diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2012-10-08 04:54:13 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2012-10-08 07:33:51 +0200 |
| commit | 77d424875c4d035c3025bcb7f8f58c2a11229f93 (patch) | |
| tree | 210450e685515c96a9ff449d4ee51ec163eb56b9 /pkgs/applications | |
| parent | c6c701909123bb3ee593a96b5a18ee39d8aa30e8 (diff) | |
| download | nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar.gz nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar.bz2 nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar.lz nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar.xz nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.tar.zst nixlib-77d424875c4d035c3025bcb7f8f58c2a11229f93.zip | |
chromium: Temporarily use bundled zlib.
Well, after looking a bit more thoroughly through the zlib patch from the Chromium team, it seams, that this really fix an issue that hasn't yet been applied upstream. Unfortunately neither Chromium nor Zlib give more information about that issue. Maybe they're waiting until its resolved upstream and thus the temporary patch? The bad news is, that the fix for the vulnerability is incomplete in Chromium and covers only the use cases of Chromium itself, so we can't include that patched version in nixpkgs zlib derivation. Until the issue is fixed upstream we're hereby safer off turning it off in Chromium and thus use the bundled and patched version. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs/applications')
| -rw-r--r-- | pkgs/applications/networking/browsers/chromium/default.nix | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 59b05e94911f..7dee8f3d296c 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -63,13 +63,13 @@ let use_system_stlport = true; use_system_xdg_utils = true; use_system_yasm = true; - use_system_zlib = true; + use_system_zlib = false; # http://crbug.com/143623 use_system_harfbuzz = false; use_system_icu = false; - use_system_libwebp = false; # See chromium issue #133161 + use_system_libwebp = false; # http://crbug.com/133161 use_system_skia = false; - use_system_sqlite = false; # See chromium issue #22208 + use_system_sqlite = false; # http://crbug.com/22208 use_system_v8 = false; }; @@ -84,18 +84,6 @@ let pre22 = versionOlder sourceInfo.version "22.0.0.0"; in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; - # XXX: this reverts r151720 to prevent http://crbug.com/143623 - maybeRevertZlibChanges = let - below22_91 = versionOlder sourceInfo.version "22.0.1229.91"; - patch = fetchurl { - name = "revert-r151720"; - url = "http://git.chromium.org/gitweb/?p=chromium.git;a=commitdiff_plain;" - + "hp=4419ec6414b33b6b19bb2e380b4998ed5193ecab;" - + "h=0fabb4fda7059a8757422e8a44e70deeab28e698"; - sha256 = "0n0d6mkg89g8q63cifapzpg9dxfs2n6xvk4k13szhymvf67b77pf"; - }; - in optional (below22_91) patch; - in stdenv.mkDerivation rec { name = "${packageName}-${version}"; packageName = "chromium"; @@ -129,8 +117,7 @@ in stdenv.mkDerivation rec { patches = optional (!cfg.selinux) seccompPatch ++ optional cfg.cups ./cups_allow_deprecated.patch - ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch - ++ maybeRevertZlibChanges; + ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch; postPatch = optionalString cfg.openssl '' cat $opensslPatches | patch -p1 -d third_party/openssl/openssl |