[Pkg-chromium-maint] Bug#763632: chromium: use system FFmpeg instead of embedded code copy

Sebastian Ramacher sramacher at debian.org
Wed Oct 1 14:32:36 UTC 2014

On 2014-10-01 16:17:09, Andreas Cadhalpun wrote:
> Package: chromium
> Version: 37.0.2062.120-2
> Severity: important
> Tags: security, patch
> Dear Maintainer,
> chromium uses an embedded code copy of FFmpeg (third_party/ffmpeg in the
> source directory) to compile libffmpegsumo.so, which is included in the
> chromium binary package.
> This is not allowed by Debian policy § 4.13 [1]:
> "Debian packages should not make use of these convenience copies unless the
> included package is explicitly intended to be used in this way.
> If the included code is already in the Debian archive in the form of a
> library, the Debian packaging should ensure that binary packages reference
> the libraries already in Debian and the convenience copy is not used. If the
> included code is not already in Debian, it should be packaged separately as
> a prerequisite if possible."
> As system FFmpeg libraries are now available, chromium should use them
> instead of the embedded FFmpeg copy, because it makes fixing security bugs
> easier.
> Attached patch changes chromium's Debian packaging to use the system
> libraries, including some patches to make this work:
>  * fix_for_system_ffmpeg.patch: Fixes a conceptual bug that made it
>    impossible to use the system FFmpeg libraries.
>  * ffmpeg_2.4.patch: Adapts chromium to the API differences between the
>    embedded copy and FFmpeg 2.4.
>  * fix_for_system_ffmpeg_ABI.patch: Fixes the ABI used by chromium to
>    match the system FFmpeg ABI.
> Please apply this patch as soon as possible, because the freeze is coming
> closer.

You might want to add here that ffmpeg is blocked from entering testing. See
#763148 and the blocks from Julien Cristau and Niels Thykier.

Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20141001/028ec38e/attachment-0001.sig>

More information about the Pkg-chromium-maint mailing list