From 2773508b5d2de099511e42b9683d94c676f4689b Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Tue, 12 Sep 2017 15:13:03 +0200 Subject: [PATCH] chromium: 60.0.3112.113 -> 61.0.3163.79 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 --- .../networking/browsers/chromium/common.nix | 5 +- .../chromium/patches/chromium-atk-r1.patch | 11 ++++ .../chromium/patches/chromium-gcc-r1.patch | 14 ++++ .../chromium/patches/chromium-gcc5-r1.patch | 66 +++++++++++++++++++ .../patches/chromium-gn-bootstrap-r14.patch | 27 ++++++++ .../patches/chromium-gn-bootstrap-r8.patch | 13 ---- .../browsers/chromium/upstream-info.nix | 18 ++--- 7 files changed, 131 insertions(+), 23 deletions(-) create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-atk-r1.patch create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-gcc-r1.patch create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-gcc5-r1.patch create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r14.patch delete mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r8.patch diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 33b8ee220ba2..c4fd85ab93e9 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -117,7 +117,10 @@ let patches = [ ./patches/nix_plugin_paths_52.patch - ./patches/chromium-gn-bootstrap-r8.patch + ./patches/chromium-gn-bootstrap-r14.patch + ./patches/chromium-gcc-r1.patch + ./patches/chromium-atk-r1.patch + ./patches/chromium-gcc5-r1.patch # To enable ChromeCast, go to chrome://flags and set "Load Media Router Component Extension" to Enabled # Fixes Chromecast: https://bugs.chromium.org/p/chromium/issues/detail?id=734325 ./patches/fix_network_api_crash.patch diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-atk-r1.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-atk-r1.patch new file mode 100644 index 000000000000..602be1e3ba74 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-atk-r1.patch @@ -0,0 +1,11 @@ +--- a/content/browser/accessibility/browser_accessibility_auralinux.cc.orig 2017-07-27 06:28:01.090257874 +0000 ++++ b/content/browser/accessibility/browser_accessibility_auralinux.cc 2017-07-27 06:28:21.174653680 +0000 +@@ -571,7 +571,7 @@ + // it's best to leave this out rather than break people's builds: + #if defined(ATK_CHECK_VERSION) + #if ATK_CHECK_VERSION(2, 16, 0) +- atk_state_set_add_state(atk_state_set, ATK_STATE_READ_ONLY); ++ atk_state_set_add_state(state_set, ATK_STATE_READ_ONLY); + #endif + #endif + break; \ No newline at end of file diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc-r1.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc-r1.patch new file mode 100644 index 000000000000..036d57b601da --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc-r1.patch @@ -0,0 +1,14 @@ +diff --git a/base/numerics/safe_math_shared_impl.h b/base/numerics/safe_math_shared_impl.h +index 99f230ce7e9a..de2415d402f5 100644 +--- a/base/numerics/safe_math_shared_impl.h ++++ b/base/numerics/safe_math_shared_impl.h +@@ -21,8 +21,7 @@ + #if !defined(__native_client__) && \ + ((defined(__clang__) && \ + ((__clang_major__ > 3) || \ +- (__clang_major__ == 3 && __clang_minor__ >= 4))) || \ +- (defined(__GNUC__) && __GNUC__ >= 5)) ++ (__clang_major__ == 3 && __clang_minor__ >= 4)))) + #include "base/numerics/safe_math_clang_gcc_impl.h" + #define BASE_HAS_OPTIMIZED_SAFE_MATH (1) + #else \ No newline at end of file diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc5-r1.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc5-r1.patch new file mode 100644 index 000000000000..8d2886fbfa94 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-gcc5-r1.patch @@ -0,0 +1,66 @@ +--- a/chrome/browser/devtools/devtools_file_system_indexer.cc ++++ b/chrome/browser/devtools/devtools_file_system_indexer.cc +@@ -34,7 +34,6 @@ using base::TimeDelta; + using base::TimeTicks; + using content::BrowserThread; + using std::map; +-using std::set; + using std::string; + using std::vector; + +@@ -191,7 +190,7 @@ vector Index::Search(const string& query) { + if (trigram != kUndefinedTrigram) + trigrams.push_back(trigram); + } +- set file_ids; ++ std::set file_ids; + bool first = true; + vector::const_iterator it = trigrams.begin(); + for (; it != trigrams.end(); ++it) { +@@ -203,7 +202,7 @@ vector Index::Search(const string& query) { + first = false; + continue; + } +- set intersection = base::STLSetIntersection >( ++ std::set intersection = base::STLSetIntersection >( + file_ids, index_[trigram]); + file_ids.swap(intersection); + } +diff --git a/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h b/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h +index 94bb9161ec85..e40c6387f72e 100644 +--- a/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h ++++ b/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h +@@ -63,7 +63,7 @@ class WTF_EXPORT ArrayBufferContents { + allocation_length_(0), + data_(data), + data_length_(0), +- kind_(AllocationKind::kNormal), ++ kind_(WTF::ArrayBufferContents::AllocationKind::kNormal), + deleter_(deleter) {} + DataHandle(void* allocation_base, + size_t allocation_length, +@@ -94,11 +94,11 @@ class WTF_EXPORT ArrayBufferContents { + reinterpret_cast(allocation_base_) + + allocation_length_); + switch (kind_) { +- case AllocationKind::kNormal: ++ case WTF::ArrayBufferContents::AllocationKind::kNormal: + DCHECK(deleter_); + deleter_(data_); + return; +- case AllocationKind::kReservation: ++ case WTF::ArrayBufferContents::AllocationKind::kReservation: + ReleaseReservedMemory(allocation_base_, allocation_length_); + return; + } +--- a/third_party/webrtc/modules/audio_processing/aec3/aec_state.cc.orig 2017-08-15 12:45:59.433532111 +0000 ++++ b/third_party/webrtc/modules/audio_processing/aec3/aec_state.cc 2017-08-15 17:52:59.691328825 +0000 +@@ -10,7 +10,7 @@ + + #include "webrtc/modules/audio_processing/aec3/aec_state.h" + +-#include ++#include + #include + #include + \ No newline at end of file diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r14.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r14.patch new file mode 100644 index 000000000000..624267153669 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r14.patch @@ -0,0 +1,27 @@ +commit 96c271f8ab2be7ea4199078ea65ac50c6ada4685 +Author: Pawel Hajdan, Jr +Date: Wed Jul 26 21:51:54 2017 +0000 + + wip + +diff --git a/tools/gn/bootstrap/bootstrap.py b/tools/gn/bootstrap/bootstrap.py +index 1390560f8e37..ff2ae57c46b0 100755 +--- a/tools/gn/bootstrap/bootstrap.py ++++ b/tools/gn/bootstrap/bootstrap.py +@@ -449,6 +449,7 @@ def write_gn_ninja(path, root_gen_dir, options): + 'base/metrics/histogram_base.cc', + 'base/metrics/histogram_functions.cc', + 'base/metrics/histogram_samples.cc', ++ 'base/metrics/histogram_snapshot_manager.cc', + 'base/metrics/metrics_hashes.cc', + 'base/metrics/persistent_histogram_allocator.cc', + 'base/metrics/persistent_memory_allocator.cc', +@@ -534,7 +535,7 @@ def write_gn_ninja(path, root_gen_dir, options): + 'base/trace_event/heap_profiler_allocation_context_tracker.cc', + 'base/trace_event/heap_profiler_allocation_register.cc', + 'base/trace_event/heap_profiler_event_filter.cc', +- 'base/trace_event/heap_profiler_event_writer.cc', ++ 'base/trace_event/heap_profiler_heap_dump_writer.cc', + 'base/trace_event/heap_profiler_serialization_state.cc', + 'base/trace_event/heap_profiler_stack_frame_deduplicator.cc', + 'base/trace_event/heap_profiler_type_name_deduplicator.cc', \ No newline at end of file diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r8.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r8.patch deleted file mode 100644 index d9f389aaf588..000000000000 --- a/pkgs/applications/networking/browsers/chromium/patches/chromium-gn-bootstrap-r8.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: tools/gn/bootstrap/bootstrap.py -diff --git a/tools/gn/bootstrap/bootstrap.py b/tools/gn/bootstrap/bootstrap.py -index 6f2f5b1264519ea38cc36fb0b7e2cc24c378ca7a..0b03d2626b358fb90ab39d737679ee47bd60303b 100755 ---- a/tools/gn/bootstrap/bootstrap.py -+++ b/tools/gn/bootstrap/bootstrap.py -@@ -487,6 +487,7 @@ def write_gn_ninja(path, root_gen_dir, options): - 'base/sys_info.cc', - 'base/task_runner.cc', - 'base/task_scheduler/delayed_task_manager.cc', -+ 'base/task_scheduler/environment_config.cc', - 'base/task_scheduler/post_task.cc', - 'base/task_scheduler/priority_queue.cc', - 'base/task_scheduler/scheduler_lock_impl.cc', diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index b2f0ade96f44..ff349c8a5762 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,18 +1,18 @@ # This file is autogenerated from update.sh in the same directory. { beta = { - sha256 = "0q23dm6mjq2z2akn3l65dyyg5kv1c9km5ynydzghk34fbv8yj3vl"; - sha256bin64 = "0igscn5y8ipqhkwvzfc8rfp3d5icilz66bgiypz54q4w2sfbqpvg"; - version = "61.0.3163.71"; + sha256 = "09q7s5x22vnmvqyz0f1l6qnaryglmsp0rc63qcg5sfvgv2g17g5x"; + sha256bin64 = "12z6z8gjxl4mx8j6db8nnlzrj03rh4qwyrvcf4hqcsv7b1armg6j"; + version = "61.0.3163.79"; }; dev = { - sha256 = "06brghm7f0xr6ycn1vkaj6iqxrdga5zkyh4xjbn5bdxvbq2c4z23"; - sha256bin64 = "0d55q8qz9sxhpaws2f2w445m48piivdgip9wwgd1ahl0mm2vidd4"; - version = "62.0.3198.0"; + sha256 = "168i6dcdl13an3vlr2m83q8fcprgckmclkmzwj70jdkp84qx80fq"; + sha256bin64 = "116vddp01m2ls337zj6r4h1nvybphvldlk9bs8czypx5skn29vbz"; + version = "62.0.3202.9"; }; stable = { - sha256 = "0ngc9wdac6mm9kgfln8b0k7xm10i9lvcfq7k6lpaj0pal43fgz7b"; - sha256bin64 = "15a29hh9747vkhgrhiw5i4qlf0pfihjqip863fxsl32fqsakp3qn"; - version = "60.0.3112.113"; + sha256 = "09q7s5x22vnmvqyz0f1l6qnaryglmsp0rc63qcg5sfvgv2g17g5x"; + sha256bin64 = "0a0wd06c0v061lnmb8x20gqgsg9zqafp2kq1fl3cjm0ldg9rwayw"; + version = "61.0.3163.79"; }; }