mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-12 16:53:21 +00:00
chromium: 85.0.4183.121 -> 86.0.4240.75
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html This update includes 35 security fixes. CVEs: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989
This commit is contained in:
parent
00e3a3a855
commit
f79703e50c
@ -13,7 +13,6 @@
|
||||
, bison, gperf
|
||||
, glib, gtk3, dbus-glib
|
||||
, glibc
|
||||
, xorg
|
||||
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
|
||||
, protobuf, speechd, libXdamage, cups
|
||||
, ffmpeg_3, libxslt, libxml2, at-spi2-core
|
||||
@ -131,7 +130,6 @@ let
|
||||
ninja which python2Packages.python perl pkgconfig
|
||||
python2Packages.ply python2Packages.jinja2 nodejs
|
||||
gnutar python2Packages.setuptools
|
||||
(xorg.xcbproto.override { python = python2Packages.python; })
|
||||
];
|
||||
|
||||
buildInputs = defaultDependencies ++ [
|
||||
@ -150,9 +148,7 @@ let
|
||||
++ optional pulseSupport libpulseaudio
|
||||
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
|
||||
|
||||
patches = optionals (versionRange "68" "86") [
|
||||
./patches/nix_plugin_paths_68.patch
|
||||
] ++ [
|
||||
patches = [
|
||||
./patches/remove-webp-include-69.patch
|
||||
./patches/no-build-timestamps.patch
|
||||
./patches/widevine-79.patch
|
||||
@ -166,18 +162,19 @@ let
|
||||
#
|
||||
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
|
||||
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
|
||||
] ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
|
||||
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
|
||||
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
|
||||
];
|
||||
]; # TODO: VA-API patches (we should be able to drop enable-video-acceleration-on-linux.patch now):
|
||||
# ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
|
||||
# ./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
|
||||
# ./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
|
||||
# ];
|
||||
|
||||
postPatch = optionalString (!versionRange "0" "86") ''
|
||||
postPatch = ''
|
||||
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
|
||||
substituteInPlace native_client/SConstruct \
|
||||
--replace "#! -*- python -*-" ""
|
||||
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
|
||||
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
|
||||
'' + ''
|
||||
|
||||
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
|
||||
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
|
||||
--replace \
|
||||
@ -195,11 +192,6 @@ let
|
||||
'/usr/share/locale/' \
|
||||
'${glibc}/share/locale/'
|
||||
|
||||
substituteInPlace ui/gfx/x/BUILD.gn \
|
||||
--replace \
|
||||
'/usr/share/xcb' \
|
||||
'${xorg.xcbproto}/share/xcb/'
|
||||
|
||||
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
|
||||
chrome/browser/shell_integration_linux.cc
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ newScope, config, stdenv, fetchurl, makeWrapper
|
||||
, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
|
||||
, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
|
||||
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
|
||||
, libva ? null
|
||||
, pipewire_0_2
|
||||
@ -23,7 +23,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
llvmPackages = llvmPackages_10;
|
||||
llvmPackages = llvmPackages_11;
|
||||
stdenv = llvmPackages.stdenv;
|
||||
|
||||
callPackage = newScope chromium;
|
||||
@ -37,16 +37,6 @@ let
|
||||
inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
|
||||
cupsSupport pulseSupport useOzone;
|
||||
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-05-19";
|
||||
src = fetchgit {
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
|
||||
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
|
||||
};
|
||||
});
|
||||
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "86") {
|
||||
llvmPackages = llvmPackages_11;
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-07-20";
|
||||
src = fetchgit {
|
||||
@ -56,7 +46,6 @@ let
|
||||
};
|
||||
});
|
||||
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") {
|
||||
llvmPackages = llvmPackages_11;
|
||||
useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-08-17";
|
||||
|
@ -1,61 +0,0 @@
|
||||
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
|
||||
index f4e119d..d9775bd 100644
|
||||
--- a/chrome/common/chrome_paths.cc
|
||||
+++ b/chrome/common/chrome_paths.cc
|
||||
@@ -68,21 +68,14 @@ static base::LazyInstance<base::FilePath>
|
||||
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
|
||||
|
||||
// Gets the path for internal plugins.
