From 77d424875c4d035c3025bcb7f8f58c2a11229f93 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 04:54:13 +0200 Subject: [PATCH 1/9] chromium: Temporarily use bundled zlib. Well, after looking a bit more thoroughly through the zlib patch from the Chromium team, it seams, that this really fix an issue that hasn't yet been applied upstream. Unfortunately neither Chromium nor Zlib give more information about that issue. Maybe they're waiting until its resolved upstream and thus the temporary patch? The bad news is, that the fix for the vulnerability is incomplete in Chromium and covers only the use cases of Chromium itself, so we can't include that patched version in nixpkgs zlib derivation. Until the issue is fixed upstream we're hereby safer off turning it off in Chromium and thus use the bundled and patched version. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 21 ++++--------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 59b05e94911f..7dee8f3d296c 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -63,13 +63,13 @@ let use_system_stlport = true; use_system_xdg_utils = true; use_system_yasm = true; - use_system_zlib = true; + use_system_zlib = false; # http://crbug.com/143623 use_system_harfbuzz = false; use_system_icu = false; - use_system_libwebp = false; # See chromium issue #133161 + use_system_libwebp = false; # http://crbug.com/133161 use_system_skia = false; - use_system_sqlite = false; # See chromium issue #22208 + use_system_sqlite = false; # http://crbug.com/22208 use_system_v8 = false; }; @@ -84,18 +84,6 @@ let pre22 = versionOlder sourceInfo.version "22.0.0.0"; in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; - # XXX: this reverts r151720 to prevent http://crbug.com/143623 - maybeRevertZlibChanges = let - below22_91 = versionOlder sourceInfo.version "22.0.1229.91"; - patch = fetchurl { - name = "revert-r151720"; - url = "http://git.chromium.org/gitweb/?p=chromium.git;a=commitdiff_plain;" - + "hp=4419ec6414b33b6b19bb2e380b4998ed5193ecab;" - + "h=0fabb4fda7059a8757422e8a44e70deeab28e698"; - sha256 = "0n0d6mkg89g8q63cifapzpg9dxfs2n6xvk4k13szhymvf67b77pf"; - }; - in optional (below22_91) patch; - in stdenv.mkDerivation rec { name = "${packageName}-${version}"; packageName = "chromium"; @@ -129,8 +117,7 @@ in stdenv.mkDerivation rec { patches = optional (!cfg.selinux) seccompPatch ++ optional cfg.cups ./cups_allow_deprecated.patch - ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch - ++ maybeRevertZlibChanges; + ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch; postPatch = optionalString cfg.openssl '' cat $opensslPatches | patch -p1 -d third_party/openssl/openssl From 949afcc0f2d82cb00a7f0ca9c0dc4b45f8fe273f Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 05:49:13 +0200 Subject: [PATCH 2/9] chromium: New seccomp patch for versions >= 23. The BPF renderer sandbox is now the default in 23. But still, it is not regarded as "adequately sandboxed" from Google so we still need the legacy seccomp sandbox. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 5 ++++- .../browsers/chromium/enable_seccomp23.patch | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 7dee8f3d296c..62ceb2dfb9be 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -82,7 +82,10 @@ let seccompPatch = let pre22 = versionOlder sourceInfo.version "22.0.0.0"; - in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; + pre23 = versionOlder sourceInfo.version "23.0.0.0"; + in if pre22 then ./enable_seccomp.patch + else if pre23 then ./enable_seccomp22.patch + else ./enable_seccomp23.patch; in stdenv.mkDerivation rec { name = "${packageName}-${version}"; diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch new file mode 100644 index 000000000000..bde476adbfd5 