chromium: 85.0.4183.121 -> 86.0.4240.75

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

This update includes 35 security fixes.

CVEs:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989
This commit is contained in:
Michael Weiss 2020-10-07 13:39:57 +02:00
parent 00e3a3a855
commit f79703e50c
No known key found for this signature in database
GPG Key ID: 5BE487C4D4771D83
4 changed files with 19 additions and 99 deletions

View File

@ -13,7 +13,6 @@
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, xorg
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg_3, libxslt, libxml2, at-spi2-core
@ -131,7 +130,6 @@ let
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar python2Packages.setuptools
(xorg.xcbproto.override { python = python2Packages.python; })
];
buildInputs = defaultDependencies ++ [
@ -150,9 +148,7 @@ let
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
patches = optionals (versionRange "68" "86") [
./patches/nix_plugin_paths_68.patch
] ++ [
patches = [
./patches/remove-webp-include-69.patch
./patches/no-build-timestamps.patch
./patches/widevine-79.patch
@ -166,18 +162,19 @@ let
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
];
]; # TODO: VA-API patches (we should be able to drop enable-video-acceleration-on-linux.patch now):
# ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
# ./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
# ./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
# ];
postPatch = optionalString (!versionRange "0" "86") ''
postPatch = ''
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
substituteInPlace native_client/SConstruct \
--replace "#! -*- python -*-" ""
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
'' + ''
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
@ -195,11 +192,6 @@ let
'/usr/share/locale/' \
'${glibc}/share/locale/'
substituteInPlace ui/gfx/x/BUILD.gn \
--replace \
'/usr/share/xcb' \
'${xorg.xcbproto}/share/xcb/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc

View File

@ -1,5 +1,5 @@
{ newScope, config, stdenv, fetchurl, makeWrapper
, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
, libva ? null
, pipewire_0_2
@ -23,7 +23,7 @@
}:
let
llvmPackages = llvmPackages_10;
llvmPackages = llvmPackages_11;
stdenv = llvmPackages.stdenv;
callPackage = newScope chromium;
@ -37,16 +37,6 @@ let
inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
cupsSupport pulseSupport useOzone;
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-05-19";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
};
});
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "86") {
llvmPackages = llvmPackages_11;
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-07-20";
src = fetchgit {
@ -56,7 +46,6 @@ let
};
});
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") {
llvmPackages = llvmPackages_11;
useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-08-17";

View File

@ -1,61 +0,0 @@
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
index f4e119d..d9775bd 100644
--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
@@ -68,21 +68,14 @@ static base::LazyInstance<base::FilePath>
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
// Gets the path for internal plugins.
-bool GetInternalPluginsDirectory(base::FilePath* result) {
-#if defined(OS_MACOSX)
- // If called from Chrome, get internal plugins from a subdirectory of the
- // framework.
- if (base::mac::AmIBundled()) {
- *result = chrome::GetFrameworkBundlePath();
- DCHECK(!result->empty());
- *result = result->Append("Internet Plug-Ins");
- return true;
- }
- // In tests, just look in the module directory (below).
-#endif
-
- // The rest of the world expects plugins in the module directory.
- return base::PathService::Get(base::DIR_MODULE, result);
+bool GetInternalPluginsDirectory(base::FilePath* result,
+ const std::string& ident) {
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
+ const char* value = getenv(full_env.c_str());
+ if (value == NULL)
+ return base::PathService::Get(base::DIR_MODULE, result);
+ else
+ *result = base::FilePath(value);
}
// Gets the path for bundled implementations of components. Note that these
@@ -272,7 +265,7 @@ bool PathProvider(int key, base::FilePath* result) {
create_dir = true;
break;
case chrome::DIR_INTERNAL_PLUGINS:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
return false;
break;
case chrome::DIR_COMPONENTS:
@@ -280,7 +273,7 @@ bool PathProvider(int key, base::FilePath* result) {
return false;
break;
case chrome::DIR_PEPPER_FLASH_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
return false;
cur = cur.Append(kPepperFlashBaseDirectory);
break;
@@ -358,7 +351,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.DirName();
}
#else
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
return false;
#endif
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));

View File

@ -1,17 +1,17 @@
{
"stable": {
"version": "85.0.4183.121",
"sha256": "0a1xn39kmvyfpal6pgnylpy30z0322p3v7sx6vxi0r2naiz58670",
"sha256bin64": "08vqf1v91703aik47344bl409rsl4myar9bsd2lsvzqncncwsaca"
"version": "86.0.4240.75",
"sha256": "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx",
"sha256bin64": "17isxkd80rccqim6izzl08vw4yr52qsk6djp1rmhhijzg9rsvghz"
},
"beta": {
"version": "86.0.4240.42",
"sha256": "06cfhiym9xmz2q86v6b6xcicrrp2pmr7karavylzz4fqvwd2v6fa",
"sha256bin64": "1z5zmdc2i31iimps7p5z43vv4qi83c8ljb7x68zc1rvf8x62p7xj"
"version": "86.0.4240.75",
"sha256": "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx",
"sha256bin64": "16snxdka5bkbvybx6x0dzgfbfaifv0jcc1dcny6vlqqp2fmb2v39"
},
"dev": {
"version": "87.0.4263.3",
"sha256": "1ybfrlm4417lpbg5qcwhq5p6nnxrw68wzyy5zvb1sg1ma8s9hhkk",
"sha256bin64": "1f7a272kalglmdwmrrzb4iw3crvvpv3mhxca5jh75qpldn4gby6m"
"version": "87.0.4278.0",
"sha256": "1ywmv4iwn2as7vk2n0pslnmr300fl5y809ynxiw5xqcx9j6i8w85",
"sha256bin64": "15dvwvk6l6n7l04085hr48hlvsijypasyk7d8iq3s6cxai3wx4cl"
}
}