nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-04-14 13:57:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

chromium: Temporarily use bundled zlib.

Browse Source 
Well, after looking a bit more thoroughly through the zlib patch from the
Chromium team, it seams, that this really fix an issue that hasn't yet been
applied upstream. Unfortunately neither Chromium nor Zlib give more information
about that issue. Maybe they're waiting until its resolved upstream and thus the
temporary patch?

The bad news is, that the fix for the vulnerability is incomplete in Chromium
and covers only the use cases of Chromium itself, so we can't include that
patched version in nixpkgs zlib derivation.

Until the issue is fixed upstream we're hereby safer off turning it off in
Chromium and thus use the bundled and patched version.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2012-10-08 04:54:13 +02:00
parent c6c7019091
commit 77d424875c
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 4 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -63,13 +63,13 @@ let
use_system_stlport = true;
use_system_xdg_utils = true;
use_system_yasm = true;
use_system_zlib = true;
use_system_zlib = false; # http://crbug.com/143623
use_system_harfbuzz = false;
use_system_icu = false;
use_system_libwebp = false; # See chromium issue #133161
use_system_libwebp = false; # http://crbug.com/133161
use_system_skia = false;
use_system_sqlite = false; # See chromium issue #22208
use_system_sqlite = false; # http://crbug.com/22208
use_system_v8 = false;
};
@ -84,18 +84,6 @@ let
pre22 = versionOlder sourceInfo.version "22.0.0.0";
in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
# XXX: this reverts r151720 to prevent http://crbug.com/143623
maybeRevertZlibChanges = let
below22_91 = versionOlder sourceInfo.version "22.0.1229.91";
patch = fetchurl {
name = "revert-r151720";
url = "http://git.chromium.org/gitweb/?p=chromium.git;a=commitdiff_plain;"
+ "hp=4419ec6414b33b6b19bb2e380b4998ed5193ecab;"
+ "h=0fabb4fda7059a8757422e8a44e70deeab28e698";
sha256 = "0n0d6mkg89g8q63cifapzpg9dxfs2n6xvk4k13szhymvf67b77pf";
};
in optional (below22_91) patch;
in stdenv.mkDerivation rec {
name = "${packageName}-${version}";
packageName = "chromium";
@ -129,8 +117,7 @@ in stdenv.mkDerivation rec {
patches = optional (!cfg.selinux) seccompPatch
++ optional cfg.cups ./cups_allow_deprecated.patch
++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
++ maybeRevertZlibChanges;
++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch;
postPatch = optionalString cfg.openssl ''
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl