elk7: 7.17.9 -> 7.17.10

Fixes CVE-2023-31413, CVE-2023-26486 and CVE-2023-26487.

https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327

The non official analysis-lemmagen plugin has not yet been released for ES 7.17.10.
It is marked as broken in the meantime.
This commit is contained in:
Thomas Gerbet 2023-05-20 00:17:11 +02:00
parent 5c1bf25732
commit f29911cd75
6 changed files with 36 additions and 35 deletions

View file

@ -17,10 +17,10 @@ let
plat = elemAt info 1;
shas =
{
x86_64-linux = "f0f9f65b6ba3cc401a519f764314854f6f1f22a9c3b55dfc5a4921455d64fc0d5b8352d267217076da82157553f235ab3d2506497132f23789b126205177e86b";
x86_64-darwin = "2ba707a0e7a5c34be98ee5e299b8f1d9ace99a626112efd48ca08bfc9640374ec37fc1761c9ef91599e7a5bf5055d2731759b0337952d7767b02d9c46640be71";
aarch64-linux = "6899c46a06cceb3bfa5db22cdad90db3063b3859c6059a379ac29ce5755073e45b6914491c7c0ec92c48344c1658ea68f7453992d1a39b70782f699315d175de";
aarch64-darwin = "194b7288f394ff39af3e114099a8f0f847091fd50231ee50c12105189e2b1dfdff8971795c2c22275ff113734e543cfaf51940682d77576c89d2d5bce9b26b92";
x86_64-linux = "d3d5e8906e64ae3c469e4df80e1c692ce1912e36f68ddf36b99b7019faf34aebaa329061904a6d2b6a32486c6e19d1c5f2ea30c25479a7960ed93bc1c0cb1691";
x86_64-darwin = "72a4499efbbbdf425f92beafc1b1d416e66e6ded60e76d9c9af9c3c13ce11862ba54dffbfbd5cbdef6afaad50f0d57532d3524f83acd88840aecc6891f748732";
aarch64-linux = "ce1b584e1cf98f8fb0e602352564a71efef4f53936dde7a056caed62675a6216624f0db2bc24d8239b8d01f06306bf173dda7a08a1787ba061db01ca0d88359a";
aarch64-darwin = "72a4499efbbbdf425f92beafc1b1d416e66e6ded60e76d9c9af9c3c13ce11862ba54dffbfbd5cbdef6afaad50f0d57532d3524f83acd88840aecc6891f748732";
};
in stdenv.mkDerivation rec {

View file

@ -8,10 +8,10 @@ let beat = package: extraArgs: buildGoModule (rec {
owner = "elastic";
repo = "beats";
rev = "v${version}";
hash = "sha256-BGi2fGUz0J7BuLo3JA4c2yUlWXdLpjn+AcMHkDGd3js=";
hash = "sha256-Quq32/3NeGhrsy17GrIeBiB3LGQuMFTFl3lAyyU6GZM=";
};
vendorHash = "sha256-FtFHfxCIZ4G1aFfGUgRfTz+zL4OE4SLPuDzXqL6CDyo=";
vendorHash = "sha256-UJjwCRxY1rrymroBqC/SfCVM9vmnQOtLlS3OONih3kM=";
subPackages = [ package ];

View file

@ -18,10 +18,10 @@ let
plat = elemAt info 1;
shas =
{
x86_64-linux = "f49d8fce010db83e6a89462535c71ba11a1153589038a7db430fc7db44178a55d5538dea80e6d4c690f4f0e838168965297c6a3ae31fbc5020af4d966067a90c";
x86_64-darwin = "b7d87bfa2e1793354bfb51ea11bbeeb29cfba62633288c3ed4ab9eecc05d05953db9446e7ca46ffe63f5aa646a0534fb8f4aa897a59fa2ae7e200b824576d915";
aarch64-linux = "aa9624c1777a8530f5eca4f75385de1a95ba8db3d56810cc1e134434438181580c32f5f46ab79094742d077e9b741cfb2549cda549147123dae14109e27a1443";
aarch64-darwin = "191e04a1e440a5ad679d04f6d852a6ab26cb14870b8af38a2ab6a14251a7b6d1ed7646e33b87f4971bb04a68d767abaecaa8dba07e3ae29211f0a358bb499d61";
x86_64-linux = "7a2013e43c7fc39e86a31a733cc74c587ef2bba0c013f95ce874f98b488a4f8f0e6fb254a1eedd5c0b0e210aed9a0195f7358fa9653c890e234413ff93190807";
x86_64-darwin = "e6f49e7c0f59e260b3e3d43e57375c9352976c4f51118005e3a9127f41b59f95e51ea158cd318e99410e6d98464ea1f84432c905d12a84b8f68b2ce35905f944";
aarch64-linux = "f2790f49b79c381246bbf87431919452af93aa4fd8aa6bc9c1f9031e7ed5d9c649f5bab867c28a7d1602e2285d3f4a5f78f809ac05744b02ad67d68610bb677d";
aarch64-darwin = "75b66b60650bb82dc517f4a594fa40816d3becb92bf3b349f3e8324cc6b297c8bcacebc08e7661891fd4ede03a099fea56c1509291804dd03345717c36564172";
};
in
stdenv.mkDerivation rec {

View file

@ -37,8 +37,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${version}.zip";
sha256 =
if version == "7.17.9" then "sha256-70KU7aGUHEZsjykXqHUYspGyX0CCrlS1er9WdUbxxSE="
hash =
if version == "7.17.10" then "sha256-D08CVW/qHpZZaKnploM4aCJ4bunvPjVmieDYr1d6jQA="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -53,8 +53,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${version}.zip";
sha256 =
if version == "7.17.9" then "sha256-oRTs1eK7jpoKaMvc+6rx9qiA8wg+gYUADM0HuJU0nOY="
hash =
if version == "7.17.10" then "sha256-cpgr2zPCpsLrmshWJWoGNcGl0X+bO/K4A9bMqLv8+H8="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -69,7 +69,7 @@ in
version = esVersion;
src = fetchurl {
url = "https://github.com/vhyza/elasticsearch-${pluginName}/releases/download/v${version}/elasticsearch-${pluginName}-${version}-plugin.zip";
sha256 =
hash =
if version == "7.17.9" then "sha256-iY25apDkS6s0RoR9dVL2o/hFuUo6XhMzLjl8wDSFejk="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
@ -77,6 +77,7 @@ in
homepage = "https://github.com/vhyza/elasticsearch-analysis-lemmagen";
description = "LemmaGen Analysis plugin provides jLemmaGen lemmatizer as Elasticsearch token filter";
license = licenses.asl20;
broken = true; # Not released yet for ES 7.17.10
};
};
@ -85,8 +86,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${version}.zip";
sha256 =
if version == "7.17.9" then "sha256-xlEabvNiddEwRfKrHIq1QPFJFMd2gByurIZF9LOxVSs="
hash =
if version == "7.17.10" then "sha256-UmykO+hZDvlFhEbf7zL2bdw4j6NhByRBu9eH3F6/EtM="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -101,8 +102,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${version}.zip";
sha256 =
if version == "7.17.9" then "sha256-J1q87fhL4A5tkxPADgHflPbO2RRMGPUk58l7DEpgd94="
hash =
if version == "7.17.10" then "sha256-Y/AbLfHSdocX0NQbnKm63gTWgwzssb4kpSwRqLozD9w="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -117,8 +118,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${version}.zip";
sha256 =
if version == "7.17.9" then "sha256-BhJtBdsT5Xapehfn0xaTWpSrvT1W+Hhv/yqliA6dBG8="
hash =
if version == "7.17.10" then "sha256-QIYD7cGpJQg+csv/tekN6GFtdnuhYU6VyAXk7nY/uWs="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -133,8 +134,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${esVersion}.zip";
sha256 =
if version == "7.17.9" then "sha256-bjVMVwZfj9WyjkwTXwTJdmaqZ1sWuvOZKXh9PFTOwb8="
hash =
if version == "7.17.10" then "sha256-L8lS+EPYuhNNTnP3ImeZsBQ5a5DAncs3qBFDWGWISRI="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -149,8 +150,8 @@ in
version = esVersion;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/elasticsearch-plugins/${pluginName}/${pluginName}-${esVersion}.zip";
sha256 =
if version == "7.17.9" then "sha256-ZyImIHYOz5bOEA+ARtPB2CznTOSjFKsavzWXXEzfkO8="
hash =
if version == "7.17.10" then "sha256-eXstbxlyS8WzW8u5YiMFXGpILCcEWrIb/IxXVzAGFLU="
else throw "unsupported version ${version} for plugin ${pluginName}";
};
meta = with lib; {
@ -166,13 +167,13 @@ in
pluginName = "search-guard";
version =
# https://docs.search-guard.com/latest/search-guard-versions
if esVersion == "7.17.9" then "${esVersion}-53.6.0"
if esVersion == "7.17.10" then "${esVersion}-53.7.0"
else throw "unsupported version ${esVersion} for plugin ${pluginName}";
src =
if esVersion == "7.17.9" then
if esVersion == "7.17.10" then
fetchurl {
url = "https://maven.search-guard.com/search-guard-suite-release/com/floragunn/search-guard-suite-plugin/${version}/search-guard-suite-plugin-${version}.zip";
sha256 = "sha256-HwxNvWvjqaI3ytSjNnsGcyt3omIZp69bgwxoufL2Nj8=";
hash = "sha256-FIF4O8z0U2giXVA2cNEdCDbpuJDJhaxHBOmv2fACucw=";
}
else throw "unsupported version ${version} for plugin ${pluginName}";
meta = with lib; {

