH] giflib: patch to fix CVE-2022-28506

using the same mitigation the fedora project is using
---
 pkgs/development/libraries/giflib/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/giflib/default.nix b/pkgs/development/libraries/giflib/default.nix
index 795aeb88440e..5202dc0edabc 100644
--- a/pkgs/development/libraries/giflib/default.nix
+++ b/pkgs/development/libraries/giflib/default.nix
@@ -8,7 +8,13 @@ stdenv.mkDerivation rec {
     sha256 = "1gbrg03z1b6rlrvjyc6d41bc8j1bsr7rm8206gb1apscyii5bnii";
   };
 
-  patches = lib.optional stdenv.hostPlatform.isDarwin
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-28506.patch";
+      url = "https://src.fedoraproject.org/rpms/giflib/raw/2e9917bf13df114354163f0c0211eccc00943596/f/CVE-2022-28506.patch";
+      sha256 = "sha256-TBemEXkuox8FdS9RvjnWcTWPaHRo4crcwSR9czrUwBY=";
+    })
+  ] ++ lib.optional stdenv.hostPlatform.isDarwin
     (fetchpatch {
       # https://sourceforge.net/p/giflib/bugs/133/
       name = "darwin-soname.patch";