From 39404056ed559f690060467932d32fe3bca55350 Mon Sep 17 00:00:00 2001
From: 6t8k <58048945+6t8k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 20:26:10 +0100
Subject: [PATCH] exiv2: 0.28.0 -> 0.28.1

https://github.com/Exiv2/exiv2/blob/v0.28.1/doc/ChangeLog

Fixes CVE-2023-44398 (High).

https://github.com/Exiv2/exiv2/issues/2762 is now fixed upstream, so
make `checkPhase` run unconditionally again.
---
 pkgs/development/libraries/exiv2/default.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix
index bf36c5a9bca0..fb2db6a963e7 100644
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , cmake
 , doxygen
 , gettext
@@ -19,7 +20,7 @@
 
 stdenv.mkDerivation rec {
   pname = "exiv2";
-  version = "0.28.0";
+  version = "0.28.1";
 
   outputs = [ "out" "lib" "dev" "doc" "man" ];
 
@@ -27,9 +28,16 @@ stdenv.mkDerivation rec {
     owner = "exiv2";
     repo = "exiv2";
     rev = "v${version}";
-    hash = "sha256-nEoLJWxSJmAonCbW/iZKjLrKMj09mwEaSUXUcUu8GxU=";
+    hash = "sha256-Jim8vYWyCa16LAJ1GuP8cCzhXIc2ouo6hVsHg3UQbdg=";
   };
 
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/Exiv2/exiv2/commit/c351c7cce317571934abf693055779a59df30d6e.patch";
+      hash = "sha256-fWJT4IUBrAELl6ku0M1iTzGFX74le8Z0UzTJLU/gYls=";
+    })
+  ];
+
   nativeBuildInputs = [
     cmake
     doxygen
@@ -67,8 +75,7 @@ stdenv.mkDerivation rec {
     "doc"
   ];
 
-  # https://github.com/Exiv2/exiv2/issues/2762
-  doCheck = lib.versionOlder brotli.version "1.1.0";
+  doCheck = true;
 
   preCheck = ''
     patchShebangs ../test/