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch @@ -0,0 +1,18 @@ +diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc +index ad73fe6..ee3e6e6 100644 +--- a/content/common/sandbox_linux.cc ++++ b/content/common/sandbox_linux.cc +@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() { + return false; + } + #if defined(SECCOMP_SANDBOX) +-#if defined(NDEBUG) +- // Off by default. Allow turning on with a switch. +- return command_line->HasSwitch(switches::kEnableSeccompSandbox); +-#else + // On by default. Allow turning off with a switch. + return !command_line->HasSwitch(switches::kDisableSeccompSandbox); +-#endif // NDEBUG + #endif // SECCOMP_SANDBOX + return false; + } From df64adc2dfbfc2e32319799ef713ecef5976d847 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 05:52:06 +0200 Subject: [PATCH 3/9] chromium: Update dev and beta channels. dev: 23.0.1271.10 -> 24.0.1284.2 (not tested, probably won't build?) beta: 22.0.1229.91 -> 23.0.1271.17 (issues, see below) While testing the beta release, I've been bitten by http://crbug.com/149834, so as this is a beta release, I'm not sure if we should patch again to disable the BPF seccomp sandbox. Signed-off-by: aszlig --- .../networking/browsers/chromium/sources.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix index 9d2a78931027..8dd406e5ea4f 100644 --- a/pkgs/applications/networking/browsers/chromium/sources.nix +++ b/pkgs/applications/networking/browsers/chromium/sources.nix @@ -1,14 +1,14 @@ # This file is autogenerated from update.sh in the same directory. { dev = { - version = "23.0.1271.10"; - url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.10.tar.bz2"; - sha256 = "1jm9fhnq978lfn21xripf7l2n362axinggnxlz7rcc9as1y086y3"; + version = "24.0.1284.2"; + url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-24.0.1284.2.tar.bz2"; + sha256 = "0lp3r4n3d71wy2ndzcfwvrp9vc1ii98pxip1c8hfinz994ca1ykx"; }; beta = { - version = "22.0.1229.91"; - url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-22.0.1229.91.tar.bz2"; - sha256 = "1b47rb5hw0k2fwc4jvmjpmxbhmqxgkz66j3mrjy4f8im41hmndyw"; + version = "23.0.1271.17"; + url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.17.tar.bz2"; + sha256 = "1nyc2s378sx7ymmginipiphygg7s59iwg2kirlbgz60fl8wygzv2"; }; stable = { version = "22.0.1229.79"; From 10679a7ba6bb92779f7d24b7ac5682e6497934b2 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 07:04:47 +0200 Subject: [PATCH 4/9] chromium: Fix chromium bug 149834 for version 23. This is just a temporary fix and will only thrown away as soon as a proper fix is included upstream, see http://crbug.com/149834 for more details about this. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 62ceb2dfb9be..1a1030606cfa 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -87,6 +87,14 @@ let else if pre23 then ./enable_seccomp22.patch else ./enable_seccomp23.patch; + maybeBpfTemporaryFix = let + patch = fetchurl { + url = "https://chromiumcodereview.appspot.com/download/issue11032056_1_2.diff"; + sha256 = "eb13dc627940ad56939837ad1093b2c388f6cf79f1f25cdc1b2e25e987c73d1c"; + }; + needPatch = !versionOlder sourceInfo.version "23.0.1271.0"; + in optional needPatch patch; + in stdenv.mkDerivation rec { name = "${packageName}-${version}"; packageName = "chromium"; @@ -120,7 +128,8 @@ in stdenv.mkDerivation rec { patches = optional (!cfg.selinux) seccompPatch ++ optional cfg.cups ./cups_allow_deprecated.patch - ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch; + ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch + ++ maybeBpfTemporaryFix; postPatch = optionalString cfg.openssl '' cat $opensslPatches | patch -p1 -d third_party/openssl/openssl From 17fe198695572fb944bf3b3f6f1faaced63c508d Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 07:16:23 +0200 Subject: [PATCH 5/9] chromium: Disable legacy seccomp sandbox in v23. This removes the patch introduced in 949afcc0f2d82cb00a7f0ca9c0dc4b45f8fe273f. The reason behind this is because even though we patch in the legacy seccomp sandbox by default, it won't be used anyway as both cannot coexist anymore. