jpegoptim: apply patch for CVE-2023-27781origin/backport-221829-to-release-22.11

See https://github.com/tjko/jpegoptim/issues/132 (cherry picked from commit b3cf05383eb1b717011df8d752709a9ddcd7dffa)
author: Thomas Gerbet <thomas@gerbet.me> 2023-03-18 11:51:45 +0100
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2023-03-18 13:58:22 +0000
commit: ee0b543730c059b1d1aa3f78d5b8cc0151d36132 (patch)
tree: adc02a70635ff979fe93f6518decdd6b3db9d4b1
parent: Merge pull request #204955 from NixOS/backport-204468-to-release-22.11 (diff)
download: nixpkgs-origin/backport-221829-to-release-22.11.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/applications/graphics/jpegoptim/default.nix b/pkgs/applications/graphics/jpegoptim/default.nix
index d4582280079e..c1611a62cc4b 100644
--- a/pkgs/applications/graphics/jpegoptim/default.nix
+++ b/pkgs/applications/graphics/jpegoptim/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, libjpeg }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, libjpeg }:
 
 stdenv.mkDerivation rec {
   version = "1.5.0";
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-fTtNDjswxHv2kHU55RCzz9tdlXw+RUCSoe3qF4hQ7u4=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-27781.patch";
+      url = "https://github.com/tjko/jpegoptim/commit/29a073ad297a0954f5e865264e24755d0ffe53ed.patch";
+      hash = "sha256-YUjVg0cvElhzMG3b4t5bqcqnHAuzDoNvSqe0yvlgX4E=";
+    })
+  ];
+
   # There are no checks, it seems.
   doCheck = false;
author	Thomas Gerbet <thomas@gerbet.me>	2023-03-18 11:51:45 +0100
committer	github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2023-03-18 13:58:22 +0000
commit	ee0b543730c059b1d1aa3f78d5b8cc0151d36132 (patch)
tree	adc02a70635ff979fe93f6518decdd6b3db9d4b1
parent	Merge pull request #204955 from NixOS/backport-204468-to-release-22.11 (diff)
download	nixpkgs-origin/backport-221829-to-release-22.11.tar.gz