avahi: patch to handle bogus services gracefully

This applies the fix for avahi/avahi#212 where having a single invalid
service being published inside a network could DoS discovery for all
avahi clients.

For me this happened with a "SIEMENS HM676G0S6". AFAIK Bosch (from the
original GitHub issue) is a subsidiary of Siemens.

Fixes: avahi/avahi#212

pkgs/development/libraries/avahi/default.nix

@@ -92,6 +92,13 @@ stdenv.mkDerivation rec {
       sha256 = "sha256-qR7scfQqhRGxg2n4HQsxVxCLkXbwZi+PlYxrOSEPsL0=";
       excludes = [ ".github/workflows/smoke-tests.sh" ];
     })
+    # https://github.com/avahi/avahi/pull/523 merged Nov 12
+    (fetchpatch {
+      name = "core-no-longer-supply-bogus-services-to-callbacks.patch";
+      url = "https://github.com/avahi/avahi/commit/93b14365c1c1e04efd1a890e8caa01a2a514bfd8.patch";
+      sha256 = "sha256-VBm8vsBZkTbbWAK8FI71SL89lZuYd1yFNoB5o+FvlEU=";
+      excludes = [ ".github/workflows/smoke-tests.sh" "fuzz/fuzz-packet.c" ];
+    })
   ];
 
   depsBuildBuild = [