Merge pull request #160723 from erictapen/mastodon

mastodon: apply upstream patch for CVE-2022-0432

1 files changed, 9 insertions, 1 deletions

diff --git a/pkgs/servers/mastodon/default.nix b/pkgs/servers/mastodon/default.nix
index 09d6d0cc105..a173c594c6b 100644
--- a/pkgs/servers/mastodon/default.nix
+++ b/pkgs/servers/mastodon/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv
+{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, fetchpatch, bundlerEnv
 , yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
 
   # Allow building a fork or custom version of Mastodon:
@@ -15,6 +15,14 @@ stdenv.mkDerivation rec {
   # Putting the callPackage up in the arguments list also does not work.
   src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-0432.patch";
+      url = "https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09.patch";
+      sha256 = "sha256-C18X2ErBqP/dIEt8NrA7hdiqxUg5977clouuu7Lv4/E=";
+    })
+  ];
+
   mastodon-gems = bundlerEnv {
     name = "${pname}-gems-${version}";
     inherit version;