archives/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-03-08 01:04:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

chromium: Mark as insecure

Browse source 
Since M81 won't receive any updates anymore and there are known
vulnerabilities we should mark it as insecure so that users are aware of
the risks.
Updating Chromium to M83 is unfortunately too challenging for
19.09, but as of today we've already covered the one month period of
security updates for "oldstable" and both 20.03 and nixos-unstable
contain recent versions (i.e. users should either update to the current
stable release or install Chromium from a different channel).

nixos-unstable PR for M83: #88206
This commit is contained in:
Michael Weiss 2020-05-20 12:17:33 +02:00
parent 31dcaa5eb6
commit 69e4ae56c4
No known key found for this signature in database
GPG key ID: 5BE487C4D4771D83
3 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/release-combined.nix
View file

@ -65,7 +65,6 @@ in rec {
(all "nixos.tests.containers-imperative")
(all "nixos.tests.containers-ipv4")
(all "nixos.tests.containers-ipv6")
"nixos.tests.chromium.x86_64-linux"
(all "nixos.tests.firefox")
(all "nixos.tests.firewall")
(all "nixos.tests.fontconfig-default-fonts")

10
pkgs/applications/networking/browsers/chromium/browser.nix
View file

@ -86,5 +86,15 @@ mkChromiumDerivation (base: rec {
# backported to 19.09. Therefore we'll only maintain M81 for NixOS 19.09
# which will give us approx. one month of security updates / time for users
# to transition to 20.03 (as per our policy).
knownVulnerabilities = [
# Since the release of M83 the previous version isn't secure anymore.
# nixos-unstable update: https://github.com/NixOS/nixpkgs/pull/88206
''
This version of Chromium is no longer being updated. Consider switching
to the new stable NixOS channel or installing Chromium from a different
channel. A list of the missing security fixes can be found here:
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
''
];
};
})

10
pkgs/applications/networking/browsers/google-chrome/default.nix
View file

@ -137,5 +137,15 @@ in stdenv.mkDerivation {
license = licenses.unfree;
maintainers = [ maintainers.msteen ];
platforms = [ "x86_64-linux" ];
knownVulnerabilities = [
# Since the release of M83 the previous version isn't secure anymore.
# nixos-unstable update: https://github.com/NixOS/nixpkgs/pull/88206
''
This version of Google Chrome is no longer being updated. Consider switching
to the new stable NixOS channel or installing Google Chrome from a different
channel. A list of the missing security fixes can be found here:
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
''
];
};
}