From a1a2ad1e5bae89c83c4d9dd35d265e2f97028237 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 11 Oct 2024 21:18:47 +0200
Subject: [PATCH] fop: apply patch for CVE-2024-28168

https://www.openwall.com/lists/oss-security/2024/10/09/1
(cherry picked from commit 562995272c6557ab647a16ab76330e21623a3e86)
---
 pkgs/tools/typesetting/fop/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/tools/typesetting/fop/default.nix b/pkgs/tools/typesetting/fop/default.nix
index 94a24211f9a39..4981ec2a7a0ce 100644
--- a/pkgs/tools/typesetting/fop/default.nix
+++ b/pkgs/tools/typesetting/fop/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , ant
 , jdk
 , jre
@@ -17,6 +18,14 @@ stdenv.mkDerivation (finalAttrs: {
     hash = "sha256-b7Av17wu6Ar/npKOiwYqzlvBFSIuXTpqTacM1sxtBvc=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-28168.patch";
+      url = "https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134.patch";
+      hash = "sha256-zmUA1Tq6iZtvNECCiXebXodp6AikBn10NTZnVHpPMlw=";
+    })
+  ];
+
   nativeBuildInputs = [
     ant
     jdk