perlPackages.CatalystAuthenticationCredentialHTTP: apply patch for CVE-2025-40920

See https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1
2026-01-12 02:40:31 +08:00 · 2025-08-13 15:04:02 +02:00
parent c78e5ada0e
commit ad8f238ec4
1 changed files with 8 additions and 0 deletions
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -3307,6 +3307,13 @@ with self;
      url = "mirror://cpan/authors/id/E/ET/ETHER/Catalyst-Authentication-Credential-HTTP-1.018.tar.gz";
      hash = "sha256-b6GBbe5kSw216gzBXF5xHcLO0gg2JavOcJZSHx1lpSk=";
    };
+    patches = [
+      (fetchpatch {
+        name = "CVE-2025-40920.patch";
+        url = "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18.patch";
+        hash = "sha256-WI6JwvY6i3KkQO9HbbSvHPX8mgM8I2cF0UTjF1D14T4=";
+      })
+    ];
    buildInputs = [
      ModuleBuildTiny
      TestException
@@ -3316,6 +3323,7 @@ with self;
    propagatedBuildInputs = [
      CatalystPluginAuthentication
      ClassAccessor
+      CryptSysRandom
      DataUUID
      StringEscape
    ];