From e54434751a0664343105f940749ccd877e29e4f5 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Thu, 10 Mar 2016 14:57:29 -0600 Subject: [PATCH 1/3] chromium: 49.0.2626.75 -> 50.0.2661.26 for CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 --- .../browsers/chromium/source/sources.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/source/sources.nix b/pkgs/applications/networking/browsers/chromium/source/sources.nix index ffec5c8b8073..c42488e9e1e4 100644 --- a/pkgs/applications/networking/browsers/chromium/source/sources.nix +++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix @@ -1,18 +1,18 @@ # This file is autogenerated from update.sh in the parent directory. { beta = { - sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4"; - sha256bin64 = "1arm15g3vmm3zlvcql3qylw1fhrn5ddzl2v8mkpb3a251m425dsi"; - version = "49.0.2623.75"; + sha256 = "1lgpjnjhy3idha5b6wp31kdk6knic96dmajyrgn1701q3mq81g1i"; + sha256bin64 = "1yb3rk38zfgjzka0aim1xc4r0qaz2qkwaq06mjifpkszmfffhyd0"; + version = "50.0.2661.26"; }; dev = { - sha256 = "04j0nyz20gi7vf1javbw06wrqpkfw6vg024i3wkgx42hzd6hjgw4"; - sha256bin64 = "12ff4q615rwakgpr9v84p55maasqb4vg61s89vgxrlsgqrmkahg4"; - version = "50.0.2661.11"; + sha256 = "0z9m1mv6pv43y3ccd0nzqg5f9q8qxc8mlmy9y3dc9kqpvmqggnvp"; + sha256bin64 = "0khsxci970vclfg24b7m8w1jqfkv5rzswgwa62b4r7jzrglx1azj"; + version = "50.0.2661.18"; }; stable = { - sha256 = "1xc2npbc829nxria1j37kxyy95jkalkkphxgv24if0ibn62lrzd4"; - sha256bin64 = "01qi5jmlmdpy6icc4y51bn5a063mxrnkncg3pbmbl4r02vqca5jh"; - version = "49.0.2623.75"; + sha256 = "0kbph3l964bh7cb9yf8nydjaxa20yf8ls5a2vzsj8phz7n20z3f9"; + sha256bin64 = "1k6nhccdqzzzicwi07nldqfsdlic65i2xfyb7dbasbbg9zl3s9yw"; + version = "49.0.2623.87"; }; } From f7e2171937cd61df613d57c9046c6bd74014173c Mon Sep 17 00:00:00 2001 From: aszlig Date: Fri, 11 Mar 2016 17:12:16 +0100 Subject: [PATCH 2/3] chromium/common: Shut up about precompiling .pyc's The errors are completely non-fatal and only cause a particular file to be not precompiled. Unfortunately this can lead to confusion to whether these errors are real errors or not, so let's shut it up completely because they're *not* real errors. Signed-off-by: aszlig --- pkgs/applications/networking/browsers/chromium/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 237dfd17ac71..c63f57f934d4 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -183,7 +183,7 @@ let configurePhase = '' # Precompile .pyc files to prevent race conditions during build - python -m compileall -q -f . || : # ignore errors + python -m compileall -q -f . > /dev/null 2>&1 || : # ignore errors # This is to ensure expansion of $out. libExecPath="${libExecPath}" From a62f100ec37506ee9a310f4aee59db73d7dcc507 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sun, 13 Mar 2016 12:17:30 +0100 Subject: [PATCH 3/3] chromium/update.sh: Allow to be called out-of-tree Changing the working directory to pkgs/applications/networking/browsers/chromium is a bit annoying, so let's make sure the script can be called from anywhere. Signed-off-by: aszlig --- pkgs/applications/networking/browsers/chromium/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/networking/browsers/chromium/update.sh b/pkgs/applications/networking/browsers/chromium/update.sh index 05cc671d31ce..14f3dc6bd9d3 100755 --- a/pkgs/applications/networking/browsers/chromium/update.sh +++ b/pkgs/applications/networking/browsers/chromium/update.sh @@ -1,3 +1,4 @@ #!/bin/sh -e +cd "$(dirname "$0")" sp="$(nix-build -Q --no-out-link source/update.nix -A update)" cat "$sp" > source/sources.nix