Commit Graph

1398 Commits

Author SHA1 Message Date
Martin Weinelt
85713b7e37 Merge remote-tracking branch 'origin/master' into staging-next 2022-10-11 00:18:04 +02:00
Michael Adler
00a62633db ungoogled-chromium: 106.0.5249.91 -> 106.0.5249.103 2022-10-10 08:06:41 +02:00
github-actions[bot]
d2cd24fe6a
Merge master into staging-next 2022-10-08 18:01:07 +00:00
Konstantin Alekseev
c02b06d612 chromedriver: fix darwin aarch64 2022-10-08 16:15:57 +03:00
github-actions[bot]
4c298a6859
Merge master into staging-next 2022-10-06 00:04:40 +00:00
Michael Weiss
a989aa4619
Merge pull request #194632 from primeos/chromium
chromium: 106.0.5249.61 -> 106.0.5249.91
2022-10-05 23:00:17 +02:00
Michael Weiss
796e6bb38b
Merge pull request #194629 from primeos/chromiumBeta
chromiumBeta: 106.0.5249.61 -> 107.0.5304.18
2022-10-05 22:54:40 +02:00
Michael Weiss
39cb46803e
Merge pull request #194630 from primeos/chromiumDev
chromiumDev: 107.0.5304.10 -> 108.0.5327.0
2022-10-05 22:54:28 +02:00
Michael Weiss
ff92f35b83
chromium: 106.0.5249.61 -> 106.0.5249.91
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html

This update includes 3 security fixes.

CVEs:
CVE-2022-3370 CVE-2022-3373
2022-10-05 20:26:34 +02:00
Michael Weiss
3d50284bb2
chromedriver: Disable on aarch64-darwin
chromedriver_mac64_m1.zip is currently not available anymore and I do not have time to look into it:
path is '/nix/store/zhz7hrk94dc0dn7a42czhd1nz9142826-chromedriver_mac64.zip'
nix-prefetch-url https://chromedriver.storage.googleapis.com/106.0.5249.61/chromedriver_mac64_m1.zip
error: unable to download 'https://chromedriver.storage.googleapis.com/106.0.5249.61/chromedriver_mac64_m1.zip': HTTP error 404

       response body:

       <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: chromedriver/106.0.5249.61/chromedriver_mac64_m1.zip</Details></Error>
2022-10-05 20:26:09 +02:00
Michael Weiss
ec50f7a5c3
chromiumDev: 107.0.5304.10 -> 108.0.5327.0 2022-10-05 20:19:02 +02:00
Michael Weiss
d88384313a
chromiumBeta: 106.0.5249.61 -> 107.0.5304.18 2022-10-05 20:18:47 +02:00
Michael Adler
d1c2066afb ungoogled-chromium: 106.0.5249.62 -> 106.0.5249.91 2022-10-03 17:28:02 +02:00
github-actions[bot]
e879e7d54e
Merge master into staging-next 2022-10-02 00:04:43 +00:00
maxine
c44d41af6a
Merge pull request #192659 from PaulGrandperrin/vscode-fix-wayland
electron apps: fix wayland window decorations
2022-10-02 01:32:08 +02:00
github-actions[bot]
9c14978f84
Merge master into staging-next 2022-09-29 12:01:25 +00:00
Michael Weiss
851375d6e9
ungoogled-chromium: 105.0.5195.127 -> 106.0.5249.62 2022-09-28 22:11:22 +02:00
github-actions[bot]
f18d801779
Merge staging-next into staging 2022-09-28 18:05:53 +00:00
Paul Grandperrin
aeaeca819d NIXOS_OZONE_WL: fix wayland window decorations 2022-09-28 15:56:55 +02:00
Michael Weiss
22efe771f8
chromium: 105.0.5195.125 -> 106.0.5249.61
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

This update includes 20 security fixes.

CVEs:
CVE-2022-3304 CVE-2022-3201 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307
CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312
CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317
CVE-2022-3318
2022-09-27 20:29:10 +02:00
github-actions[bot]
d645d61d7a
Merge staging-next into staging 2022-09-27 00:07:09 +00:00
Michael Weiss
b5c192b290
Merge pull request #193097 from primeos/chromiumBeta
chromiumBeta: 106.0.5249.40 -> 106.0.5249.61
2022-09-27 00:39:01 +02:00
Michael Weiss
f0b04d6fed
chromiumDev: 107.0.5300.0 -> 107.0.5304.10 2022-09-26 23:27:30 +02:00
Michael Weiss
8af33e21dd
chromiumBeta: 106.0.5249.51 -> 106.0.5249.61 2022-09-26 23:27:08 +02:00
Michael Weiss
b9c0438331
chromiumBeta: 106.0.5249.40 -> 106.0.5249.51 2022-09-26 23:27:05 +02:00
Graham Christensen
c2b898da76 treewide: drop -l$NIX_BUILD_CORES
Passing `-l$NIX_BUILD_CORES` improperly limits the overall system load.

