From 8b97ca270e84c38bb0fb1da829da318ed7dbda8a Mon Sep 17 00:00:00 2001 From: aszlig Date: Sat, 5 Mar 2016 03:04:30 +0100 Subject: [PATCH] chromium: Update all channels to latest versions Overview of the updated versions: stable: 48.0.2564.116 -> 49.0.2623.75 beta: 49.0.2623.63 -> 49.0.2623.75 dev: 50.0.2657.0 -> 50.0.2661.11 Stable and beta are now in par because of the release of a major stable update. The release addresses 26 security vulnerabilities, the following with an assigned CVE: * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous. * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan. * CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann. * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG. The full announcement which also includes the link to the bug tracker can be found here: http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html Also, the 32bit Chrome package needed for the Flash and Widevine plugins doesn't exist anymore, because Google has dropped support for 32bit distros, see here for the announcement: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU On our end, we need to fix the patch for the plugin paths to work for the latest dev channel. The change is very minor, because the nix_plugin_paths_46.patch only doesn't apply because of an iOS-related ifdef. Built and tested on my Hydra at: https://headcounter.org/hydra/eval/311511 Signed-off-by: aszlig Fixes: #13665 --- .../browsers/chromium/source/default.nix | 11 ++- .../chromium/source/nix_plugin_paths_50.patch | 75 +++++++++++++++++++ .../browsers/chromium/source/sources.nix | 19 +++-- 3 files changed, 91 insertions(+), 14 deletions(-) create mode 100644 pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch diff --git a/pkgs/applications/networking/browsers/chromium/source/default.nix b/pkgs/applications/networking/browsers/chromium/source/default.nix index 4e568aed594..a566c4bb1c8 100644 --- a/pkgs/applications/networking/browsers/chromium/source/default.nix +++ b/pkgs/applications/networking/browsers/chromium/source/default.nix @@ -41,10 +41,13 @@ in stdenv.mkDerivation { done ''; - patches = - singleton ./nix_plugin_paths_46.patch ++ - singleton ./build_fixes_46.patch ++ - singleton ./widevine.patch; + patches = [ + ./build_fixes_46.patch + ./widevine.patch + (if versionOlder version "50.0.0.0" + then ./nix_plugin_paths_46.patch + else ./nix_plugin_paths_50.patch) + ]; patchPhase = let diffmod = sym: "/^${sym} /{s/^${sym} //;${transform ""};s/^/${sym} /}"; diff --git a/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch b/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch new file mode 100644 index 00000000000..062098a8522 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch @@ -0,0 +1,75 @@ +diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc +index 74bf041..5f34198 100644 +--- a/chrome/common/chrome_paths.cc ++++ b/chrome/common/chrome_paths.cc +@@ -66,21 +66,14 @@ static base::LazyInstance + g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER; + + // Gets the path for internal plugins. +-bool GetInternalPluginsDirectory(base::FilePath* result) { +-#if defined(OS_MACOSX) +- // If called from Chrome, get internal plugins from a subdirectory of the +- // framework. +- if (base::mac::AmIBundled()) { +- *result = chrome::GetFrameworkBundlePath(); +- DCHECK(!result->empty()); +- *result = result->Append("Internet Plug-Ins"); +- return true; +- } +- // In tests, just look in the module directory (below). +-#endif +- +- // The rest of the world expects plugins in the module directory. +- return PathService::Get(base::DIR_MODULE, result); ++bool GetInternalPluginsDirectory(base::FilePath* result, ++ const std::string& ident) { ++ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident; ++ const char* value = getenv(full_env.c_str()); ++ if (value == NULL) ++ return PathService::Get(base::DIR_MODULE, result); ++ else ++ *result = base::FilePath(value); + } + + #if defined(OS_WIN) +@@ -253,11 +246,11 @@ bool PathProvider(int key, base::FilePath* result) { + create_dir = true; + break; + case chrome::DIR_INTERNAL_PLUGINS: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "ALL")) + return false; + break; + case chrome::DIR_PEPPER_FLASH_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH")) + return false; + cur = cur.Append(kPepperFlashBaseDirectory); + break; +@@ -314,7 +307,7 @@ bool PathProvider(int key, base::FilePath* result) { + // We currently need a path here to look up whether the plugin is disabled + // and what its permissions are. + case chrome::FILE_NACL_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "NACL")) + return false; + cur = cur.Append(kInternalNaClPluginFileName); + break; +@@ -349,7 +342,7 @@ bool PathProvider(int key, base::FilePath* result) { + cur = cur.DirName(); + } + #else +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "PNACL")) + return false; + #endif + cur = cur.Append(FILE_PATH_LITERAL("pnacl")); +@@ -366,7 +359,7 @@ bool PathProvider(int key, base::FilePath* result) { + // In the component case, this is the source adapter. Otherwise, it is the + // actual Pepper module that gets loaded. + case chrome::FILE_WIDEVINE_CDM_ADAPTER: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "WIDEVINE")) + return false; + cur = cur.AppendASCII(kWidevineCdmAdapterFileName); + break; diff --git a/pkgs/applications/networking/browsers/chromium/source/sources.nix b/pkgs/applications/networking/browsers/chromium/source/sources.nix index ffb9ff11068..ffec5c8b807 100644 --- a/pkgs/applications/networking/browsers/chromium/source/sources.nix +++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix @@ -1,19 +1,18 @@ # This file is autogenerated from update.sh in the parent directory. { beta = { - sha256 = "07i4vqswkijnl7wi6r1a0n1jq54ackm01yf8h3hwcik8q10i1aq5"; - sha256bin64 = "16pwimg672qaqb89zdvsr8dr7bz50mz7zf6cl0cf45kz7sn8wwlh"; - version = "49.0.2623.63"; + sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4"; + sha256bin64 = "1arm15g3vmm3zlvcql3qylw1fhrn5ddzl2v8mkpb3a251m425dsi"; + version = "49.0.2623.75"; }; dev = { - sha256 = "1xc66zsjd5snydf60di2k2vzwwcqs1p16yn4jbpj2khm9cmxmkmf"; - sha256bin64 = "06v7r76pbc979f7ahmln0hmxzd8ipirh4128i0ygidj71xmg51mm"; - version = "50.0.2657.0"; + sha256 = "04j0nyz20gi7vf1javbw06wrqpkfw6vg024i3wkgx42hzd6hjgw4"; + sha256bin64 = "12ff4q615rwakgpr9v84p55maasqb4vg61s89vgxrlsgqrmkahg4"; + version = "50.0.2661.11"; }; stable = { - sha256 = "03sdm09cnwq8a056rfljql7mz0s17fngfnm5q3p5xwakr2sbj7ka"; - sha256bin32 = "157m88nafb8svpkv11rzpcfvak6486wx43rmbssg52x2k0vas0bl"; - sha256bin64 = "036pcma8qczja803h9r1nlm0ypm4zblmy6q7pkwlgmn3r4r3n7i0"; - version = "48.0.2564.116"; + sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4"; + sha256bin64 = "01qi5jmlmdpy6icc4y51bn5a063mxrnkncg3pbmbl4r02vqca5jh"; + version = "49.0.2623.75"; }; }