nixpkgs/pkgs/servers/web-apps/invoiceplane/default.nix

64 lines
2.0 KiB
Nix

{ lib, stdenv, fetchurl, writeText, unzip, nixosTests, fetchpatch }:
stdenv.mkDerivation rec {
pname = "invoiceplane";
version = "1.5.11";
src = fetchurl {
url = "https://github.com/InvoicePlane/InvoicePlane/releases/download/v${version}/v${version}.zip";
sha256 = "137g0xps4kb3j7f5gz84ql18iggbya6d9dnrfp05g2qcbbp8kqad";
};
patches = [
# Fix CVE-2021-29024, unauthenticated directory listing
# Should be included in a later release > 1.5.11
# https://github.com/NixOS/nixpkgs/issues/166655
# https://github.com/InvoicePlane/InvoicePlane/pull/754
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/754.patch";
sha256 = "sha256-EHXw7Zqli/nA3tPIrhxpt8ueXvDtshz0XRzZT78sdQk=";
})
# Fix CVE-2021-29023, password reset rate-limiting
# Should be included in a later release > 1.5.11
# https://github.com/NixOS/nixpkgs/issues/166655
# https://github.com/InvoicePlane/InvoicePlane/pull/739
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/739.patch";
sha256 = "sha256-6ksJjW6awr3lZsDRxa22pCcRGBVBYyV8+TbhOp6HBq0=";
})
# Fix CVE-2021-29022, full path disclosure
# Should be included in a later release > 1.5.11
# https://github.com/NixOS/nixpkgs/issues/166655
# https://github.com/InvoicePlane/InvoicePlane/pull/767
#(fetchpatch {
# url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/767.patch";
# sha256 = "sha256-rSWDH8KeHSRWLyQEa7RSwv+8+ja9etTz+6Q9XThuwUo=";
#})
];
nativeBuildInputs = [ unzip ];
sourceRoot = ".";
installPhase = ''
mkdir -p $out/
cp -r . $out/
'';
passthru.tests = {
inherit (nixosTests) invoiceplane;
};
meta = with lib; {
description = "Self-hosted open source application for managing your invoices, clients and payments";
license = licenses.mit;
homepage = "https://www.invoiceplane.com";
platforms = platforms.all;
maintainers = with maintainers; [ onny ];
};
}