From 4ca1c4bcd544703064906f43e67f7ee67d10916f Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 18 Feb 2021 11:44:25 +0100
Subject: [PATCH 1/4] cassandra_2*: mark as insecure

---
 pkgs/servers/nosql/cassandra/2.1.nix     | 4 ++++
 pkgs/servers/nosql/cassandra/2.2.nix     | 4 ++++
 pkgs/servers/nosql/cassandra/generic.nix | 3 ++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/servers/nosql/cassandra/2.1.nix b/pkgs/servers/nosql/cassandra/2.1.nix
index 4511fbcd040a..63d89a29d13f 100644
--- a/pkgs/servers/nosql/cassandra/2.1.nix
+++ b/pkgs/servers/nosql/cassandra/2.1.nix
@@ -4,4 +4,8 @@ callPackage ./generic.nix (args // {
   version = "2.1.22";
   sha256 = "1wk57dz0kmc6d5y8d8dkx269lzh3ark3751z734gxncwdlclcyz3";
   generation = "2_1";
+  extraMeta.knownVulnerabilities = [
+    # Fixed in 3.* but 2.* hasn't been released since
+    "CVE-2020-17516"
+  ];
 })
diff --git a/pkgs/servers/nosql/cassandra/2.2.nix b/pkgs/servers/nosql/cassandra/2.2.nix
index 5cec13e4cd18..dc04c374b3d5 100644
--- a/pkgs/servers/nosql/cassandra/2.2.nix
+++ b/pkgs/servers/nosql/cassandra/2.2.nix
@@ -4,4 +4,8 @@ callPackage ./generic.nix (args // {
   version = "2.2.14";
   sha256 = "1b2x3q1ach44qg07sh8wr7d8a10n36w5522drd3p35djbiwa3d9q";
   generation = "2_2";
+  extraMeta.knownVulnerabilities = [
+    # Fixed in 3.* but 2.* hasn't been released since
+    "CVE-2020-17516"
+  ];
 })
diff --git a/pkgs/servers/nosql/cassandra/generic.nix b/pkgs/servers/nosql/cassandra/generic.nix
index 4d9f09637e9f..f343e20bee5d 100644
--- a/pkgs/servers/nosql/cassandra/generic.nix
+++ b/pkgs/servers/nosql/cassandra/generic.nix
@@ -3,6 +3,7 @@
 # generation is the attribute version suffix such as 3_11 in pkgs.cassandra_3_11
 , generation
 , version, sha256
+, extraMeta ? {}
 , ...
 }:
 
@@ -104,5 +105,5 @@ stdenv.mkDerivation rec {
     platforms = platforms.unix;
     license = licenses.asl20;
     maintainers = [ maintainers.roberth ];
-  };
+  } // extraMeta;
 }

From ac852f63d3dc77cc245c9f627bda7d5af1f0a405 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 18 Feb 2021 11:47:15 +0100
Subject: [PATCH 2/4] cassandra_3_0: 3.0.23 -> 3.0.24

---
 pkgs/servers/nosql/cassandra/3.0.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/nosql/cassandra/3.0.nix b/pkgs/servers/nosql/cassandra/3.0.nix
index 72af03af1d88..7788e3ff381a 100644
--- a/pkgs/servers/nosql/cassandra/3.0.nix
+++ b/pkgs/servers/nosql/cassandra/3.0.nix
@@ -1,7 +1,7 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "3.0.23";
-  sha256 = "0cbia20bggq85q2p6gsybw045qdfqxd5xv8ihppq1hwl21sb2klz";
+  version = "3.0.24";
+  sha256 = "1yxw4jg9n49dbi1mjdfpxczsznl9m6sxlzkmzjancmjzvj5s6bvz";
   generation = "3_0";
 })

From da3bd95ffecc581ea2c0a8883b9ee6f89bec0477 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 18 Feb 2021 11:48:02 +0100
Subject: [PATCH 3/4] cassandra: 3.11.9 -> 3.11.10

---
 pkgs/servers/nosql/cassandra/3.11.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/nosql/cassandra/3.11.nix b/pkgs/servers/nosql/cassandra/3.11.nix
index 15e11145d595..bcdfc8793db5 100644
--- a/pkgs/servers/nosql/cassandra/3.11.nix
+++ b/pkgs/servers/nosql/cassandra/3.11.nix
@@ -1,7 +1,7 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "3.11.9";
-  sha256 = "1ckaacc1z0j72llklrc4587ia6a0pab02bdyac6g3kl6kqvcz40c";
+  version = "3.11.10";
+  sha256 = "1wcv0drhb765fda6kkpsxsyfdv4cqf7nqfwc4bimh4c4djap5rxv";
   generation = "3_11";
 })

From d18e47b7609fba0d71a55dfec077a5d0c1a176bc Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 18 Feb 2021 12:17:30 +0100
Subject: [PATCH 4/4] cassandra: Invoke install hooks

Thanks @r-rmcgibbo for pointing that out
---
 pkgs/servers/nosql/cassandra/generic.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/servers/nosql/cassandra/generic.nix b/pkgs/servers/nosql/cassandra/generic.nix
index f343e20bee5d..ca2001817a34 100644
--- a/pkgs/servers/nosql/cassandra/generic.nix
+++ b/pkgs/servers/nosql/cassandra/generic.nix
@@ -31,6 +31,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ makeWrapper coreutils ];
 
   installPhase = ''
+    runHook preInstall
+
     mkdir $out
     mv * $out
 
@@ -86,6 +88,8 @@ stdenv.mkDerivation rec {
     done
 
     wrapProgram $out/bin/cqlsh --prefix PATH : ${python}/bin
+
+    runHook postInstall
     '';
 
   passthru = {