|
||||
-bool GetInternalPluginsDirectory(base::FilePath* result) {
|
||||
-#if defined(OS_MACOSX)
|
||||
- // If called from Chrome, get internal plugins from a subdirectory of the
|
||||
- // framework.
|
||||
- if (base::mac::AmIBundled()) {
|
||||
- *result = chrome::GetFrameworkBundlePath();
|
||||
- DCHECK(!result->empty());
|
||||
- *result = result->Append("Internet Plug-Ins");
|
||||
- return true;
|
||||
- }
|
||||
- // In tests, just look in the module directory (below).
|
||||
-#endif
|
||||
-
|
||||
- // The rest of the world expects plugins in the module directory.
|
||||
- return base::PathService::Get(base::DIR_MODULE, result);
|
||||
+bool GetInternalPluginsDirectory(base::FilePath* result,
|
||||
+ const std::string& ident) {
|
||||
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
|
||||
+ const char* value = getenv(full_env.c_str());
|
||||
+ if (value == NULL)
|
||||
+ return base::PathService::Get(base::DIR_MODULE, result);
|
||||
+ else
|
||||
+ *result = base::FilePath(value);
|
||||
}
|
||||
|
||||
// Gets the path for bundled implementations of components. Note that these
|
||||
@@ -272,7 +265,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
create_dir = true;
|
||||
break;
|
||||
case chrome::DIR_INTERNAL_PLUGINS:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
|
||||
return false;
|
||||
break;
|
||||
case chrome::DIR_COMPONENTS:
|
||||
@@ -280,7 +273,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
return false;
|
||||
break;
|
||||
case chrome::DIR_PEPPER_FLASH_PLUGIN:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
|
||||
return false;
|
||||
cur = cur.Append(kPepperFlashBaseDirectory);
|
||||
break;
|
||||
@@ -358,7 +351,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
cur = cur.DirName();
|
||||
}
|
||||
#else
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
|
||||
return false;
|
||||
#endif
|
||||
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
|
@ -1,17 +1,17 @@
|
||||
{
|
||||
"stable": {
|
||||
"version": "85.0.4183.121",
|
||||
"sha256": "0a1xn39kmvyfpal6pgnylpy30z0322p3v7sx6vxi0r2naiz58670",
|
||||
"sha256bin64": "08vqf1v91703aik47344bl409rsl4myar9bsd2lsvzqncncwsaca"
|
||||
"version": "86.0.4240.75",
|
||||
"sha256": "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx",
|
||||
"sha256bin64": "17isxkd80rccqim6izzl08vw4yr52qsk6djp1rmhhijzg9rsvghz"
|
||||
},
|
||||
"beta": {
|
||||
"version": "86.0.4240.42",
|
||||
"sha256": "06cfhiym9xmz2q86v6b6xcicrrp2pmr7karavylzz4fqvwd2v6fa",
|
||||
"sha256bin64": "1z5zmdc2i31iimps7p5z43vv4qi83c8ljb7x68zc1rvf8x62p7xj"
|
||||
"version": "86.0.4240.75",
|
||||
"sha256": "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx",
|
||||
"sha256bin64": "16snxdka5bkbvybx6x0dzgfbfaifv0jcc1dcny6vlqqp2fmb2v39"
|
||||
},
|
||||
"dev": {
|
||||
"version": "87.0.4263.3",
|
||||
"sha256": "1ybfrlm4417lpbg5qcwhq5p6nnxrw68wzyy5zvb1sg1ma8s9hhkk",
|
||||
"sha256bin64": "1f7a272kalglmdwmrrzb4iw3crvvpv3mhxca5jh75qpldn4gby6m"
|
||||
"version": "87.0.4278.0",
|
||||
"sha256": "1ywmv4iwn2as7vk2n0pslnmr300fl5y809ynxiw5xqcx9j6i8w85",
|
||||
"sha256bin64": "15dvwvk6l6n7l04085hr48hlvsijypasyk7d8iq3s6cxai3wx4cl"
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user