security: update mastodon to 4.2.10

https://github.com/mastodon/mastodon/releases/tag/v4.2.10
* Fix incorrect permission checking on multiple API endpoints (GHSA-58x8-3qxw-6hm7)
* Fix incorrect authorship checking when processing some activities (CVE-2024-37903, GHSA-xjvf-fm67-4qc3)
* Fix ongoing streaming sessions not being invalidated when application tokens get revoked (GHSA-vp5r-5pgw-jwqx)
This commit is contained in:
teutat3s 2024-07-05 11:56:50 +02:00
parent 57a5ace727
commit f8f67b8908
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
3 changed files with 34 additions and 0 deletions

View file

@ -360,6 +360,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-head": {
"locked": {
"lastModified": 1720137366,
"narHash": "sha256-Xn+WAX2t2yjNdgZEyEtjCLvkqjrGPVhKRGsM6ujUf8c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f2a40608e6b55661cac28e473e28b6208da53c01",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1717284937, "lastModified": 1717284937,
@ -386,6 +402,7 @@
"nixos-flake": "nixos-flake", "nixos-flake": "nixos-flake",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-2205": "nixpkgs-2205", "nixpkgs-2205": "nixpkgs-2205",
"nixpkgs-head": "nixpkgs-head",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"triton-vmtools": "triton-vmtools", "triton-vmtools": "triton-vmtools",
"unstable": "unstable" "unstable": "unstable"

View file

@ -5,6 +5,7 @@
unstable.url = "github:nixos/nixpkgs/nixos-unstable"; unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05"; nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-head.url = "github:nixos/nixpkgs/release-24.05";
nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";

View file

@ -16,6 +16,22 @@
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker; inherit (inputs) element-stickers maunium-stickerpicker;
}; };
mastodon = prev.mastodon.override {
version = "4.2.10";
patches = [
(final.fetchpatch {
url = "https://github.com/mastodon/mastodon/compare/v4.2.9...v4.2.10.patch";
hash = "sha256-268iq+2E5OOlhaJE1u5q7AFPdsloXpZCEXoyRMLtRys=";
})
];
# Mastodon has been upgraded on master, the backport is still
# in progress. This is a temporary hack until the backport
# makes it to the branch nixos-24.05.
# https://github.com/NixOS/nixpkgs/pull/324587
# https://nixpk.gs/pr-tracker.html?pr=324587
gemset = import "${inputs.nixpkgs-head.sourceInfo.outPath}/pkgs/servers/mastodon/gemset.nix";
};
} }
) )
]; ];