diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/rainloop')
| -rw-r--r-- | nixpkgs/pkgs/servers/rainloop/default.nix | 71 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch | 23 |
2 files changed, 94 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/rainloop/default.nix b/nixpkgs/pkgs/servers/rainloop/default.nix new file mode 100644 index 000000000000..f034f83f4835 --- /dev/null +++ b/nixpkgs/pkgs/servers/rainloop/default.nix @@ -0,0 +1,71 @@ +{ lib, stdenv, fetchurl, unzip, writeText, dos2unix, dataPath ? "/var/lib/rainloop" }: let + common = { edition, sha256 }: + stdenv.mkDerivation (rec { + pname = "rainloop${lib.optionalString (edition != "") "-${edition}"}"; + version = "1.16.0"; + + nativeBuildInputs = [ unzip dos2unix ]; + + unpackPhase = '' + mkdir rainloop + unzip -q -d rainloop $src + ''; + + src = fetchurl { + url = "https://github.com/RainLoop/rainloop-webmail/releases/download/v${version}/rainloop-${edition}${lib.optionalString (edition != "") "-"}${version}.zip"; + sha256 = sha256; + }; + + prePatch = '' + dos2unix ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php + ''; + + patches = [ + ./fix-cve-2022-29360.patch + ]; + + postPatch = '' + unix2dos ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php + ''; + + includeScript = writeText "include.php" '' + <?php + + /** + * @return string + */ + function __get_custom_data_full_path() + { + $v = getenv('RAINLOOP_DATA_DIR', TRUE); + return $v === FALSE ? '${dataPath}' : $v; + } + ''; + + installPhase = '' + mkdir $out + cp -r rainloop/* $out + rm -rf $out/data + cp ${includeScript} $out/include.php + mkdir $out/data + chmod 700 $out/data + ''; + + meta = with lib; { + description = "Simple, modern & fast web-based email client"; + homepage = "https://www.rainloop.net"; + downloadPage = "https://github.com/RainLoop/rainloop-webmail/releases"; + license = with licenses; if edition == "" then unfree else agpl3Only; + platforms = platforms.all; + maintainers = with maintainers; [ das_j ]; + }; + }); +in { + rainloop-community = common { + edition = "community"; + sha256 = "sha256-25ScQ2OwSKAuqg8GomqDhpebhzQZjCk57h6MxUNiymc="; + }; + rainloop-standard = common { + edition = ""; + sha256 = "sha256-aYCwqFqhJEeakn4R0MUDGcSp+M47JbbCrbYaML8aeSs="; + }; +} diff --git a/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch new file mode 100644 index 000000000000..5ee7ad1103d6 --- /dev/null +++ b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch @@ -0,0 +1,23 @@ +Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/ + +--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php ++++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php +@@ -239,7 +239,8 @@ class HtmlUtils + $oWrapHtml->setAttribute($sKey, $sValue); + } + +- $oWrapDom = $oDom->createElement('div', '___xxx___'); ++ $rand_str = base64_encode(random_bytes(32)); ++ $oWrapDom = $oDom->createElement('div', $rand_str); + $oWrapDom->setAttribute('data-x-div-type', 'body'); + foreach ($aBodylAttrs as $sKey => $sValue) + { +@@ -250,7 +251,7 @@ class HtmlUtils + + $sWrp = $oDom->saveHTML($oWrapHtml); + +- $sResult = \str_replace('___xxx___', $sResult, $sWrp); ++ $sResult = \str_replace($rand_str, $sResult, $sWrp); + } + + $sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult); |