From 1bb1b6708708be99be95604fc2e225b327941724 Mon Sep 17 00:00:00 2001
From: "Tristan Helmich (omniIT)" <tristan.helmich@omniit.de>
Date: Thu, 30 Jul 2020 18:32:42 +0000
Subject: [PATCH 1/2] graylog: 3.3.2 -> 3.3.3

Bumps Graylog and integrations plugins to 3.3.3 which fixes CVE-2020-15813
---
 pkgs/tools/misc/graylog/default.nix | 4 ++--
 pkgs/tools/misc/graylog/plugins.nix | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/tools/misc/graylog/default.nix b/pkgs/tools/misc/graylog/default.nix
index 6b2059cafdf9..2785255092b9 100644
--- a/pkgs/tools/misc/graylog/default.nix
+++ b/pkgs/tools/misc/graylog/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "graylog";
-  version = "3.3.2";
+  version = "3.3.3";
 
   src = fetchurl {
     url = "https://packages.graylog2.org/releases/graylog/graylog-${version}.tgz";
-    sha256 = "0mw0nwj6i681bfsp3psjq377bha2qskkw955pp9h1p8xdyy8cx32";
+    sha256 = "1yc2rirbdydirs1kph60acz06ciqnjbf115p3q4vhh15l84lg3sg";
   };
 
   dontBuild = true;
diff --git a/pkgs/tools/misc/graylog/plugins.nix b/pkgs/tools/misc/graylog/plugins.nix
index ec6c16f53131..15d11b0bf08d 100644
--- a/pkgs/tools/misc/graylog/plugins.nix
+++ b/pkgs/tools/misc/graylog/plugins.nix
@@ -64,10 +64,10 @@ in {
   enterprise-integrations = glPlugin rec {
     name = "graylog-enterprise-integrations-${version}";
     pluginName = "graylog-plugin-enterprise-integrations";
-    version = "3.3.1";
+    version = "3.3.3";
     src = fetchurl {
       url = "https://downloads.graylog.org/releases/graylog-enterprise-integrations/graylog-enterprise-integrations-plugins-${version}.tgz";
-      sha256 = "0la91f5hfakrp5d37q3r1z15zzya9vmwgp8gf5ifkh6fasa811ll";
+      sha256 = "14b8whgvx8lzil09gjjxhps5syw3slwbh3gswrgc9kh1sqmdhl85";
     };
     installPhase = ''
       mkdir -p $out/bin
@@ -96,10 +96,10 @@ in {
   integrations = glPlugin rec {
     name = "graylog-integrations-${version}";
     pluginName = "graylog-plugin-integrations";
-    version = "3.3.1";
+    version = "3.3.3";
     src = fetchurl {
       url = "https://downloads.graylog.org/releases/graylog-integrations/graylog-integrations-plugins-${version}.tgz";
-      sha256 = "1k90q50p4ly9d8fj0riyb1xw0bd6f8wm2xmkr71908j2v0jaskpq";
+      sha256 = "1zf97q8xm81z6q2s7c3nwvpl1m6pc6w7zjm4hmd7ds1br6pg4bdh";
     };
     installPhase = ''
       mkdir -p $out/bin

From 70be15c91bb830d389cb77560a16ee471a145bff Mon Sep 17 00:00:00 2001
From: "Tristan Helmich (omniIT)" <tristan.helmich@omniit.de>
Date: Thu, 30 Jul 2020 19:16:12 +0000
Subject: [PATCH 2/2] doc/rl-2009: Add warning on Graylog changes in version
 3.3.3

---
 nixos/doc/manual/release-notes/rl-2009.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index 7da1f5023780..ed4e71234b98 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -556,6 +556,12 @@ services.bitcoind."example-mainnet" = {
 </programlisting>
     </para>
    </listitem>
+   <listitem>
+    <para>
+      Graylog introduced a change in the LDAP server certificate validation behaviour for version 3.3.3 which might break existing setups.
+      When updating Graylog from a version before 3.3.3 make sure to check the Graylog <link xlink:href="https://www.graylog.org/post/announcing-graylog-v3-3-3">release info</link> for information on how to avoid the issue.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>