Merge pull request #106598 from Ma27/nextcloud-update

nextcloud: 19.0.4 -> 19.0.6, 20.0.1 -> 20.0.3, mark v19 as insecure
2020-12-11 14:30:28 +01:00 · 2020-12-11 14:30:28 +01:00 · 5978c30736
commit 5978c30736
parent 36b6b3a9f7 520b10453f
1 changed files with 14 additions and 7 deletions
--- a/pkgs/servers/nextcloud/default.nix
+++ b/pkgs/servers/nextcloud/default.nix
@ -1,7 +1,10 @@
 { stdenv, fetchurl, nixosTests }:

 let
-  generic = { version, sha256, insecure ? false }: stdenv.mkDerivation rec {
+  generic = {
+    version, sha256,
+    eol ? false, extraVulnerabilities ? []
+  }: stdenv.mkDerivation rec {
    pname = "nextcloud";
    inherit version;

@ -23,7 +26,8 @@ let
      maintainers = with maintainers; [ schneefux bachp globin fpletz ma27 ];
      license = licenses.agpl3Plus;
      platforms = with platforms; unix;
-      knownVulnerabilities = optional insecure "Nextcloud version ${version} is EOL";
+      knownVulnerabilities = extraVulnerabilities
+        ++ (optional eol "Nextcloud version ${version} is EOL");
    };
  };
 in {
@ -42,16 +46,19 @@ in {
  nextcloud18 = generic {
    version = "18.0.10";
    sha256 = "0kv9mdn36shr98kh27969b8xs7pgczbyjklrfskxy9mph7bbzir6";
-    insecure = true;
+    eol = true;
  };

  nextcloud19 = generic {
-    version = "19.0.4";
-    sha256 = "0y5fccn61qf9fxjjpqdvhmxr9w5n4dgl1d7wcl2dzjv4bmqi2ms6";
+    version = "19.0.6";
+    sha256 = "sha256-pqqIayE0OyTailtd2zeYi+G1APjv/YHqyO8jCpq7KJg=";
+    extraVulnerabilities = [
+      "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed!"
+    ];
  };

  nextcloud20 = generic {
-    version = "20.0.1";
-    sha256 = "1z1fzz1i41k4dhdhi005l3gzkvnmmgqqz3rdr374cvk73q7bbiln";
+    version = "20.0.3";
+    sha256 = "sha256-4PZFBNM49k08Z3NX8AEs+LDtDcQuwI+Vi23E/3Dt8XU=";
  };
 }