From 4252ba90f4e8628607c9f3f3aa52e121bca87532 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 25 Aug 2020 22:31:42 +0200 Subject: [PATCH 1/2] chromium: 84.0.4147.135 -> 85.0.4183.83 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html This update includes 20 security fixes. CVEs: CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 --- .../browsers/chromium/upstream-info.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 14e9f306bf9f..5639ff2b6791 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,18 +1,18 @@ # This file is autogenerated from update.sh in the same directory. { beta = { - sha256 = "0i7vd0w1swvxw46wiy1xrni02xa7yvccw4cp9v2dc2lm5r43dw5q"; - sha256bin64 = "0by3fgmd54zj5q5znazrl3vf42ik3rhirwy5815i7isqiq7bb6lq"; - version = "85.0.4183.69"; + sha256 = "0fz781bxx1rnjwfix2dgzq5w1lg3x6a9vd9k49gh4z5q092slr10"; + sha256bin64 = "12nm7h70pbzwc5rc7kcwfwgjs0h8cdnys5wlfjkbq6irwb6m1lm6"; + version = "85.0.4183.83"; }; dev = { - sha256 = "1yasmx3alal3gygyjvvjk799z0b6p6nm7q10m0qyls2mpfvxpcyw"; - sha256bin64 = "0lp93z9qwdbjblmj0d514plk44hs0yqw1v7vr5mnrrx6l9gm0yg0"; - version = "86.0.4229.0"; + sha256 = "16yj47x580i8p88m88f5bcs85qmrfwmyp9na7yrnk0lnq06wbj4i"; + sha256bin64 = "0i81xcfdn65j2i4vfx52v4a9vlar8y9ykqdhshymqfz4qqqk37d1"; + version = "86.0.4238.0"; }; stable = { - sha256 = "1n4n95gllqmsrzxmcp9p4gz95gndq2v3vknfvm8p1qfhjqah0hfx"; - sha256bin64 = "1ak903wm8zq6pri88md2wdij3izr6kz9d4avyqnpmd68ch16vfnj"; - version = "84.0.4147.135"; + sha256 = "0fz781bxx1rnjwfix2dgzq5w1lg3x6a9vd9k49gh4z5q092slr10"; + sha256bin64 = "0fa3la2nvqr0w40j2qkbwnh36924fsp2ajsla6aky6hz08mq2q1g"; + version = "85.0.4183.83"; }; } From 25aed428aa9974615e628f842aaf4a0db926cdec Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 25 Aug 2020 23:03:35 +0200 Subject: [PATCH 2/2] chromium: Make the gnChromium overrides depend on the version This is more robust than depending on the channel, though the version should only matter if the configuration phase fails. This also switches to the intended version for `chromium` which should be higher since M85 is in the stable channel. Thanks `@volth` for pointing this out. --- .../networking/browsers/chromium/default.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 2429baba4b36..f4ddd755fa15 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -28,7 +28,7 @@ let callPackage = newScope chromium; - chromium = { + chromium = rec { inherit stdenv llvmPackages; upstream-info = (callPackage ./update.nix {}).getChannel channel; @@ -36,15 +36,6 @@ let mkChromiumDerivation = callPackage ./common.nix ({ inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useOzone; # TODO: Remove after we can update gn for the stable channel (backward incompatible changes): - gnChromium = gn.overrideAttrs (oldAttrs: { - version = "2020-03-23"; - src = fetchgit { - url = "https://gn.googlesource.com/gn"; - rev = "5ed3c9cc67b090d5e311e4bd2aba072173e82db9"; - sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy"; - }; - }); - } // lib.optionalAttrs (channel == "beta") { gnChromium = gn.overrideAttrs (oldAttrs: { version = "2020-05-19"; src = fetchgit { @@ -53,7 +44,7 @@ let sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17"; }; }); - } // lib.optionalAttrs (channel == "dev") { + } // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "86") { gnChromium = gn.overrideAttrs (oldAttrs: { version = "2020-07-20"; src = fetchgit {