BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/pkgs/servers/atlassian/confluence.nix
Maximilian Bosch 4b2e3bd079
atlassian-confluence: 7.19.5 -> 7.19.12 
Upgrade to the latest patchlevel of the 7.19 LTS release. Most notably
it contains fixes for the following security bulletins from Atlassian:

* https://confluence.atlassian.com/security/security-bulletin-august-15-2023-1276870882.html
  (upgrade of bundled Apache Tomcat to fix CVE-2023-24998).

* https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
  (fixes CVE-2023-22508, an RCE in Confluence >=6.1 <8.2)

Additionally, each release contains several additional bugfixes and
security fixes:

* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-12-1272383421.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-11-1255451908.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-10-1252328199.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-9-1236440851.html
  (also fixes CVE-2023-22504 which allows users with read-only access to
  a page to upload attachments)
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-8-1229036579.html
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-7-1224638578.html
  (also fixes CVE-2023-22503 an information disclosure of label &
  attachment names)
* https://confluence.atlassian.com/doc/issues-resolved-in-7-19-6-1207191110.html
2023-08-15 23:06:55 +02:00

57 lines
1.9 KiB
Nix
Raw Blame History

{ stdenvNoCC, lib, fetchurl, mysql_jdbc ? null
, enableSSO ? false
, crowdProperties ? null
, withMysql ? true
}:
assert withMysql -> (mysql_jdbc != null);
let
optionalWarning = cond: msg:
if cond then lib.warn msg
else lib.id;
in
optionalWarning (crowdProperties != null) "Using `crowdProperties` is deprecated!"
(stdenvNoCC.mkDerivation rec {
pname = "atlassian-confluence";
version = "7.19.12";
src = fetchurl {
url = "https://product-downloads.atlassian.com/software/confluence/downloads/${pname}-${version}.tar.gz";
sha256 = "sha256-59JOZWKhHPtz9NFiGreFHAOgIL5aB227j6nC1XyofvE=";
};
buildPhase = ''
echo "confluence.home=/run/confluence/home" > confluence/WEB-INF/classes/confluence-init.properties
mv conf/server.xml conf/server.xml.dist
ln -sf /run/confluence/home/deploy conf/Standalone
ln -sf /run/confluence/server.xml conf/server.xml
rm -r logs; ln -sf /run/confluence/logs/ .
rm -r work; ln -sf /run/confluence/work/ .
rm -r temp; ln -sf /run/confluence/temp/ .
'' + lib.optionalString enableSSO ''
substituteInPlace confluence/WEB-INF/classes/seraph-config.xml \
--replace com.atlassian.confluence.user.ConfluenceAuthenticator\
com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator
'' + lib.optionalString (crowdProperties != null) ''
cat <<EOF > confluence/WEB-INF/classes/crowd.properties
${crowdProperties}
EOF
'' + lib.optionalString withMysql ''
cp -v ${mysql_jdbc}/share/java/*jar confluence/WEB-INF/lib/
'';
installPhase = ''
cp -rva . $out
patchShebangs $out/bin
'';
meta = with lib; {
description = "Team collaboration software written in Java and mainly used in corporate environments";
homepage = "https://www.atlassian.com/software/confluence";
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.unfree;
maintainers = with maintainers; [ globin willibutz ciil techknowlogick ma27 ];
};
})
Reference in a new issue View git blame Copy permalink