For a build machine which is configured to run `$B` builds where each
build gets `total cores / B` cores (`$C`), passing `-l $C` to make will
improperly limit the load to `$C` instead of `$B * $C`.

This effect becomes quite pronounced on machines with 80 cores, with
40 simultaneous builds and a cores limit of 2. On a machine with this
configuration, Nix will run 40 builds and make will limit the overall
system load to approximately 2. A build machine with this many cores
can happily run with a load approaching 80.

A non-solution is to oversubscribe the machine, by picking a larger
`$C`. However, there is no way to divide the number of cores in a way
which fairly subdivides the available cores when `$B` is greater than
1.

There has been exploration of passing a jobserver in to the sandbox,
or sharing a jobserver between all the builds. This is one option, but
relatively complicated and only supports make. Lots of other software
uses its own implementation of `-j` and doesn't support either `-l` or
the Make jobserver.

For the case of an interactive user machine, the user should limit
overall system load using `$B`, `$C`, and optionally systemd's
cpu/network/io limiting features.

Making this change should significantly improve the utilization of our
build farm, and improve the throughput of Hydra.
2022-09-22 16:01:23 -04:00
Michael Weiss
5498855d03
Merge pull request #191162 from primeos/ungoogled-chromium
ungoogled-chromium: 105.0.5195.102 -> 105.0.5195.127
2022-09-16 23:48:13 +02:00
Michael Weiss
c152da3947
Merge pull request #191161 from primeos/chromium
chromium: 105.0.5195.102 -> 105.0.5195.125
2022-09-16 23:47:39 +02:00
Michael Weiss
a182b61de3
Merge pull request #191555 from primeos/chromiumBeta
chromiumBeta: 106.0.5249.30 -> 106.0.5249.40
2022-09-16 23:46:44 +02:00
Michael Weiss
b7e5d303be
chromiumDev: 107.0.5286.2 -> 107.0.5300.0 2022-09-16 22:48:29 +02:00
Michael Weiss
bf2d2a7fbb
chromiumBeta: 106.0.5249.30 -> 106.0.5249.40 2022-09-16 22:48:15 +02:00
Michael Weiss
f3cd1ff30f
chromium: 105.0.5195.102 -> 105.0.5195.125 2022-09-16 22:22:53 +02:00
Michael Weiss
782b9c8adf
ungoogled-chromium: 105.0.5195.102 -> 105.0.5195.127 2022-09-16 22:22:14 +02:00
Michael Weiss
aaacde1009
chromiumDev: 106.0.5249.21 -> 107.0.5286.2 2022-09-09 22:26:19 +02:00
Michael Weiss
2f761d4a48
chromiumBeta: 106.0.5249.21 -> 106.0.5249.30 2022-09-07 23:25:19 +02:00
Michael Weiss
82d8999e04
ungoogled-chromium: 105.0.5195.54 -> 105.0.5195.102 2022-09-03 14:22:28 +02:00
Michael Weiss
96ff5b58ec
Merge pull request #189518 from primeos/chromium
chromium: 105.0.5195.52 -> 105.0.5195.102
2022-09-03 00:36:15 +02:00
Michael Weiss
b4d97e8d9a
Merge pull request #189517 from primeos/ungoogled-chromium
ungoogled-chromium: 104.0.5112.102 -> 105.0.5195.54
2022-09-03 00:35:42 +02:00
Michael Weiss
9e151be2b7
Merge pull request #189515 from primeos/chromiumBeta
chromiumBeta: 105.0.5195.52 -> 106.0.5249.21
2022-09-03 00:19:57 +02:00
Michael Weiss
917ce4bf80
Merge pull request #189514 from primeos/chromiumDev
chromiumDev: 106.0.5249.12 -> 106.0.5249.21
2022-09-03 00:19:22 +02:00
Michael Weiss
f9e02fa945
ungoogled-chromium: 104.0.5112.102 -> 105.0.5195.54 2022-09-03 00:10:46 +02:00
Michael Weiss
ac10e9551d
chromium: 105.0.5195.52 -> 105.0.5195.102
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html

This update includes 1 security fix. Google is aware of reports that an exploit
for CVE-2022-3075 exists in the wild.

CVEs:
CVE-2022-3075
2022-09-03 00:10:06 +02:00
Michael Weiss
b0e9b6d301
Merge pull request #189033 from primeos/chromium
chromium: 104.0.5112.101 -> 105.0.5195.52
2022-09-03 00:09:47 +02:00
Michael Weiss
83ada3da7a
chromiumBeta: 105.0.5195.52 -> 106.0.5249.21 2022-09-02 23:56:27 +02:00
Michael Weiss
f408eee926
chromiumDev: 106.0.5249.12 -> 106.0.5249.21 2022-09-02 23:55:10 +02:00
Michael Weiss
d932886d6e
chromium: Fix the build
The build was failing with the following error:
```
[18950/51180] SOLINK ./libvk_swiftshader.sotls_transport_interface/dtls_transport_interface.omputils.o[K.otch.oos.oKx/unbundle:default)fault)ault)
FAILED: libvk_swiftshader.so libvk_swiftshader.so.TOC
python3 "../../build/toolchain/gcc_solink_wrapper.py" --readelf="readelf" --nm="nm"  --sofile="./libvk_swiftshader.so" --tocfile="./libvk_swiftshader.so.TOC" --output="./libvk_swiftshader.so" -- clang++ -shared -Wl,-soname="libvk_swiftshader.so" -Wl,-Bsymbolic -Wl,--version-script=../../third_party/swiftshader/src/Vulkan/vk_swiftshader.lds -fuse-ld=lld -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--icf=all -Wl,--color-diagnostics -Wl,-mllvm,-instcombine-lower-dbg-declare=0 -flto=thin -Wl,--thinlto-jobs=all -Wl,--thinlto-cache-dir=thinlto-cache -Wl,--thinlto-cache-policy=cache_size=10\%:cache_size_bytes=40g:cache_size_files=100000 -Wl,-mllvm,-import-instr-limit=30 -fwhole-program-vtables -Wl,--no-call-graph-profile-sort -m64 -no-canonical-prefixes -Wl,-O2 -Wl,--gc-sections -rdynamic -Wl,-z,defs -Wl,--as-needed -nostdlib++ -Wl,--lto-O0 -fsanitize=cfi-vcall -fsanitize=cfi-icall -o "./libvk_swiftshader.so" @"./libvk_swiftshader.so.rsp"
ld.lld: error: unable to find library -l:libffi_pic.a
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
```

This turned out to be a regression from b6b51374fc. That change was
bad/undesirable in the first place and I only applied it to quickly fix
another build error caused by incompatible wayland-protocols header
files from a newer system version (Chromium bundles version 1.21 while
we already package 1.26).

The better fix for that wayland-protocols build issue is to pull in a
patch that is already used/tested by the Arch package [0] and seems to
originate from [1] (not sure if that patch was formally submitted yet).

Alternatives to that patch would be to (we should probably first try the
first approach if need be):
1) Build with wayland-protocols 1.21 from the system (by overriding the
   Nixpkgs package).
2) Dynamically link against libffi by patching [2] to use the other
   branch (`default_toolchain == "//build/toolchain/cros:target"`).

Some additional details can be found in the GitHub PR [3].
Huge thanks to Lorenz Brun for his great analysis that enabled me to fix
the build so that we can finally merge the update to Chromium M105
(which contains many important security fixes!).

[0]: a353833a5a
[1]: https://bugs.chromium.org/p/angleproject/issues/detail?id=7582#c1
[2]: https://source.chromium.org/chromium/chromium/src/+/refs/tags/105.0.5195.52:build/config/linux/libffi/BUILD.gn
[3]: https://github.com/NixOS/nixpkgs/pull/189033

Co-Authored-By: Lorenz Brun <lorenz@brun.one>
2022-09-02 23:34:18 +02:00
Stefan Radziuk
d32eae0f23
chromium: add commandLineArgs after wayland flags (#189371) 2022-09-02 01:38:22 +02:00
Michael Weiss
360844281a
chromium: 104.0.5112.101 -> 105.0.5195.52
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

This update includes 24 security fixes.

CVEs:
CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042
CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047
CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052
CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057
CVE-2022-3058
2022-08-31 01:01:34 +02:00
Michael Weiss
50e7538f3e
chromiumDev: 106.0.5245.0 -> 106.0.5249.12 2022-08-31 00:59:51 +02:00
Michael Weiss
b6b51374fc
chromiumBeta: Fix errors due to incompatible Wayland headers
This "fixes" errors like these:
```
FAILED: obj/third_party/angle/angle_gpu_info_util/SystemInfo_vulkan.o
[...]
In file included from ../../third_party/wayland/src/src/wayland-client.h:40:
/nix/store/an42rhwn6ck2nix6caikrr4rvizknjhh-wayland-1.21.0-dev/include/wayland-client-protocol.h:1040:13: error: use of undeclared identifier 'wl_proxy_marshal_flags'
        callback = wl_proxy_marshal_flags((struct wl_proxy *) wl_display,
                   ^
[...]
/nix/store/an42rhwn6ck2nix6caikrr4rvizknjhh-wayland-1.21.0-dev/include/wayland-client-protocol.h:1392:87: error: use of undeclared identifier 'WL_MARSHAL_FLAG_DESTROY'
                         WL_SHM_POOL_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wl_shm_pool), WL_MARSHAL_FLAG_DESTROY);
                                                                                                           ^
[...]
fatal error: too many errors emitted, stopping now [-ferror-limit=]
```

At least for now (until Chromium updates their bundled Wayland version) it
seems best to use the bundled headers/versions to avoid version incompatibility
issues (we should hopefully be able to drop use_system_wayland_scanner though).
2022-08-27 00:04:41 +02:00