From 867aab7eed4eb1b5bd8a9431463bc43755d97782 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 30 Aug 2021 11:43:07 +0100
Subject: [PATCH 1/3] grilo: add patch for CVE-2021-39365

(cherry picked from commit f4153fb02c10e63a6fbb501876f609c8a55f262d)
---
 pkgs/development/libraries/grilo/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/grilo/default.nix b/pkgs/development/libraries/grilo/default.nix
index 1b8c46394da..172ae39536e 100644
--- a/pkgs/development/libraries/grilo/default.nix
+++ b/pkgs/development/libraries/grilo/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, meson, ninja, pkg-config, gettext, vala, glib, liboauth, gtk3
+{ lib, stdenv, fetchurl, fetchpatch, meson, ninja, pkg-config, gettext, vala, glib, liboauth, gtk3
 , gtk-doc, docbook_xsl, docbook_xml_dtd_43
 , libxml2, gnome, gobject-introspection, libsoup, totem-pl-parser }:
 
@@ -16,6 +16,14 @@ in stdenv.mkDerivation rec {
     sha256 = "0ywjvh7xw4ql1q4fvl0q5n06n08pga1g1nc9l7c3x5214gr3fj6i";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-39365.patch";
+      url = "https://gitlab.gnome.org/GNOME/grilo/-/commit/cd2472e506dafb1bb8ae510e34ad4797f63e263e.patch";
+      sha256 = "1i1p21vlms43iawg4dl1dibnpsbnkx27kcfvllnx76q07bfrpwzm";
+    })
+  ];
+
   setupHook = ./setup-hook.sh;
 
   mesonFlags = [

From c19b0bf9dea21d9b6781074422f0f5956adcf7b2 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Fri, 27 Aug 2021 22:36:45 +0200
Subject: [PATCH 2/3] nixos/nextcloud: add some notes for `Error: Command
 "upgrade" is not defined.`

This error occurs if `nextcloud-occ maintenance:install` fails and the
`upgrade` command is attempted to be executed afterwards.

Due to the nature of the installer we can't do much about it, so I guess
it makes sense to add some notes about it. The other notes in the
`Pitfalls`-section are semantically a list of different topics, so I
changed that accordingly now.

Closes #111175

(cherry picked from commit 561418f996fc015f4db48b1c9b7c31338cb280d9)
---
 nixos/modules/services/web-apps/nextcloud.xml | 124 ++++++++++++------
 1 file changed, 85 insertions(+), 39 deletions(-)

diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml
index 2adbd9a9495..02c670256bf 100644
--- a/nixos/modules/services/web-apps/nextcloud.xml
+++ b/nixos/modules/services/web-apps/nextcloud.xml
@@ -84,47 +84,93 @@
 </para>
 
  </section>
+
  <section xml:id="module-services-nextcloud-pitfalls-during-upgrade">
-  <title>Pitfalls</title>
+  <title>Common problems</title>
+  <itemizedlist>
+   <listitem>
+    <formalpara>
+     <title>General notes</title>
+     <para>
+      Unfortunately Nextcloud appears to be very stateful when it comes to
+      managing its own configuration. The config file lives in the home directory
+      of the <literal>nextcloud</literal> user (by default
+      <literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to
+      track several states of the application (e.g. whether installed or not).
+     </para>
+    </formalpara>
+    <para>
+     All configuration parameters are also stored in
+     <filename>/var/lib/nextcloud/config/override.config.php</filename> which is generated by
+     the module and linked from the store to ensure that all values from
+     <filename>config.php</filename>can be modified by the module.
+     However <filename>config.php</filename> manages the application's state and shouldn't be
+     touched manually because of that.
+    </para>
+    <warning>
+     <para>Don't delete <filename>config.php</filename>! This file
+     tracks the application's state and a deletion can cause unwanted
+     side-effects!</para>
+    </warning>
 
