[Backport release-24.11] electron_31-bin: mark as insecure because it…

…'s EOL, electron-source.electron_31: remove as it's EOL (#374318)
NixOS · Jan 18, 2025 · bf68d76 · bf68d76
2 parents ca120ed + 3ad9bb0
commit bf68d76
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 1,005 deletions.
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -456,32 +456,6 @@ let
         # flag (declare_args) so we simply hardcode it to false.
         ./patches/widevine-disable-auto-download-allow-bundle.patch
       ]
-      ++ lib.optionals (versionRange "127" "128") [
-        # Fix missing chrome/browser/ui/webui_name_variants.h dependency
-        # and ninja 1.12 compat in M127.
-        # https://issues.chromium.org/issues/345645751
-        # https://issues.chromium.org/issues/40253918
-        # https://chromium-review.googlesource.com/c/chromium/src/+/5641516
-        (githubPatch {
-          commit = "2c101186b60ed50f2ba4feaa2e963bd841bcca47";
-          hash = "sha256-luu3ggo6XoeeECld1cKZ6Eh8x/qQYmmKI/ThEhuutuY=";
-        })
-        # https://chromium-review.googlesource.com/c/chromium/src/+/5644627
-        (githubPatch {
-          commit = "f2b43c18b8ecfc3ddc49c42c062d796c8b563984";
-          hash = "sha256-uxXxSsiS8R0827Oi3xsG2gtT0X+jJXziwZ1y8+7K+Qg=";
-        })
-        # https://chromium-review.googlesource.com/c/chromium/src/+/5646245
-        (githubPatch {
-          commit = "4ca70656fde83d2db6ed5a8ac9ec9e7443846924";
-          hash = "sha256-iQuRRZjDDtJfr+B7MV+TvUDDX3bvpCnv8OpSLJ1WqCE=";
-        })
-        # https://chromium-review.googlesource.com/c/chromium/src/+/5647662
-        (githubPatch {
-          commit = "50d63ffee3f7f1b1b9303363742ad8ebbfec31fa";
-          hash = "sha256-H+dv+lgXSdry3NkygpbCdTAWWdTVdKdVD3Aa62w091E=";
-        })
-      ]
       ++ [
         # Required to fix the build with a more recent wayland-protocols version
         # (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21):
@@ -644,7 +618,7 @@ let
       + ''
         # Link to our own Node.js and Java (required during the build):
         mkdir -p third_party/node/linux/node-linux-x64/bin
-        ln -s${lib.optionalString (chromiumVersionAtLeast "127") "f"} "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
+        ln -sf "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
         ln -s "${pkgsBuildHost.jdk17_headless}/bin/java" third_party/jdk/current/bin/
 
         # Allow building against system libraries in official builds
@@ -749,14 +723,12 @@ let
         use_system_libffi = true;
         # Use nixpkgs Rust compiler instead of the one shipped by Chromium.
         rust_sysroot_absolute = "${buildPackages.rustc}";
+        rust_bindgen_root = "${buildPackages.rust-bindgen}";
       }
       // lib.optionalAttrs (chromiumVersionAtLeast "132" && stdenv.hostPlatform.isAarch64) {
         # Hotfix for "ld.lld: error: undefined symbol: __arm_tpidr2_save" on aarch64-linux
         libyuv_use_sme = false;
       }
-      // lib.optionalAttrs (chromiumVersionAtLeast "127") {
-        rust_bindgen_root = "${buildPackages.rust-bindgen}";
-      }
       // {
         enable_rust = true;
         # While we technically don't need the cache-invalidation rustc_version provides, rustc_version

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -90,8 +90,7 @@ let
               url = "https://gn.googlesource.com/gn";
               inherit (upstream-info.deps.gn) rev hash;
             };
-          }
-          // lib.optionalAttrs (chromiumVersionAtLeast "127") {
+
             # Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:
             # cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
             hardeningDisable = [ "format" ];

diff --git a/pkgs/development/tools/electron/binary/generic.nix b/pkgs/development/tools/electron/binary/generic.nix
@@ -53,7 +53,7 @@ let
       ++ optionals (versionOlder version "19.0.0") [ "i686-linux" ];
     sourceProvenance = with sourceTypes; [ binaryNativeCode ];
     # https://www.electronjs.org/docs/latest/tutorial/electron-timelines
-    knownVulnerabilities = optional (versionOlder version "31.0.0") "Electron version ${version} is EOL";
+    knownVulnerabilities = optional (versionOlder version "32.0.0") "Electron version ${version} is EOL";
   };
 
   fetcher =

diff --git a/pkgs/development/tools/electron/binary/info.json b/pkgs/development/tools/electron/binary/info.json
@@ -56,14 +56,14 @@
     },
     "31": {
         "hashes": {
-            "aarch64-darwin": "89bcc40bcc6a45410c2d6f83c6dce3c4d5caeead00b419755995258fa36fa26d",
-            "aarch64-linux": "b3d5842c3f571272666ab97f421246f41231adfdd66001eec65d6504f6793ca8",
-            "armv7l-linux": "0b4fa9ff90f10bfc9db7ac20b122d8d52d1ff8d6da7c39a4f8ed0d1c4951dda1",
-            "headers": "1cngqqcj2aggnwvgdqv9nn03k0hyc4y3346vgrnljfa9q8l1gs3d",
-            "x86_64-darwin": "22cdd766d1614aa9819987fccd477d51cefcf39bc1a1667571406c985bfe123b",
-            "x86_64-linux": "6a3ae7de546fa91b1925f2ee79475e7fb82856e596ab212e3f8ccf9719bc60ef"
+            "aarch64-darwin": "e81b75a185376effcc7dd15aef8877ab48474633e5ac7417810a3b28e694bbfa",
+            "aarch64-linux": "21dd1a8c37c7816d3ad945f2fc66fa6c5c56af44b6c06b5280e023ee0a663439",
+            "armv7l-linux": "530f0d146f962e7dd101dc08505933e781f21c42f3234e3f0d316a113faccfbc",
+            "headers": "1dakbhv1f1cc8zr8rvhjgbmly43db1l1gcf0l8c7yn8h0lb17aq5",
+            "x86_64-darwin": "3b08668fe88c47474be23df2c24674d68be79501b5552202462d16078f629bf0",
+            "x86_64-linux": "00a2e8e5f52fe39c37cfc9d7bd7629e560017d28ee94c51495bf7e39c84b2d47"
         },
-        "version": "31.7.6"
+        "version": "31.7.7"
     },
     "32": {
         "hashes": {

diff --git a/pkgs/development/tools/electron/chromedriver/info.json b/pkgs/development/tools/electron/chromedriver/info.json
@@ -23,14 +23,14 @@
     },
     "31": {
         "hashes": {
-            "aarch64-darwin": "60787d55dcb2e565451c5237596e4d8e44ad859daee6fb07575949f5fa0ac224",
-            "aarch64-linux": "b3ef48d6caa1287ba9688c5c64cd3df4292dee6b1dfa117e789cc02cc53629fb",
-            "armv7l-linux": "8141b977a6cf8d8a8748ae53abbee606c4474c6ea45b29deef53842e67f06752",
-            "headers": "1cngqqcj2aggnwvgdqv9nn03k0hyc4y3346vgrnljfa9q8l1gs3d",
-            "x86_64-darwin": "fdd45e858db9de700b9feaa83a64a97b29b8b2ffbc7007690abffe9e4099c66a",
-            "x86_64-linux": "ee5225ab33396219cf8b72bc883a5a0791d9c9564f797163e84345ac561a5241"
+            "aarch64-darwin": "17015acc125d2a453ff9e7a6623ce856113c0f435bfffd65b60d73e9cd81d40e",
+            "aarch64-linux": "7a545397292b405153b2d73b525fcd0821ea5a2200330a9bb4f48cd83010a30b",
+            "armv7l-linux": "ace8b955b12b196d442d315ad62911eeda1ee4957cba4423e3cfe2703ff85673",
+            "headers": "1dakbhv1f1cc8zr8rvhjgbmly43db1l1gcf0l8c7yn8h0lb17aq5",
+            "x86_64-darwin": "7c8886bed6128791b6637a54a3d76712e9b37a34252376478d3c843ed93c9ff9",
+            "x86_64-linux": "39b59f8dbca6cb2f7d9c2299bd6885a7041d3242d18fe3beedf89028b7e0376a"
         },
-        "version": "31.7.6"
+        "version": "31.7.7"
     },
     "32": {
         "hashes": {

diff --git a/pkgs/development/tools/electron/disable-screen-ai.patch b/pkgs/development/tools/electron/disable-screen-ai.patch