nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-30 02:42:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

python311Packages.starlette: fix CVE-2024-47874

Browse Source 
> Denial of service (DoS) via multipart/form-data

https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
This commit is contained in:
Martin Weinelt 2024-10-24 18:31:18 +02:00
parent e0933d74a8
commit aa3ba8d7a9
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkgs/development/python-modules/starlette/default.nix
View File

@ -2,6 +2,7 @@
lib, lib,
buildPythonPackage, buildPythonPackage,
fetchFromGitHub, fetchFromGitHub,
fetchpatch2,
# build-system # build-system
hatchling, hatchling,
@ -40,6 +41,15 @@ buildPythonPackage rec {
hash = "sha256-GiCN1sfhLu9i19d2OcLZrlY8E64DFrFh+ITRSvLaxdE="; hash = "sha256-GiCN1sfhLu9i19d2OcLZrlY8E64DFrFh+ITRSvLaxdE=";
}; };
patches = [
(fetchpatch2 {
# https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
name = "CVE-2024-47874.patch";
url = "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733.patch";
hash = "sha256-N/v0xBa6e40ZrdHfDa5mlHJhh5IyDdC/XdmTtKNOYP4=";
})
];
nativeBuildInputs = [ hatchling ]; nativeBuildInputs = [ hatchling ];
propagatedBuildInputs = [ anyio ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions ]; propagatedBuildInputs = [ anyio ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions ];