about summary refs log tree commit diff
path: root/pkgs/applications/networking/browsers
diff options
context:
space:
mode:
authoraszlig <aszlig@redmoonstudios.org>2016-03-30 01:05:07 +0200
committeraszlig <aszlig@redmoonstudios.org>2016-03-30 15:24:39 +0200
commitef753d210e877ef122bbd26001409a94abd959db (patch)
treec4941805def4b52a021718133ab6ce107651a055 /pkgs/applications/networking/browsers
parent63032dae9d9d87d6b82c3420f099b8feb62b535e (diff)
downloadnixlib-ef753d210e877ef122bbd26001409a94abd959db.tar
nixlib-ef753d210e877ef122bbd26001409a94abd959db.tar.gz
nixlib-ef753d210e877ef122bbd26001409a94abd959db.tar.bz2
nixlib-ef753d210e877ef122bbd26001409a94abd959db.tar.lz
nixlib-ef753d210e877ef122bbd26001409a94abd959db.tar.xz
nixlib-ef753d210e877ef122bbd26001409a94abd959db.tar.zst
nixlib-ef753d210e877ef122bbd26001409a94abd959db.zip
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 49.0.2623.87 -> 49.0.2623.110
beta:   50.0.2661.26 -> 50.0.2661.49
dev:    50.0.2661.18 -> 51.0.2693.2

Most notably, this includes a series of urgent security fixes:

 * CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
                  Tencent KeenLab.
 * CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
 * CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
 * CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
                  working with HP's Zero Day Initiative / Pwn2Own.
 * CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction

The official release announcement with details about these fixes can be
found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.

As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:

 * libexif got removed, so let's do that on our end as well.
   See https://codereview.chromium.org/1803883002 for details.
 * Chromium doesn't seem to compile with our version of libpng, so let's
   resort to the bundled libpng for now.
 * site_engagement_ui.cc uses isnan outside of std namespace, so
   we're fixing that in postPatch using sed.

I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.

Test reports can be found at the following evaluation of my Hydra:

https://headcounter.org/hydra/eval/314584

Thanks to @grahamc for reporting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: #14299
Diffstat (limited to 'pkgs/applications/networking/browsers')
-rw-r--r--pkgs/applications/networking/browsers/chromium/common.nix24
-rw-r--r--pkgs/applications/networking/browsers/chromium/upstream-info.nix18
2 files changed, 25 insertions, 17 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index 5494b77b807c..7bcc6242389d 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -5,7 +5,7 @@
 , libevent, expat, libjpeg, snappy
 , libpng, libxml2, libxslt, libcap
 , xdg_utils, yasm, minizip, libwebp
-, libusb1, libexif, pciutils, nss
+, libusb1, pciutils, nss
 
 , python, pythonPackages, perl, pkgconfig
 , nspr, udev, kerberos
@@ -17,6 +17,7 @@
 
 # optional dependencies
 , libgcrypt ? null # gnomeSupport || cupsSupport
+, libexif ? null # only needed for Chromium before version 51
 
 # package customization
 , enableSELinux ? false, libselinux ? null
@@ -55,9 +56,8 @@ let
     use_system_flac = true;
     use_system_libevent = true;
     use_system_libexpat = true;
-    use_system_libexif = true;
     use_system_libjpeg = true;
-    use_system_libpng = true;
+    use_system_libpng = versionOlder upstream-info.version "51.0.0.0";
     use_system_libwebp = true;
     use_system_libxml = true;
     use_system_opus = true;
@@ -86,7 +86,7 @@ let
     libevent expat libjpeg snappy
     libpng libxml2 libxslt libcap
     xdg_utils yasm minizip libwebp
-    libusb1 libexif
+    libusb1
   ];
 
   # build paths and release info
@@ -123,7 +123,8 @@ let
       ++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
       ++ optional enableSELinux libselinux
       ++ optionals cupsSupport [ libgcrypt cups ]
-      ++ optional pulseSupport libpulseaudio;
+      ++ optional pulseSupport libpulseaudio
+      ++ optional (versionOlder version "51.0.0.0") libexif;
 
     patches = [
       ./patches/build_fixes_46.patch
@@ -140,15 +141,20 @@ let
         -e "/python_arch/s/: *'[^']*'/: '""'/" \
         build/common.gypi chrome/chrome_tests.gypi
 
-      sed -i -e '/module_path *=.*libexif.so/ {
-        s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
-      }' chrome/utility/media_galleries/image_metadata_extractor.cc
+      ${optionalString (versionOlder version "51.0.0.0") ''
+        sed -i -e '/module_path *=.*libexif.so/ {
+          s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
+        }' chrome/utility/media_galleries/image_metadata_extractor.cc
+      ''}
 
       sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${udev}/lib/\1!' \
         device/udev_linux/udev?_loader.cc
 
       sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
         gpu/config/gpu_info_collector_linux.cc
+    '' + optionalString (!versionOlder version "51.0.0.0") ''
+      sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
+        chrome/browser/ui/webui/engagement/site_engagement_ui.cc
     '';
 
     gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
@@ -180,6 +186,8 @@ let
       google_default_client_id = "404761575300.apps.googleusercontent.com";
       google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D";
 
+    } // optionalAttrs (versionOlder version "51.0.0.0") {
+      use_system_libexif = true;
     } // optionalAttrs proprietaryCodecs {
       # enable support for the H.264 codec
       proprietary_codecs = true;
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index bcb5c3f2311a..8e5a5d4c90d9 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   beta = {
-    sha256 = "1lgpjnjhy3idha5b6wp31kdk6knic96dmajyrgn1701q3mq81g1i";
-    sha256bin64 = "1yb3rk38zfgjzka0aim1xc4r0qaz2qkwaq06mjifpkszmfffhyd0";
-    version = "50.0.2661.26";
+    sha256 = "1jwk0x5hjpah0bl4dpirxwyfxv0d0wnkvfgyja91kkbh8471gzmk";
+    sha256bin64 = "10sl3ddd77i1gl3l4yvhkpavfq2bygv7gwql0jnhchmrvyax1cjh";
+    version = "50.0.2661.49";
   };
   dev = {
-    sha256 = "0z9m1mv6pv43y3ccd0nzqg5f9q8qxc8mlmy9y3dc9kqpvmqggnvp";
-    sha256bin64 = "0khsxci970vclfg24b7m8w1jqfkv5rzswgwa62b4r7jzrglx1azj";
-    version = "50.0.2661.18";
+    sha256 = "042h6klyijnhkb4m9lsnfi3qss6pbs4p4981rm4cbc86rsyppkhl";
+    sha256bin64 = "1p6lhd3n9q93fkydxksgfv68vz26yj8i2zx1kqby2z9yc0pdcniq";
+    version = "51.0.2693.2";
   };
   stable = {
-    sha256 = "0kbph3l964bh7cb9yf8nydjaxa20yf8ls5a2vzsj8phz7n20z3f9";
-    sha256bin64 = "1k6nhccdqzzzicwi07nldqfsdlic65i2xfyb7dbasbbg9zl3s9yw";
-    version = "49.0.2623.87";
+    sha256 = "1lmv6nmbqhxmr4340s5i4ypgz2b7vkh0wy5x9v75b5bnscjhk121";
+    sha256bin64 = "1djd2i9phym1d8afv4vfajb7l1bz0ny2wmihwi6jaz712vil4a13";
+    version = "49.0.2623.110";
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-25 16:30:44 +0000