From a1945245b8ec4f40f9b13ec53614d83bb58119d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Behmo?= <regis@behmo.com>
Date: Fri, 28 Jul 2023 21:04:26 +0200
Subject: [PATCH] security: fix unprivileged content libraries creation

See:
https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j
https://github.com/openedx/edx-platform/pull/32838
https://discuss.openedx.org/t/security-upcoming-security-release-for-edx-platform-on-2023-07-25/10769
---
 changelog.d/20230728_210255_regis.md     | 1 +
 tutor/templates/build/openedx/Dockerfile | 3 +++
 2 files changed, 4 insertions(+)
 create mode 100644 changelog.d/20230728_210255_regis.md

diff --git a/changelog.d/20230728_210255_regis.md b/changelog.d/20230728_210255_regis.md
new file mode 100644
index 0000000..fc8e985
--- /dev/null
+++ b/changelog.d/20230728_210255_regis.md
@@ -0,0 +1 @@
+- [Security] Fix content libraries creation by unprivileged users in studio (see [security advisory](https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j)). (by @regisb)
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index abfe968..b6b1d0e 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -50,6 +50,9 @@ RUN git config --global user.email "tutor@overhang.io" \
 {{ patch("openedx-dockerfile-git-patches-default") }}
 {%- else %}
 # Patch edx-platform
+# Security advisory: https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j
+# https://github.com/openedx/edx-platform/pull/32838
+RUN curl -fsSL https://github.com/openedx/edx-platform/commit/163259779297a7dccb28e1f8c3dfa4d2cbdb9655.patch | git am
 {%- endif %}
 
 {# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1>.patch | git am #}