From ae2277aa2176d09da355c8bef5133eff608f26e5 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Fri, 28 Mar 2025 13:48:24 +0100
Subject: [PATCH] matrix-synapse: pull in 1.127.1 early (security)

Fixes https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
CVE-2025-30355
---
 overlays/default.nix        |  1 +
 overlays/matrix-synapse.nix | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 overlays/matrix-synapse.nix

diff --git a/overlays/default.nix b/overlays/default.nix
index d07f2095..450f65c9 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -19,6 +19,7 @@
                 nextcloud-skeleton = prev.callPackage ./pkgs/nextcloud-skeleton { };
               }
             )
+            (import ./matrix-synapse.nix)
           ];
         }
       );
diff --git a/overlays/matrix-synapse.nix b/overlays/matrix-synapse.nix
new file mode 100644
index 00000000..eb83349c
--- /dev/null
+++ b/overlays/matrix-synapse.nix
@@ -0,0 +1,18 @@
+final: prev: {
+  matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overrideAttrs (oldAttrs: rec {
+    inherit (oldAttrs) pname;
+    version = "1.127.1";
+    src = prev.fetchFromGitHub {
+      owner = "element-hq";
+      repo = "synapse";
+      rev = "v${version}";
+      hash = "sha256-DNUKbb+d3BBp8guas6apQ4yFeXCc0Ilijtbt1hZkap4=";
+    };
+
+    cargoDeps = prev.rustPlatform.fetchCargoVendor {
+      inherit src;
+      name = "${pname}-${version}";
+      hash = "sha256-wI3vOfR5UpVFls2wPfgeIEj2+bmWdL3pDSsKfT+ysw8=";
+    };
+  });
+}