From f707d8b65e702f55d2821df47d89355a860f2d5d Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Thu, 21 Aug 2025 12:41:51 +0200
Subject: [PATCH] tika: apply patch for CVE-2025-54988

https://www.openwall.com/lists/oss-security/2025/08/20/3
---
 pkgs/by-name/ti/tika/package.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/by-name/ti/tika/package.nix b/pkgs/by-name/ti/tika/package.nix
index cbd1309bfbba..7de896b7f477 100644
--- a/pkgs/by-name/ti/tika/package.nix
+++ b/pkgs/by-name/ti/tika/package.nix
@@ -5,6 +5,7 @@
   jdk17,
   jre17_minimal,
   fetchFromGitHub,
+  fetchpatch,
   makeWrapper,
   mvnDepsHash ? null,
   enableGui ? true,
@@ -49,6 +50,14 @@ maven.buildMavenPackage rec {
     hash = "sha256-nuiE+MWJNA4PLprAC0vDBadk34TFsVEDBcCZct1XRxo=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2025-54988.patch";
+      url = "https://github.com/apache/tika/commit/bfee6d5569fe9197c4ea947a96e212825184ca33.patch";
+      hash = "sha256-LHM2SafZ85f53mWWSbA4ZQ/QSiDeiwNnzAbLGqGQqPM=";
+    })
+  ];
+
   buildOffline = true;
 
   manualMvnArtifacts = [