chromium: Update all channels to latest versions

Overview of the updated versions: stable: 48.0.2564.116 -> 49.0.2623.75 beta: 49.0.2623.63 -> 49.0.2623.75 dev: 50.0.2657.0 -> 50.0.2661.11 Stable and beta are now in par because of the release of a major stable update. The release addresses 26 security vulnerabilities, the following with an assigned CVE: * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous. * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan. * CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann. * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG. The full announcement which also includes the link to the bug tracker can be found here: http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html Also, the 32bit Chrome package needed for the Flash and Widevine plugins doesn't exist anymore, because Google has dropped support for 32bit distros, see here for the announcement: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU On our end, we need to fix the patch for the plugin paths to work for the latest dev channel. The change is very minor, because the nix_plugin_paths_46.patch only doesn't apply because of an iOS-related ifdef. Built and tested on my Hydra at: https://headcounter.org/hydra/eval/311511 Signed-off-by: aszlig <aszlig@redmoonstudios.org> Fixes: #13665
2016-03-05 03:04:30 +01:00 · 2016-03-05 03:04:30 +01:00 · 8b97ca270e
parent 54d342add8
commit 8b97ca270e
3 changed files with 91 additions and 14 deletions
--- a/pkgs/applications/networking/browsers/chromium/source/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/source/default.nix
@ -41,10 +41,13 @@ in stdenv.mkDerivation {
    done
  '';

-  patches =
-    singleton ./nix_plugin_paths_46.patch ++
-    singleton ./build_fixes_46.patch ++
-    singleton ./widevine.patch;
+  patches = [
+    ./build_fixes_46.patch
+    ./widevine.patch
+    (if versionOlder version "50.0.0.0"
+     then ./nix_plugin_paths_46.patch
+     else ./nix_plugin_paths_50.patch)
+  ];

  patchPhase = let
    diffmod = sym: "/^${sym} /{s/^${sym} //;${transform ""};s/^/${sym} /}";
--- a/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch
+++ b/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_50.patch
@ -0,0 +1,75 @@
+diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
+index 74bf041..5f34198 100644
+--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
+@@ -66,21 +66,14 @@ static base::LazyInstance<base::FilePath>
+     g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
+ 
+ // Gets the path for internal plugins.
+-bool GetInternalPluginsDirectory(base::FilePath* result) {
+-#if defined(OS_MACOSX)
+-  // If called from Chrome, get internal plugins from a subdirectory of the
+-  // framework.
+-  if (base::mac::AmIBundled()) {
+-    *result = chrome::GetFrameworkBundlePath();
+-    DCHECK(!result->empty());
+-    *result = result->Append("Internet Plug-Ins");
+-    return true;
+-  }
+-  // In tests, just look in the module directory (below).
+-#endif
+-
+-  // The rest of the world expects plugins in the module directory.
+-  return PathService::Get(base::DIR_MODULE, result);
+bool GetInternalPluginsDirectory(base::FilePath* result,
+                                 const std::string& ident) {
+  std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
+  const char* value = getenv(full_env.c_str());
+  if (value == NULL)
+      return PathService::Get(base::DIR_MODULE, result);
+  else
+      *result = base::FilePath(value);
+ }
+ 
+ #if defined(OS_WIN)
+@@ -253,11 +246,11 @@ bool PathProvider(int key, base::FilePath* result) {
+       create_dir = true;
+       break;
+     case chrome::DIR_INTERNAL_PLUGINS:
+-      if (!GetInternalPluginsDirectory(&cur))
+      if (!GetInternalPluginsDirectory(&cur, "ALL"))
+         return false;
+       break;
+     case chrome::DIR_PEPPER_FLASH_PLUGIN:
+-      if (!GetInternalPluginsDirectory(&cur))
+      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
+         return false;
+       cur = cur.Append(kPepperFlashBaseDirectory);
+       break;
+@@ -314,7 +307,7 @@ bool PathProvider(int key, base::FilePath* result) {
+     // We currently need a path here to look up whether the plugin is disabled
+     // and what its permissions are.
+     case chrome::FILE_NACL_PLUGIN:
+-      if (!GetInternalPluginsDirectory(&cur))
+      if (!GetInternalPluginsDirectory(&cur, "NACL"))
+         return false;
+       cur = cur.Append(kInternalNaClPluginFileName);
+       break;
+@@ -349,7 +342,7 @@ bool PathProvider(int key, base::FilePath* result) {
+         cur = cur.DirName();
+       }
+ #else
+-      if (!GetInternalPluginsDirectory(&cur))
+      if (!GetInternalPluginsDirectory(&cur, "PNACL"))
+         return false;
+ #endif
+       cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
+@@ -366,7 +359,7 @@ bool PathProvider(int key, base::FilePath* result) {
+     // In the component case, this is the source adapter. Otherwise, it is the
+     // actual Pepper module that gets loaded.
+     case chrome::FILE_WIDEVINE_CDM_ADAPTER:
+-      if (!GetInternalPluginsDirectory(&cur))
+      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
+         return false;
+       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
+       break;
--- a/pkgs/applications/networking/browsers/chromium/source/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix
@ -1,19 +1,18 @@
 # This file is autogenerated from update.sh in the parent directory.
 {
  beta = {
-    sha256 = "07i4vqswkijnl7wi6r1a0n1jq54ackm01yf8h3hwcik8q10i1aq5";
-    sha256bin64 = "16pwimg672qaqb89zdvsr8dr7bz50mz7zf6cl0cf45kz7sn8wwlh";
-    version = "49.0.2623.63";
+    sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4";
+    sha256bin64 = "1arm15g3vmm3zlvcql3qylw1fhrn5ddzl2v8mkpb3a251m425dsi";
+    version = "49.0.2623.75";
  };
  dev = {
-    sha256 = "1xc66zsjd5snydf60di2k2vzwwcqs1p16yn4jbpj2khm9cmxmkmf";
-    sha256bin64 = "06v7r76pbc979f7ahmln0hmxzd8ipirh4128i0ygidj71xmg51mm";
-    version = "50.0.2657.0";
+    sha256 = "04j0nyz20gi7vf1javbw06wrqpkfw6vg024i3wkgx42hzd6hjgw4";
+    sha256bin64 = "12ff4q615rwakgpr9v84p55maasqb4vg61s89vgxrlsgqrmkahg4";
+    version = "50.0.2661.11";
  };
  stable = {
-    sha256 = "03sdm09cnwq8a056rfljql7mz0s17fngfnm5q3p5xwakr2sbj7ka";
-    sha256bin32 = "157m88nafb8svpkv11rzpcfvak6486wx43rmbssg52x2k0vas0bl";
-    sha256bin64 = "036pcma8qczja803h9r1nlm0ypm4zblmy6q7pkwlgmn3r4r3n7i0";
-    version = "48.0.2564.116";
+    sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4";
+    sha256bin64 = "01qi5jmlmdpy6icc4y51bn5a063mxrnkncg3pbmbl4r02vqca5jh";
+    version = "49.0.2623.75";
  };
 }