From 9b10f90188dd7954b082026f7419b4ce024fe15c Mon Sep 17 00:00:00 2001
From: qubitnano <146656568+qubitnano@users.noreply.github.com>
Date: Fri, 3 May 2024 23:50:06 -0400
Subject: [PATCH] gdk-pixbuf: disable ani loader

The "others" option includes ani which is currently affected by CVE-2022-48622.
Disable this by removing it from the build while allowing the other loaders
to build.
---
 pkgs/development/libraries/gdk-pixbuf/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix
index ea9ff1d91808..f9fd75f1a6af 100644
--- a/pkgs/development/libraries/gdk-pixbuf/default.nix
+++ b/pkgs/development/libraries/gdk-pixbuf/default.nix
@@ -101,6 +101,9 @@ stdenv.mkDerivation (finalAttrs: {
     substituteInPlace docs/meson.build \
       --replace "dependency('gi-docgen'," "dependency('gi-docgen', native:true," \
       --replace "'gi-docgen', req" "'gi-docgen', native:true, req"
+
+    # Remove 'ani' loader until proper fix for CVE-2022-48622
+    substituteInPlace meson.build --replace-fail "'ani'," ""
   '';
 
   postInstall =