From e31ac7227e68934c80a8219c8f617d66539241d0 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sat, 18 Mar 2023 12:45:34 +0100
Subject: [PATCH] libmicrohttpd: Apply patch for CVE-2023-27371

https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
---
 .../development/libraries/libmicrohttpd/generic.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libmicrohttpd/generic.nix b/pkgs/development/libraries/libmicrohttpd/generic.nix
index 0af066c7123..d5bc619e904 100644
--- a/pkgs/development/libraries/libmicrohttpd/generic.nix
+++ b/pkgs/development/libraries/libmicrohttpd/generic.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, libgcrypt, curl, gnutls, pkg-config, libiconv, libintl, version, src, meta ? {} }:
+{ lib, stdenv, libgcrypt, curl, gnutls, pkg-config, libiconv, libintl, version, src, meta ? {}, fetchpatch }:
 
 let
   meta_ = meta;
@@ -8,6 +8,17 @@ stdenv.mkDerivation rec {
   pname = "libmicrohttpd";
   inherit version src;
 
+  patches = lib.optionals (lib.versionOlder version "0.9.76") [
+    (fetchpatch {
+      name = "CVE-2023-27371.patch";
+      url = "https://git.gnunet.org/libmicrohttpd.git/patch/?id=e0754d1638c602382384f1eface30854b1defeec";
+      hash = "sha256-vzrq9HPysGpc13rFEk6zLPgpUqp/ST4q/Wp30Dam97k=";
+      excludes = [
+        "ChangeLog"
+      ];
+    })
+  ];
+
   outputs = [ "out" "dev" "devdoc" "info" ];
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ libgcrypt curl gnutls libiconv libintl ];