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 11 +++++------ .../browsers/chromium/enable_seccomp23.patch | 18 ------------------ 2 files changed, 5 insertions(+), 24 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 1a1030606cfa..b3a149c8105e 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -80,12 +80,11 @@ let xdg_utils yasm zlib ]; - seccompPatch = let + maybeSeccompPatch = let pre22 = versionOlder sourceInfo.version "22.0.0.0"; pre23 = versionOlder sourceInfo.version "23.0.0.0"; - in if pre22 then ./enable_seccomp.patch - else if pre23 then ./enable_seccomp22.patch - else ./enable_seccomp23.patch; + patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; + in optional pre23 patch; maybeBpfTemporaryFix = let patch = fetchurl { @@ -126,9 +125,9 @@ in stdenv.mkDerivation rec { prePatch = "patchShebangs ."; - patches = optional (!cfg.selinux) seccompPatch - ++ optional cfg.cups ./cups_allow_deprecated.patch + patches = optional cfg.cups ./cups_allow_deprecated.patch ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch + ++ maybeSeccompPatch ++ maybeBpfTemporaryFix; postPatch = optionalString cfg.openssl '' diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch deleted file mode 100644 index bde476adbfd5..000000000000 --- a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc -index ad73fe6..ee3e6e6 100644 ---- a/content/common/sandbox_linux.cc -+++ b/content/common/sandbox_linux.cc -@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() { - return false; - } - #if defined(SECCOMP_SANDBOX) --#if defined(NDEBUG) -- // Off by default. Allow turning on with a switch. -- return command_line->HasSwitch(switches::kEnableSeccompSandbox); --#else - // On by default. Allow turning off with a switch. - return !command_line->HasSwitch(switches::kDisableSeccompSandbox); --#endif // NDEBUG - #endif // SECCOMP_SANDBOX - return false; - } From 58a4edd294b855057bedb97c302a681f4544c385 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 07:30:16 +0200 Subject: [PATCH 6/9] chromium: Drop seccomp patch for version 21. Version 22 is the current version of the stable channel, so we don't need to carry around a patch for earlier versions. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 4 +--- .../browsers/chromium/enable_seccomp.patch | 22 +++++++++---------- .../browsers/chromium/enable_seccomp22.patch | 20 ----------------- 3 files changed, 12 insertions(+), 34 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index b3a149c8105e..b34e13c920e3 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -81,10 +81,8 @@ let ]; maybeSeccompPatch = let - pre22 = versionOlder sourceInfo.version "22.0.0.0"; pre23 = versionOlder sourceInfo.version "23.0.0.0"; - patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; - in optional pre23 patch; + in optional pre23 ./enable_seccomp.patch; maybeBpfTemporaryFix = let patch = fetchurl { diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch index edeee37f19ca..f947d796f186 100644 --- a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch +++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch @@ -1,12 +1,12 @@ -diff --git a/content/common/seccomp_sandbox.h b/content/common/seccomp_sandbox.h -index a07d6f3..a622a35 100644 ---- a/content/common/seccomp_sandbox.h -+++ b/content/common/seccomp_sandbox.h -@@ -29,15 +29,9 @@ static bool SeccompSandboxEnabled() { - // TODO(evan): turn on for