Loading pkgs/applications/networking/instant-messengers/fluffychat/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ , pulseaudio , makeDesktopItem , zenity , olm , targetFlutterPlatform ? "linux" }: Loading Loading @@ -44,6 +45,7 @@ flutter319.buildFlutterApplication (rec { maintainers = with maintainers; [ mkg20001 gilice ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; sourceProvenance = [ sourceTypes.fromSource ]; inherit (olm.meta) knownVulnerabilities; }; } // lib.optionalAttrs (targetFlutterPlatform == "linux") { nativeBuildInputs = [ imagemagick ]; Loading pkgs/by-name/ci/cinny-unwrapped/package.nix +2 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ pango, stdenv, darwin, olm, }: buildNpmPackage rec { Loading Loading @@ -54,5 +55,6 @@ buildNpmPackage rec { maintainers = with lib.maintainers; [ abbe ]; license = lib.licenses.agpl3Only; platforms = lib.platforms.all; inherit (olm.meta) knownVulnerabilities; }; } pkgs/by-name/el/element-call/package.nix +2 −0 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ , yarnBuildHook , nodejs , npmHooks , olm }: let Loading Loading @@ -52,5 +53,6 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.asl20; maintainers = with maintainers; [ kilimnik ]; mainProgram = "element-call"; inherit (olm.meta) knownVulnerabilities; }; }) pkgs/development/libraries/olm/default.nix +39 −0 Original line number Diff line number Diff line Loading @@ -27,5 +27,44 @@ stdenv.mkDerivation rec { homepage = "https://gitlab.matrix.org/matrix-org/olm"; license = licenses.asl20; maintainers = with maintainers; [ tilpner oxzi ]; knownVulnerabilities = [ '' The libolm end‐to‐end encryption library used in many Matrix clients and Jitsi Meet has been deprecated upstream, and relies on a cryptography library that has known side‐channel issues and disclaims that its implementations are not cryptographically secure and should not be used when cryptographic security is required. It is not known that the issues can be exploited over the network in practical conditions. Upstream has stated that the library should not be used going forwards, and there are no plans to move to a another cryptography implementation or otherwise further maintain the library at all. You should make an informed decision about whether to override this security warning, especially if you critically rely on end‐to‐end encryption. If you don’t care about that, or don’t use the Matrix functionality of a multi‐protocol client depending on libolm, then there should be no additional risk. Some clients are investigating migrating away from libolm to maintained libraries without known vulnerabilities. For further information, see: * The libolm deprecation notice: <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated> * The warning from the cryptography code used by libolm: <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/lib/crypto-algorithms/README.md> * The blog post disclosing the details of the known vulnerabilities: <https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/> * The Matrix.org project lead’s response to the disclosure: <https://news.ycombinator.com/item?id=41249371> * A (likely incomplete) aggregation of client tracking issue links: <https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802> '' ]; }; } pkgs/servers/web-apps/jitsi-meet/default.nix +2 −1 Original line number Diff line number Diff line { lib, stdenv, fetchurl, nixosTests }: { lib, stdenv, fetchurl, nixosTests, olm }: stdenv.mkDerivation rec { pname = "jitsi-meet"; Loading Loading @@ -34,5 +34,6 @@ stdenv.mkDerivation rec { license = licenses.asl20; maintainers = teams.jitsi.members; platforms = platforms.all; inherit (olm.meta) knownVulnerabilities; }; } Loading
pkgs/applications/networking/instant-messengers/fluffychat/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ , pulseaudio , makeDesktopItem , zenity , olm , targetFlutterPlatform ? "linux" }: Loading Loading @@ -44,6 +45,7 @@ flutter319.buildFlutterApplication (rec { maintainers = with maintainers; [ mkg20001 gilice ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; sourceProvenance = [ sourceTypes.fromSource ]; inherit (olm.meta) knownVulnerabilities; }; } // lib.optionalAttrs (targetFlutterPlatform == "linux") { nativeBuildInputs = [ imagemagick ]; Loading
pkgs/by-name/ci/cinny-unwrapped/package.nix +2 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ pango, stdenv, darwin, olm, }: buildNpmPackage rec { Loading Loading @@ -54,5 +55,6 @@ buildNpmPackage rec { maintainers = with lib.maintainers; [ abbe ]; license = lib.licenses.agpl3Only; platforms = lib.platforms.all; inherit (olm.meta) knownVulnerabilities; }; }
pkgs/by-name/el/element-call/package.nix +2 −0 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ , yarnBuildHook , nodejs , npmHooks , olm }: let Loading Loading @@ -52,5 +53,6 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.asl20; maintainers = with maintainers; [ kilimnik ]; mainProgram = "element-call"; inherit (olm.meta) knownVulnerabilities; }; })
pkgs/development/libraries/olm/default.nix +39 −0 Original line number Diff line number Diff line Loading @@ -27,5 +27,44 @@ stdenv.mkDerivation rec { homepage = "https://gitlab.matrix.org/matrix-org/olm"; license = licenses.asl20; maintainers = with maintainers; [ tilpner oxzi ]; knownVulnerabilities = [ '' The libolm end‐to‐end encryption library used in many Matrix clients and Jitsi Meet has been deprecated upstream, and relies on a cryptography library that has known side‐channel issues and disclaims that its implementations are not cryptographically secure and should not be used when cryptographic security is required. It is not known that the issues can be exploited over the network in practical conditions. Upstream has stated that the library should not be used going forwards, and there are no plans to move to a another cryptography implementation or otherwise further maintain the library at all. You should make an informed decision about whether to override this security warning, especially if you critically rely on end‐to‐end encryption. If you don’t care about that, or don’t use the Matrix functionality of a multi‐protocol client depending on libolm, then there should be no additional risk. Some clients are investigating migrating away from libolm to maintained libraries without known vulnerabilities. For further information, see: * The libolm deprecation notice: <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated> * The warning from the cryptography code used by libolm: <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/lib/crypto-algorithms/README.md> * The blog post disclosing the details of the known vulnerabilities: <https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/> * The Matrix.org project lead’s response to the disclosure: <https://news.ycombinator.com/item?id=41249371> * A (likely incomplete) aggregation of client tracking issue links: <https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802> '' ]; }; }
pkgs/servers/web-apps/jitsi-meet/default.nix +2 −1 Original line number Diff line number Diff line { lib, stdenv, fetchurl, nixosTests }: { lib, stdenv, fetchurl, nixosTests, olm }: stdenv.mkDerivation rec { pname = "jitsi-meet"; Loading Loading @@ -34,5 +34,6 @@ stdenv.mkDerivation rec { license = licenses.asl20; maintainers = teams.jitsi.members; platforms = platforms.all; inherit (olm.meta) knownVulnerabilities; }; }
