doxygen: apply patch removing the usage of polyfill.io

The template used by doxygen when MathJax is needed uses a JS script provided by polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack
author: Thomas Gerbet <thomas@gerbet.me> 2024-06-28 20:44:24 +0200
committer: Thomas Gerbet <thomas@gerbet.me> 2024-06-28 21:53:24 +0200
commit: dfbae770f6231cf0fba1f4bb8893648a014dae20 (patch)
tree: 1f92e7a096f90050794cc0a0d2de79f90613e155 /pkgs
parent: e217f08f92d5b3119fcaa1de4664df0c74c7cedf (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/development/tools/documentation/doxygen/default.nix b/pkgs/development/tools/documentation/doxygen/default.nix
index d735637cb53d3..5b026cda2cfc4 100644
--- a/pkgs/development/tools/documentation/doxygen/default.nix
+++ b/pkgs/development/tools/documentation/doxygen/default.nix
@@ -2,6 +2,7 @@
 , stdenv
 , cmake
 , fetchFromGitHub
+, fetchpatch
 , python3
 , flex
 , bison
@@ -22,6 +23,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-ezeMQk+Vyi9qNsYwbaRRruaIYGY8stFf71W7GonXqco=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "drop-usage-bad-actor-polyfill.io.patch";
+      url = "https://github.com/doxygen/doxygen/commit/41e3eeed6d7c34d14f072cbfea5fe418fc65a760.patch";
+      hash = "sha256-vtuVO6v2Hccm2W+Ilv3a2kmBMrRyYLCYVWLyZKx0s7s=";
+    })
+  ];
+
   nativeBuildInputs = [
     cmake
     python3
author	Thomas Gerbet <thomas@gerbet.me>	2024-06-28 20:44:24 +0200
committer	Thomas Gerbet <thomas@gerbet.me>	2024-06-28 21:53:24 +0200
commit	dfbae770f6231cf0fba1f4bb8893648a014dae20 (patch)
tree	1f92e7a096f90050794cc0a0d2de79f90613e155 /pkgs
parent	e217f08f92d5b3119fcaa1de4664df0c74c7cedf (diff)