-  <para>
-   Unfortunately Nextcloud appears to be very stateful when it comes to
-   managing its own configuration. The config file lives in the home directory
-   of the <literal>nextcloud</literal> user (by default
-   <literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to
-   track several states of the application (e.g. whether installed or not).
-  </para>
-
-  <para>
-   All configuration parameters are also stored in
-   <literal>/var/lib/nextcloud/config/override.config.php</literal> which is generated by
-   the module and linked from the store to ensure that all values from <literal>config.php</literal>
-   can be modified by the module.
-   However <literal>config.php</literal> manages the application's state and shouldn't be touched
-   manually because of that.
-  </para>
-
-  <warning>
-   <para>Don't delete <literal>config.php</literal>! This file
-   tracks the application's state and a deletion can cause unwanted
-   side-effects!</para>
-  </warning>
-
-  <warning>
-   <para>Don't rerun <literal>nextcloud-occ
-   maintenance:install</literal>! This command tries to install the application
-   and can cause unwanted side-effects!</para>
-  </warning>
-
-  <para>
-   Nextcloud doesn't allow to move more than one major-version forward. If you're e.g. on
-   <literal>v16</literal>, you cannot upgrade to <literal>v18</literal>, you need to upgrade to
-   <literal>v17</literal> first. This is ensured automatically as long as the
-   <link linkend="opt-system.stateVersion">stateVersion</link> is declared properly. In that case
-   the oldest version available (one major behind the one from the previous NixOS
-   release) will be selected by default and the module will generate a warning that reminds
-   the user to upgrade to latest Nextcloud <emphasis>after</emphasis> that deploy.
-  </para>
+    <warning>
+     <para>Don't rerun <literal>nextcloud-occ
+     maintenance:install</literal>! This command tries to install the application
+     and can cause unwanted side-effects!</para>
+    </warning>
+   </listitem>
+   <listitem>
+    <formalpara>
+     <title>Multiple version upgrades</title>
+     <para>
+      Nextcloud doesn't allow to move more than one major-version forward. If you're e.g. on
+      <literal>v16</literal>, you cannot upgrade to <literal>v18</literal>, you need to upgrade to
+      <literal>v17</literal> first. This is ensured automatically as long as the
+      <link linkend="opt-system.stateVersion">stateVersion</link> is declared properly. In that case
+      the oldest version available (one major behind the one from the previous NixOS
+      release) will be selected by default and the module will generate a warning that reminds
+      the user to upgrade to latest Nextcloud <emphasis>after</emphasis> that deploy.
+     </para>
+    </formalpara>
+   </listitem>
+   <listitem>
+    <formalpara>
+     <title><literal>Error: Command "upgrade" is not defined.</literal></title>
+     <para>
+      This error usually occurs if the initial installation
+      (<command>nextcloud-occ maintenance:install</command>) has failed. After that, the application
+      is not installed, but the upgrade is attempted to be executed. Further context can
+      be found in <link xlink:href="https://github.com/NixOS/nixpkgs/issues/111175">NixOS/nixpkgs#111175</link>.
+     </para>
+    </formalpara>
+    <para>
+     First of all, it makes sense to find out what went wrong by looking at the logs
+     of the installation via <command>journalctl -u nextcloud-setup</command> and try to fix
+     the underlying issue.
+    </para>
+    <itemizedlist>
+     <listitem>
+      <para>
+       If this occurs on an <emphasis>existing</emphasis> setup, this is most likely because
+       the maintenance-mode is active. It can be deactivated by running
+       <command>nextcloud-occ maintenance:mode --off</command>. It's advisable though to
+       check the logs first on why the maintenance mode was activated.
+      </para>
+     </listitem>
+     <listitem>
+      <warning><para>Only perform the following measures on
+      <emphasis>freshly installed instances!</emphasis></para></warning>
+      <para>
+       A re-run of the installer can be forced by <emphasis>deleting</emphasis>
+       <filename>/var/lib/nextcloud/config/config.php</filename>. This is the only time
+       where this is advisable because the fresh install doesn't have any state that can be lost.
+       In case that doesn't help, an entire re-creation can be forced via
+       <command>rm -rf ~nextcloud/</command>.
+      </para>
+     </listitem>
+    </itemizedlist>
+   </listitem>
+  </itemizedlist>
  </section>
 
  <section xml:id="module-services-nextcloud-httpd">

From ebd597d2f386014365374fee023df2944a717e33 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Tue, 31 Aug 2021 17:45:12 +0200
Subject: [PATCH 3/3] nixos/nextcloud: apply doc fixes suggested by fabaff

Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch>
(cherry picked from commit 767bb4e4bbb9a8d06d4c3cbc14092902c2465f98)
---
 nixos/modules/services/web-apps/nextcloud.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml
index 02c670256bf..66ef8054aeb 100644
--- a/nixos/modules/services/web-apps/nextcloud.xml
+++ b/nixos/modules/services/web-apps/nextcloud.xml
@@ -96,14 +96,14 @@
       managing its own configuration. The config file lives in the home directory
       of the <literal>nextcloud</literal> user (by default
       <literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to
-      track several states of the application (e.g. whether installed or not).
+      track several states of the application (e.g., whether installed or not).
      </para>
     </formalpara>
     <para>
      All configuration parameters are also stored in
      <filename>/var/lib/nextcloud/config/override.config.php</filename> which is generated by
      the module and linked from the store to ensure that all values from
-     <filename>config.php</filename>can be modified by the module.
+     <filename>config.php</filename> can be modified by the module.
      However <filename>config.php</filename> manages the application's state and shouldn't be
      touched manually because of that.
     </para>
@@ -123,7 +123,7 @@
     <formalpara>
      <title>Multiple version upgrades</title>
      <para>
-      Nextcloud doesn't allow to move more than one major-version forward. If you're e.g. on
+      Nextcloud doesn't allow to move more than one major-version forward. E.g., if you're on
       <literal>v16</literal>, you cannot upgrade to <literal>v18</literal>, you need to upgrade to
       <literal>v17</literal> first. This is ensured automatically as long as the
       <link linkend="opt-system.stateVersion">stateVersion</link> is declared properly. In that case
@@ -152,7 +152,7 @@
      <listitem>
       <para>
        If this occurs on an <emphasis>existing</emphasis> setup, this is most likely because
-       the maintenance-mode is active. It can be deactivated by running
+       the maintenance mode is active. It can be deactivated by running
        <command>nextcloud-occ maintenance:mode --off</command>. It's advisable though to
        check the logs first on why the maintenance mode was activated.
       </para>
@@ -163,7 +163,7 @@
       <para>
        A re-run of the installer can be forced by <emphasis>deleting</emphasis>
        <filename>/var/lib/nextcloud/config/config.php</filename>. This is the only time
-       where this is advisable because the fresh install doesn't have any state that can be lost.
+       advisable because the fresh install doesn't have any state that can be lost.
        In case that doesn't help, an entire re-creation can be forced via
        <command>rm -rf ~nextcloud/</command>.
       </para>