[staging-24.05] python311Packages.starlette: fix CVE-2024-47874 (#350969

)
NixOS · Oct 25, 2024 · b1a88d3 · b1a88d3
2 parents e0933d7 + aa3ba8d
commit b1a88d3
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix
@@ -2,6 +2,7 @@
   lib,
   buildPythonPackage,
   fetchFromGitHub,
+  fetchpatch2,
 
   # build-system
   hatchling,
@@ -40,6 +41,15 @@ buildPythonPackage rec {
     hash = "sha256-GiCN1sfhLu9i19d2OcLZrlY8E64DFrFh+ITRSvLaxdE=";
   };
 
+  patches = [
+    (fetchpatch2 {
+      # https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
+      name = "CVE-2024-47874.patch";
+      url = "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733.patch";
+      hash = "sha256-N/v0xBa6e40ZrdHfDa5mlHJhh5IyDdC/XdmTtKNOYP4=";
+    })
+  ];
+
   nativeBuildInputs = [ hatchling ];
 
   propagatedBuildInputs = [ anyio ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions ];