From 3aba63ab29e4ed073c689e7e9995ca682d133173 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Thu, 18 Mar 2021 08:25:29 +0100
Subject: qt5.qtwebengine: 5.15.2 -> 5.15.3-a059e740

This updates the base chromium branch from 83 to 87, which fixes
approximately a few hundreds CVEs.
---
 .../libraries/qt-5/modules/qtwebengine.nix         | 25 ++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

(limited to 'pkgs/development/libraries/qt-5/modules')

diff --git a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
index 617b2c1d9d232..f994c7ef6c9a3 100644
--- a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
+++ b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
@@ -2,6 +2,7 @@
 , qtdeclarative, qtquickcontrols, qtlocation, qtwebchannel
 
 , bison, coreutils, flex, git, gperf, ninja, pkg-config, python2, which
+, nodejs, qtbase, perl
 
 , xorg, libXcursor, libXScrnSaver, libXrandr, libXtst
 , fontconfig, freetype, harfbuzz, icu, dbus, libdrm
@@ -25,7 +26,15 @@ qtModule {
   name = "qtwebengine";
   qtInputs = [ qtdeclarative qtquickcontrols qtlocation qtwebchannel ];
   nativeBuildInputs = [
-    bison coreutils flex git gperf ninja pkg-config python2 which gn
+    bison coreutils flex git gperf ninja pkg-config python2 which gn nodejs
+
+    # qmake looks for syncqt instead of syncqt.pl and fails with a cryptic
+    # error if it can't find it. syncqt.pl also has a /usr/bin/env shebang, so
+    # it can't be directly used in a sandboxed build environment.
+    (writeScriptBin "syncqt" ''
+      #!${stdenv.shell}
+      exec ${perl}/bin/perl ${qtbase.dev}/bin/syncqt.pl "$@"
+    '')
   ] ++ optional stdenv.isDarwin xcbuild;
   doCheck = true;
   outputs = [ "bin" "dev" "out" ];
@@ -40,9 +49,17 @@ qtModule {
   hardeningDisable = [ "format" ];
 
   postPatch =
-    # Patch Chromium build tools
     ''
-      ( cd src/3rdparty/chromium; patchShebangs . )
+      # Patch Chromium build tools
+      (
+        cd src/3rdparty/chromium;
+
+        # Manually fix unsupported shebangs
+        substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
+          --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" || true
+
+        patchShebangs .
+      )
     ''
     # Prevent Chromium build script from making the path to `clang` relative to
     # the build directory.  `clang_base_path` is the value of `QMAKE_CLANG_DIR`
@@ -120,7 +137,7 @@ qtModule {
     if [ -d "$PWD/tools/qmake" ]; then
         QMAKEPATH="$PWD/tools/qmake''${QMAKEPATH:+:}$QMAKEPATH"
     fi
-   '';
+  '';
 
   qmakeFlags = if stdenv.hostPlatform.isAarch32 || stdenv.hostPlatform.isAarch64
     then [ "--" "-system-ffmpeg" ] ++ optional enableProprietaryCodecs "-proprietary-codecs"
-- 
cgit 1.4.1