Rambox hasn't had a stable release in a while and an increasing number
of issues which is why I don't intend to use this anymore.
While taking a closer look at the source I also realized that it uses
Electron 7.2.4[1]. This is not only EOLed[2], it also contains a few
security vulnerabilities which is why I decided to mark it as insecure.
A few (most likely not all) vulnerabilities can be found by looking at
the Electron 7 changelog[3]: after 7.2.4 there were a few more releases
with security backports - mostly from Chromium. Security issues that
were found later on (and are probably exploitable on the dependency
chain of rambox) aren't listed here. I only added two issues that seemed
applicable to `rambox`, but I haven't researched enough to check the
other ones.
[1] https://github.com/ramboxapp/community-edition/blob/0.7.7/package.json#L70
[2] https://www.electronjs.org/docs/tutorial/support#currently-supported-versions
[3] https://www.electronjs.org/releases/stable?version=7
The motivation comes from PR #108787: AppImage is the official and
using it should avoid some issues.
Also, migrating both packages (instead of only rambox-pro like #108787)
can make maintaining both packages better. There is now a `mkRambox`
function that abstract most of the build process.
There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
* Added myself to maintainer list
* Add package file for rambox-pro
* Add patch to fix rambox-pro build
* Removed child module refs from package
* Added various fixes for new rambox-pro pkg
* Change name -> pname to address feedback
* Update pkgs/applications/networking/instant-messengers/rambox-pro/default.nix
Co-Authored-By: cawilliamson <home@chrisaw.com>
* Moved rambox-pro to rambox pkg
* Fixed package name - no idea what I was thinking here!
* Replace patch with postPatch script
Co-Authored-By: cawilliamson <home@chrisaw.com>
* Removed patch file
