This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.
Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
This is a full rewrite independent of the previously removed cryptpad
module, managing cryptpad's config in RFC0042 along with a shiny test.
Upstream cryptpad provides two nginx configs, with many optimizations
and complex settings; this uses the easier variant for now but
improvements (e.g. serving blocks and js files directly through nginx)
should be possible with a bit of work and care about http headers.
the /checkup page of cryptpad passes all tests except HSTS, we don't
seem to have any nginx config with HSTS enabled in nixpkgs so leave this
as is for now.
Co-authored-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
Co-authored-by: Michael Smith <shmitty@protonmail.com>
It fails to build with
npm ERR! code 1
npm ERR! path /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium
npm ERR! command failed
npm ERR! command sh -c node install.js --preinstall
npm ERR! Static libsodium was not found at /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/deps/build/lib/libsodium so compiling libsodium from source.
npm ERR! automake is required, but wasn't found on this system
npm ERR! make: *** [Makefile:62: libsodium] Error 1
npm ERR! /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287
npm ERR! throw new Error(cmdLine + ' exited with code ' + code);
npm ERR! ^
npm ERR!
npm ERR! Error: make libsodium exited with code 2
npm ERR! at ChildProcess.<anonymous> (/nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287:19)
npm ERR! at ChildProcess.emit (node:events:514:28)
npm ERR! at ChildProcess._handle.onexit (node:internal/child_process:291:12)
npm ERR!
npm ERR! Node.js v18.17.1
mkAliasOptionModule should not default to mdDoc descriptions because
that can break out-of-tree users of documentation infrastructure. add an
explicitly-MD variant for now, to be removed some time after the MD
transition is complete.
Riak have been updated a lot since the version 2.2 (now 3.0.10) but
has seen no updated to the package. This is at this point
a problem forcing us to maintain old versions of erlang.
We would be happy to re accept a newer version of Riak if someone want
to spend the time to set it up.
Still actively developed and yet stuck on python2. Also marked as
vulnerable and their issue tracker contains yet another security issue
reported in 2021/10 that the upstream hasn't acknowledged yet.
Mind blown.
Closes: #135543, #97274, #97275
