{cinny-unwrapped,fluffychat,jitsi-meet}: inherit vulnerabilities from…

… olm These vendor the libolm code.
NixOS · Aug 16, 2024 · 843268b · 843268b
1 parent 752cb57
commit 843268b
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 11 deletions.
diff --git a/pkgs/applications/networking/instant-messengers/fluffychat/default.nix b/pkgs/applications/networking/instant-messengers/fluffychat/default.nix
@@ -8,6 +8,7 @@
 , pulseaudio
 , makeDesktopItem
 , zenity
+, olm
 
 , targetFlutterPlatform ? "linux"
 }:
@@ -44,6 +45,7 @@ flutter319.buildFlutterApplication (rec {
     maintainers = with maintainers; [ mkg20001 gilice ];
     platforms = [ "x86_64-linux" "aarch64-linux" ];
     sourceProvenance = [ sourceTypes.fromSource ];
+    inherit (olm.meta) knownVulnerabilities;
   };
 } // lib.optionalAttrs (targetFlutterPlatform == "linux") {
   nativeBuildInputs = [ imagemagick ];

diff --git a/pkgs/by-name/ci/cinny-unwrapped/package.nix b/pkgs/by-name/ci/cinny-unwrapped/package.nix
@@ -9,6 +9,7 @@
   pango,
   stdenv,
   darwin,
+  olm,
 }:
 
 buildNpmPackage rec {
@@ -54,5 +55,6 @@ buildNpmPackage rec {
     maintainers = with lib.maintainers; [ abbe ];
     license = lib.licenses.agpl3Only;
     platforms = lib.platforms.all;
+    inherit (olm.meta) knownVulnerabilities;
   };
 }
diff --git a/pkgs/development/libraries/olm/default.nix b/pkgs/development/libraries/olm/default.nix
@@ -28,22 +28,22 @@ stdenv.mkDerivation rec {
     license = licenses.asl20;
     maintainers = with maintainers; [ tilpner oxzi ];
     knownVulnerabilities = [ ''
-      The libolm end‐to‐end encryption library for the Matrix chat
-      protocol has been deprecated upstream, and relies on a cryptography
-      library that has known side‐channel issues and disclaims that its
-      implementations are not cryptographically secure and should not be
-      used when cryptographic security is required.
+      The libolm end‐to‐end encryption library used in many Matrix
+      clients and Jitsi Meet has been deprecated upstream, and relies
+      on a cryptography library that has known side‐channel issues and
+      disclaims that its implementations are not cryptographically secure
+      and should not be used when cryptographic security is required.
 
       It is not known whether the vulnerabilities can be exploited over the
       network in practical conditions. Upstream has announced that there are
       no plans to fix these vulnerabilities, to move to secure cryptography
       implementations, or to otherwise further maintain the library at all.
 
-      You should make an informed decision about whether to override
-      this security warning, especially if you critically rely on
-      Matrix end‐to‐end encryption. If you don’t care about
-      that, or don’t use the Matrix functionality of an application
-      depending on libolm, then there should be no additional risk.
+      You should make an informed decision about whether to override this
+      security warning, especially if you critically rely on end‐to‐end
+      encryption. If you don’t care about that, or don’t use the Matrix
+      functionality of a multi‐protocol client depending on libolm,
+      then there should be no additional risk.
 
       Some clients are investigating migrating away from libolm to maintained
       libraries without known vulnerabilities.

diff --git a/pkgs/servers/web-apps/jitsi-meet/default.nix b/pkgs/servers/web-apps/jitsi-meet/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, nixosTests }:
+{ lib, stdenv, fetchurl, nixosTests, olm }:
 
 stdenv.mkDerivation rec {
   pname = "jitsi-meet";
@@ -34,5 +34,6 @@ stdenv.mkDerivation rec {
     license = licenses.asl20;
     maintainers = teams.jitsi.members;
     platforms = platforms.all;
+    inherit (olm.meta) knownVulnerabilities;
   };
 }