release too once we've flushed out all the bugs, - // allowing us to delete this file entirely and just rely on the "disabled" - // switch. --#ifdef NDEBUG +diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc +index d4618e5..108f846 100644 +--- a/content/common/sandbox_linux.cc ++++ b/content/common/sandbox_linux.cc +@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) { + // Implement the command line enabling logic for seccomp-legacy. + bool IsSeccompLegacyDesired() { + #if defined(SECCOMP_SANDBOX) +-#if defined(NDEBUG) - // Off by default; allow turning on with a switch. - return CommandLine::ForCurrentProcess()->HasSwitch( - switches::kEnableSeccompSandbox); @@ -15,6 +15,6 @@ index a07d6f3..a622a35 100644 return !CommandLine::ForCurrentProcess()->HasSwitch( switches::kDisableSeccompSandbox); -#endif // NDEBUG - } #endif // SECCOMP_SANDBOX - + return false; + } diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch deleted file mode 100644 index f947d796f186..000000000000 --- a/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc -index d4618e5..108f846 100644 ---- a/content/common/sandbox_linux.cc -+++ b/content/common/sandbox_linux.cc -@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) { - // Implement the command line enabling logic for seccomp-legacy. - bool IsSeccompLegacyDesired() { - #if defined(SECCOMP_SANDBOX) --#if defined(NDEBUG) -- // Off by default; allow turning on with a switch. -- return CommandLine::ForCurrentProcess()->HasSwitch( -- switches::kEnableSeccompSandbox); --#else - // On by default; allow turning off with a switch. - return !CommandLine::ForCurrentProcess()->HasSwitch( - switches::kDisableSeccompSandbox); --#endif // NDEBUG - #endif // SECCOMP_SANDBOX - return false; - } From 58afd436155c7e49a9096d6a70320e6d98603b77 Mon Sep 17 00:00:00 2001 From: Rickard Nilsson Date: Mon, 8 Oct 2012 12:35:25 +0200 Subject: [PATCH 7/9] obnam: Update to version 1.2. Also update its dependencies (python libraries) --- pkgs/tools/backup/obnam/default.nix | 6 +++--- pkgs/top-level/python-packages.nix | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/pkgs/tools/backup/obnam/default.nix b/pkgs/tools/backup/obnam/default.nix index 119633e06387..07b86c2e41ed 100644 --- a/pkgs/tools/backup/obnam/default.nix +++ b/pkgs/tools/backup/obnam/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, python, pythonPackages, pycrypto, attr }: pythonPackages.buildPythonPackage { - name = "obnam-1.1"; + name = "obnam-1.2"; namePrefix = ""; src = fetchurl rec { - url = "http://code.liw.fi/debian/pool/main/o/obnam/obnam_1.1.orig.tar.gz"; - sha256 = "763693e5ea4e8d6a63b1a16c2aacd5fe0dc97abc687c8f0dde5840f77d549349"; + url = "http://code.liw.fi/debian/pool/main/o/obnam/obnam_1.2.orig.tar.gz"; + sha256 = "33457452726d5c393d98c565b8e1ab3ac11276cc42bf67c4eee6c4e4ac9976d6"; }; buildInputs = [ pythonPackages.sphinx attr ]; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e7ce262649e3..f511b64ceda3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3120,11 +3120,11 @@ let pythonPackages = python.modules // rec { }; cliapp = buildPythonPackage rec { - name = "cliapp-1.20120630"; + name = "cliapp-1.20120929"; src = fetchurl rec { - url = "http://code.liw.fi/debian/pool/main/p/python-cliapp/python-cliapp_1.20120630.orig.tar.gz"; - sha256 = "6beeb1fb3077561540094584ce36055266ac67b80f158b9b82fe4075096f4716"; + url = "http://code.liw.fi/debian/pool/main/p/python-cliapp/python-cliapp_1.20120929.orig.tar.gz"; + sha256 = "30d5077e53b3e45f892b1c49feaaf4f47e4664400ed71435e77a82a2b823a0f8"; }; buildInputs = [ sphinx ]; @@ -3140,11 +3140,11 @@ let pythonPackages = python.modules // rec { }; tracing = buildPythonPackage rec { - name = "tracing-0.6"; + name = "tracing-0.7"; src = fetchurl