Merge pull request #15762 (Chromium update)

This is the original pull request plus some commits from me to bring all channels to the latest versions, because the fixed security vulnerabilites might not be fixed in the dev version we had before. I've tested the whole changeset on my Hydra at: https://headcounter.org/hydra/eval/322006 Thanks to @srp for the initial commit and thus implicitly also for the security notice. Cc: @abbradar
NixOS · May 28, 2016 · b5f95a5 · b5f95a5
2 parents 7a023d5 + 79d18eb
commit b5f95a5
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 57 deletions.
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -56,8 +56,9 @@ let
     use_system_flac = true;
     use_system_libevent = true;
     use_system_libexpat = true;
-    use_system_libjpeg = true;
-    use_system_libpng = versionOlder upstream-info.version "51.0.0.0";
+    # XXX: System libjpeg fails to link for version 52.0.2743.10
+    use_system_libjpeg = upstream-info.version != "52.0.2743.10";
+    use_system_libpng = false;
     use_system_libwebp = true;
     use_system_libxml = true;
     use_system_opus = true;
@@ -123,15 +124,13 @@ let
       ++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
       ++ optional enableSELinux libselinux
       ++ optionals cupsSupport [ libgcrypt cups ]
-      ++ optional pulseSupport libpulseaudio
-      ++ optional (versionOlder version "51.0.0.0") libexif;
+      ++ optional pulseSupport libpulseaudio;
 
     patches = [
-      ./patches/build_fixes_46.patch
       ./patches/widevine.patch
-      (if versionOlder version "50.0.0.0"
-       then ./patches/nix_plugin_paths_46.patch
-       else ./patches/nix_plugin_paths_50.patch)
+      (if versionOlder version "52.0.0.0"
+       then ./patches/nix_plugin_paths_50.patch
+       else ./patches/nix_plugin_paths_52.patch)
     ];
 
     postPatch = ''
@@ -141,20 +140,17 @@ let
         -e "/python_arch/s/: *'[^']*'/: '""'/" \
         build/common.gypi chrome/chrome_tests.gypi
 
-      ${optionalString (versionOlder version "51.0.0.0") ''
-        sed -i -e '/module_path *=.*libexif.so/ {
-          s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
-        }' chrome/utility/media_galleries/image_metadata_extractor.cc
-      ''}
-
       sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${libudev.out}/lib/\1!' \
         device/udev_linux/udev?_loader.cc
 
       sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
         gpu/config/gpu_info_collector_linux.cc
-    '' + optionalString (!versionOlder version "51.0.0.0") ''
+
       sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
         chrome/browser/ui/webui/engagement/site_engagement_ui.cc
+    '' + optionalString (versionAtLeast version "52.0.0.0") ''
+      sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
+        third_party/pdfium/xfa/fxbarcode/utils.h
     '';
 
     gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
@@ -185,9 +181,6 @@ let
       google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
       google_default_client_id = "404761575300.apps.googleusercontent.com";
       google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D";
-
-    } // optionalAttrs (versionOlder version "51.0.0.0") {
-      use_system_libexif = true;
     } // optionalAttrs proprietaryCodecs {
       # enable support for the H.264 codec
       proprietary_codecs = true;

diff --git a/pkgs/applications/networking/browsers/chromium/patches/build_fixes_46.patch b/pkgs/applications/networking/browsers/chromium/patches/build_fixes_46.patch
diff --git a/...hromium/patches/nix_plugin_paths_46.patch → ...hromium/patches/nix_plugin_paths_52.patch b/...hromium/patches/nix_plugin_paths_46.patch → ...hromium/patches/nix_plugin_paths_52.patch
@@ -1,13 +1,13 @@
 diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
-index 74bf041..5f34198 100644
+index f4e119d..d9775bd 100644
 --- a/chrome/common/chrome_paths.cc
 +++ b/chrome/common/chrome_paths.cc
-@@ -66,21 +66,14 @@ static base::LazyInstance<base::FilePath>
+@@ -68,21 +68,14 @@ static base::LazyInstance<base::FilePath>
      g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
 
