lighttpd: add patch for CVE-2022-22707

pkgs/servers/http/lighttpd/default.nix

@@ -9,6 +9,7 @@
 , enableWebDAV ? false, sqlite, libuuid
 , enableExtendedAttrs ? false, attr
 , perl
+, fetchpatch
 }:
 
 stdenv.mkDerivation rec {
@@ -20,6 +21,14 @@ stdenv.mkDerivation rec {
     sha256 = "1fgasvif13gvzz4rf5mjpy28cbw9fs4ymhx18494mxgb080pzvra";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-22707.patch";
+      url = "https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664.patch";
+      sha256 = "0zm2khgllsd1ivh9m7sisfsyrdfz45zsmiwl963wf0gn8m100gzk";
+    })
+  ];
+
   postPatch = ''
     patchShebangs tests
     # Linux sandbox has an empty hostname and not /etc/hosts, which fails some tests