colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e2a15cd395
nixpkgs/pkgs/applications/networking/instant-messengers/rambox/default.nix
Maximilian Bosch e2a15cd395
rambox: unmaintain & mark as insecure 
Rambox hasn't had a stable release in a while and an increasing number
of issues which is why I don't intend to use this anymore.

While taking a closer look at the source I also realized that it uses
Electron 7.2.4[1]. This is not only EOLed[2], it also contains a few
security vulnerabilities which is why I decided to mark it as insecure.

A few (most likely not all) vulnerabilities can be found by looking at
the Electron 7 changelog[3]: after 7.2.4 there were a few more releases
with security backports - mostly from Chromium. Security issues that
were found later on (and are probably exploitable on the dependency
chain of rambox) aren't listed here. I only added two issues that seemed
applicable to `rambox`, but I haven't researched enough to check the
other ones.

[1] https://github.com/ramboxapp/community-edition/blob/0.7.7/package.json#L70
[2] https://www.electronjs.org/docs/tutorial/support#currently-supported-versions
[3] https://www.electronjs.org/releases/stable?version=7
2021-06-05 13:13:42 +02:00

32 lines
1.3 KiB
Nix
Raw Blame History

{ stdenv, callPackage, fetchurl, lib }:
let
mkRambox = opts: callPackage (import ./rambox.nix opts) { };
in mkRambox rec {
pname = "rambox";
version = "0.7.7";
src = {
x86_64-linux = fetchurl {
url = "https://github.com/ramboxapp/community-edition/releases/download/${version}/Rambox-${version}-linux-x86_64.AppImage";
sha256 = "0f82hq0dzcjicdz6lkzj8889y100yqciqrwh8wjjy9pxkhjcdini";
};
i686-linux = fetchurl {
url = "https://github.com/ramboxapp/community-edition/releases/download/${version}/Rambox-${version}-linux-i386.AppImage";
sha256 = "1nhgqjha10jvyf9nsghvlkibg7byj8qz140639ygag9qlpd52rfs";
};
}.${stdenv.system} or (throw "Unsupported system: ${stdenv.system}");
meta = with lib; {
description = "Free and Open Source messaging and emailing app that combines common web applications into one";
homepage = "https://rambox.pro";
license = licenses.mit;
maintainers = with maintainers; [ ];
platforms = ["i686-linux" "x86_64-linux"];
hydraPlatforms = [];
knownVulnerabilities = [
"Electron 7.2.4 is EOL and contains at least the following vulnerabilities: CVE-2020-6458, CVE-2020-6460 and more (https://www.electronjs.org/releases/stable?version=7). Consider using an alternative such as `ferdi'."
];
};
}
Reference in New Issue View Git Blame Copy Permalink