View file

@ -16,14 +16,14 @@ let
shas =
if enableUnfree
then {
x86_64-linux = "a43d592e70f023a594f31a3fba365a9cca6611599bd61f998cb1fc38ddd177d459bce23eaf54f811fe0a87a47cdd4bf4b4d4c8008dab1ac03173371f63b91b6c";
x86_64-darwin = "7f7d89f438400da178b30f345b6ebc80f55f87f38b8925ca8c9dea86f0e2f23f70ccab03fdef5b83c085f1441e77592aab05006d163bc2af1920e1cc0ebdfc17";
aarch64-linux = "3c74d622c362e3aa72442a477ef34b0eb9131f5b550166d0f7f422bd3678acf07d75c702691d6606e5501f4b40854a352398d1c2813f1fb0a152663d75d5658b";
x86_64-linux = "5391bfef09c403a365518a3a8e8f075bb7974b137095b3c7fd2a0173cfa6dbd4a7451170a3657afef3e6a468e90a38d6e7a5b669799878f9389fa44ff8fee026";
x86_64-darwin = "8e3516b82329a47505358fb7eab486ca39423adc44a1f061c35f6ba225ac2f37330f2afc3e37eb652b6536e5ca35d77ac2485dec743fa8d99dd4fcc60bddbc21";
aarch64-linux = "06f91a5aabff0f86a4150de6c1fd02fb6d0a44b04ac660597cb4c8356cf1d22552aaa77899db42a49a5e35b3cad73be5d7bad8cacfb4b17e622949329cdf791a";
}
else {
x86_64-linux = "7c3f9867853582e5d06b9f895b4740abf56a9b6ce34dfbfb624cf9a4b956f489145cd13f3194a7fb16efc52410f55e797c269dc2957a35bdebf9e1aaa3547eaa";
x86_64-darwin = "d81c20317a7c163e42f5aad9e148505a64bba8565ff913650a840918b80e6aadde071596e569b0c8f965810b821779ca3d00f9a7cb24a5c86fff571ca9227c38";
aarch64-linux = "93d9700fc3dd99bc918be19fe41ef60b9071eadcc6fd57833dbf1fff2e0f2419c62f3493a0454f215b0dfd30cec90f1aca5eeff15c4eb3a583519dc9a69e896a";
x86_64-linux = "ba22c4c414f47515387bb28cc47612bea58aff97c407f2571863e83174a2bef273627f65dd531ed833e40668c79144a501d49c3ec691c1b1c4d8fb0cb124b052";
x86_64-darwin = "81a97ca06c086fac33f32e90124f649d5ddce09d649021020f434b75b5bff63065f9dc8aa267b72cedd581089bc24db12122f705ef8b69acf8f59f11771cbf77";
aarch64-linux = "64adb41a7a1b14b21d463b333f3f4470a4db9140e288d379bf79510c83091d5ca27e997961d757cee2329b85d16da6da8a1038a00aeabb1e74ab8f95b841ad0a";
};
this = stdenv.mkDerivation rec {
version = elk7Version;

View file

@ -7249,7 +7249,7 @@ with pkgs;
# The latest version used by elasticsearch, logstash, kibana and the the beats from elastic.
# When updating make sure to update all plugins or they will break!
elk7Version = "7.17.9";
elk7Version = "7.17.10";
elasticsearch7 = callPackage ../servers/search/elasticsearch/7.x.nix {
util-linux = util-linuxMinimal;