spotify: use default libgcrypt / libpng #111227
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Instead of overriding
libgcrypt
with the (insecure)libgcrypt_1_5
andlibpng
withlibpng12
, use the defaults for those two packages.spotify
was changed to uselibgcrypt_1_5
instead oflibgcrypt
in commit 165cb05 by @monocell in PR #8157 to address #8156, which found that:Given that the relevant Spotify client is more than 5 years old, I don't think we have to worry about this any more. :)
Built and checked on my NixOS desktop machine because @dotlambda said he wouldn't check proprietary software in #111215.
This commit helps #106203, but doesn't close it because
libgcrypt_1_5
is still used instaruml
.Motivation for this change
libgcrypt_1_5
has a heap overflow vulnerability; removing it is blocked on removing it fromspotify
andstaruml
.Things done
sandbox
innix.conf
on non-NixOS linux)Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)