From a8121ca80e04d22d98504fdddd90e342fdda7387 Mon Sep 17 00:00:00 2001
From: Kerstin Humm <kerstin@erictapen.name>
Date: Fri, 18 Feb 2022 17:08:57 +0100
Subject: [PATCH] mastodon: apply upstream patch for CVE-2022-0432

https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09

Co-authored-by: Robert Scott <github@humanleg.org.uk>
---
 pkgs/servers/mastodon/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/servers/mastodon/default.nix b/pkgs/servers/mastodon/default.nix
index e863451bb5e0..9a205bd9d0eb 100644
--- a/pkgs/servers/mastodon/default.nix
+++ b/pkgs/servers/mastodon/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv
+{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, fetchpatch, bundlerEnv
 , yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
 
   # Allow building a fork or custom version of Mastodon:
@@ -15,6 +15,14 @@ stdenv.mkDerivation rec {
   # Putting the callPackage up in the arguments list also does not work.
   src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-0432.patch";
+      url = "https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09.patch";
+      sha256 = "sha256-C18X2ErBqP/dIEt8NrA7hdiqxUg5977clouuu7Lv4/E=";
+    })
+  ];
+
   mastodon-gems = bundlerEnv {
     name = "${pname}-gems-${version}";
     inherit version;