From 99f202b4b370e9977ab7b4a16c87c8d3c8b46715 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sun, 22 Oct 2023 13:15:16 +0200
Subject: [PATCH] minizip: apply patch for CVE-2023-45853

Upstream PR: https://github.com/madler/zlib/pull/843

(cherry picked from commit 282d9cd278480206964640c73cab2621e77300d7)
---
 pkgs/development/libraries/minizip/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/minizip/default.nix b/pkgs/development/libraries/minizip/default.nix
index 1fb737ed7a758..a7af395598fc4 100644
--- a/pkgs/development/libraries/minizip/default.nix
+++ b/pkgs/development/libraries/minizip/default.nix
@@ -1,10 +1,20 @@
-{ lib, stdenv, zlib, autoreconfHook }:
+{ lib, stdenv, zlib, autoreconfHook, fetchpatch }:
 
 stdenv.mkDerivation {
   pname = "minizip";
   version = zlib.version;
   inherit (zlib) src;
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-45853.patch";
+      url = "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch";
+      hash = "sha256-yayfe1g9HsvgMN28WF/MYkH7dGMX4PsK53FcnfL3InM=";
+    })
+  ];
+
+  patchFlags = [ "-p3" ];
+
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ zlib ];