  // Gets the path for internal plugins.
 -bool GetInternalPluginsDirectory(base::FilePath* result) {
--#if defined(OS_MACOSX) && !defined(OS_IOS)
+-#if defined(OS_MACOSX)
 -  // If called from Chrome, get internal plugins from a subdirectory of the
 -  // framework.
 -  if (base::mac::AmIBundled()) {
@@ -31,22 +31,26 @@ index 74bf041..5f34198 100644
 +      *result = base::FilePath(value);
  }
 
- #if defined(OS_WIN)
-@@ -253,11 +246,11 @@ bool PathProvider(int key, base::FilePath* result) {
+ // Gets the path for bundled implementations of components. Note that these
+@@ -272,7 +265,7 @@ bool PathProvider(int key, base::FilePath* result) {
        create_dir = true;
        break;
      case chrome::DIR_INTERNAL_PLUGINS:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "ALL"))
          return false;
        break;
+     case chrome::DIR_COMPONENTS:
+@@ -280,7 +273,7 @@ bool PathProvider(int key, base::FilePath* result) {
+         return false;
+       break;
      case chrome::DIR_PEPPER_FLASH_PLUGIN:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
          return false;
        cur = cur.Append(kPepperFlashBaseDirectory);
        break;
-@@ -314,7 +307,7 @@ bool PathProvider(int key, base::FilePath* result) {
+@@ -323,7 +316,7 @@ bool PathProvider(int key, base::FilePath* result) {
      // We currently need a path here to look up whether the plugin is disabled
      // and what its permissions are.
      case chrome::FILE_NACL_PLUGIN:
@@ -55,7 +59,7 @@ index 74bf041..5f34198 100644
          return false;
        cur = cur.Append(kInternalNaClPluginFileName);
        break;
-@@ -349,7 +342,7 @@ bool PathProvider(int key, base::FilePath* result) {
+@@ -358,7 +351,7 @@ bool PathProvider(int key, base::FilePath* result) {
          cur = cur.DirName();
        }
  #else
@@ -64,12 +68,3 @@ index 74bf041..5f34198 100644
          return false;
  #endif
        cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
-@@ -366,7 +359,7 @@ bool PathProvider(int key, base::FilePath* result) {
-     // In the component case, this is the source adapter. Otherwise, it is the
-     // actual Pepper module that gets loaded.
-     case chrome::FILE_WIDEVINE_CDM_ADAPTER:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
-         return false;
-       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
-       break;
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   beta = {
-    sha256 = "0l1434wqhi6c24qyb5ysg1wnd0s9l9i1k6kh6wr3s4acrsbb7p12";
-    sha256bin64 = "1ssw92l8zwj8x0zs5h6vxl7d7gj0lqb0x71vsazgd4d0p23nglb1";
-    version = "51.0.2704.47";
+    sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";
+    sha256bin64 = "14qj8l5dapha87ndyzcs3spaxp3s9sapcjcplkisbivis09a29cb";
+    version = "51.0.2704.63";
   };
   dev = {
-    sha256 = "0czp4p434yqr5rv3w2vypkyis13x8lc4xph8yh84r9big1ga6fqs";
-    sha256bin64 = "0hahamx9k14czswqdh8iwh69lsml0acca5kxvp2kw471g3s55n78";
-    version = "52.0.2729.3";
+    sha256 = "1bbwbn0svgr2pfkza8pdq61bjzlj50axdm5bqqxi51hab51fc9ww";
+    sha256bin64 = "1s02q72b84g9p5i7y1hh1c67qjb92934dqqwd7w6j0jz8ix71nzc";
+    version = "52.0.2743.10";
   };
   stable = {
-    sha256 = "1ijpbmn38znjjb3h8579x5gsclgjx122lvm0afv17gf2j3w5w4qj";
-    sha256bin64 = "17vqvxmy6llg7dpc3pxi0qhwpm9qc9rsq8lgknhwwygvkl8g14sb";
-    version = "50.0.2661.102";
+    sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";
+    sha256bin64 = "1kjnxxf2ak8v1akzxz46r7a7r6bhxjb2y9fhr1fqvks3m4jc5zqw";
+    version = "51.0.2704.63";
   };
 }