New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libgcrypt_1_5: mark as insecure #111215
libgcrypt_1_5: mark as insecure #111215
Conversation
staruml is the only user of this package. Maybe it can be upgraded than we could drop the version entirely. |
No, spotify is using it too. |
I don't have a desktop nixos machine to test this on at the moment but the spotify fix should be very straightforward. |
Of course it's straightforward, but I won't be testing proprietary spotify either. |
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in NixOS#111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR NixOS#8157 to address NixOS#8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps NixOS#106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`.
Removed |
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in #111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR #8157 to address #8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps #106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`.
Instead of overriding `libgcrypt` with the (insecure) `libgcrypt_1_5` and `libpng` with `libpng12`, use the defaults for those two packages. Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in #111215. `spotify` was changed to use `libgcrypt_1_5` instead of `libgcrypt` in commit 165cb05 by @monocell in PR #8157 to address #8156, which found that: > the current spotify client seems to depend on `libgcrypt.so.11`. > Pretending with libgcrypt.so.20 produces an error like: > ... libgcrypt.so.11: version `GCRYPT_1.2' not found ... Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :) This commit helps #106203, but doesn't close it because `libgcrypt_1_5` is still used in `staruml`. (cherry picked from commit a61c57a)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On 20.09 bracket
also uses libgcrypt_1_5
, as 89cb93a wasn't backported.
As I currently don't see an effort to upgrade staruml and I'm not very motivated to do it myself I think we should just merge (and backport) this.
backport: #111283 |
Motivation for this change
closes #90845 and closes #106203
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)affects spotify (cc @9999years @samuela @timokau) and staruml (cc @flokli @oxalica)