rec { - url = "http://code.liw.fi/debian/pool/main/p/python-tracing/python-tracing_0.6.orig.tar.gz"; - sha256 = "1164cf05891f9bca93fb87413f32d2c4da90348adbf69b0ad36a464b7adcd354"; + url = "http://code.liw.fi/debian/pool/main/p/python-tracing/python-tracing_0.7.orig.tar.gz"; + sha256 = "9954a1b0cc6b957d15975b048f929bbdd46766d397a6fa51bf8f6498b9459276"; }; buildInputs = [ sphinx ]; @@ -3160,11 +3160,11 @@ let pythonPackages = python.modules // rec { }; ttystatus = buildPythonPackage rec { - name = "ttystatus-0.19"; + name = "ttystatus-0.21"; src = fetchurl rec { - url = "http://code.liw.fi/debian/pool/main/p/python-ttystatus/python-ttystatus_0.19.orig.tar.gz"; - sha256 = "7cc112a4783f2e0c354c5244f8e50b18733b5957677b56a755c1016e04c0c28d"; + url = "http://code.liw.fi/debian/pool/main/p/python-ttystatus/python-ttystatus_0.21.orig.tar.gz"; + sha256 = "4a1f3a41c9bd3b5d2bd8e6f093890857301e590aa1d428fc9a6dca591227244c"; }; buildInputs = [ sphinx ]; @@ -3180,11 +3180,11 @@ let pythonPackages = python.modules // rec { }; larch = buildPythonPackage rec { - name = "larch-1.20120527"; + name = "larch-1.20121006"; src = fetchurl rec { - url = "http://code.liw.fi/debian/pool/main/p/python-larch/python-larch_1.20120527.orig.tar.gz"; - sha256 = "2865a1bfa6bd276bf746e8e7cb73d5199d0b6d00045d8c92e158626687d3bbe1"; + url = "http://code.liw.fi/debian/pool/main/p/python-larch/python-larch_1.20121006.orig.tar.gz"; + sha256 = "b4482981010e9c22ee3fce6fdc664b8fc0a1a3a18ed30b40f247f3b44437ccfa"; }; buildInputs = [ sphinx ]; From 692ad8059a4d9e10e6310a2256ad8f618463844c Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 15:05:00 +0200 Subject: [PATCH 8/9] chromium: Build using libexif from nixpkgs. While libexif has been bundled with chromium for some months already, they only recently added the GYP option to switch to using the system library. So, let's enable it. Signed-off-by: aszlig --- pkgs/applications/networking/browsers/chromium/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index b34e13c920e3..c4dc413c0f5b 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -5,6 +5,7 @@ , libevent, expat, libjpeg , libpng, libxml2, libxslt , xdg_utils, yasm, zlib +, libexif , python, perl, pkgconfig , nspr, udev, krb5 @@ -55,6 +56,7 @@ let use_system_flac = true; use_system_libevent = true; use_system_libexpat = true; + use_system_libexif = true; use_system_libjpeg = true; use_system_libpng = true; use_system_libxml = true; @@ -78,6 +80,7 @@ let libevent expat libjpeg libpng libxml2 libxslt xdg_utils yasm zlib + libexif ]; maybeSeccompPatch = let From 1983d4fdfc28640993dd00c1ceed0e87a09d345c Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 15:06:15 +0200 Subject: [PATCH 9/9] chromium: Build using libusb (1.0) from nixpkgs. This dependency has recently been added to chromium while we didn't notice it, so let's avoid to use the bundled version. It might make sense to remove the unneeded files in third_party/ based on a whitelist, so that we notice future changes like this earlier. Signed-off-by: aszlig --- pkgs/applications/networking/browsers/chromium/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index c4dc413c0f5b..1ea854c5e9df 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -5,7 +5,7 @@ , libevent, expat, libjpeg , libpng, libxml2, libxslt , xdg_utils, yasm, zlib -, libexif +, libusb1, libexif , python, perl, pkgconfig , nspr, udev, krb5 @@ -59,6 +59,7 @@ let use_system_libexif = true; use_system_libjpeg = true; use_system_libpng = true; + use_system_libusb = true; use_system_libxml = true; use_system_speex = true; use_system_ssl = cfg.openssl; @@ -80,7 +81,7 @@ let libevent expat libjpeg libpng libxml2 libxslt xdg_utils yasm zlib - libexif + libusb1 libexif ]; maybeSeccompPatch = let