libgcrypt_1_5: mark as insecure #111215
Merged
libgcrypt_1_5: mark as insecure #111215
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dotlambda
added
1.severity: security
9.needs: port to stable
|
staruml is the only user of this package. Maybe it can be upgraded than we could drop the version entirely. |
No, spotify is using it too. |
|
I don't have a desktop nixos machine to test this on at the moment but the spotify fix should be very straightforward. |
Of course it's straightforward, but I won't be testing proprietary spotify either. |
9999years
added a commit
to 9999years/nixpkgs
that referenced
this pull request
Jan 29, 2021
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in NixOS#111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR NixOS#8157 to address NixOS#8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps NixOS#106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`.
10 tasks
|
Removed |
erictapen
pushed a commit
that referenced
this pull request
Jan 30, 2021
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in #111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR #8157 to address #8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps #106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`.
erictapen
pushed a commit
that referenced
this pull request
Jan 30, 2021
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in #111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR #8157 to address #8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps #106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`. (cherry picked from commit a61c57a)
10 tasks
|
backport: #111283 |
erictapen
added
8.has: port to stable
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
closes #90845 and closes #106203
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)affects spotify (cc @9999years @samuela @timokau) and staruml (cc @flokli @oxalica)