Commit Graph

842 Commits

Author SHA1 Message Date
Ben Siraphob
badf51221d treewide: stdenv.lib -> lib 2021-01-16 17:58:11 +07:00
Michael Weiss
76fe724675
chromium: Extend update.py to print a summary of the updates
As a first step to automate the commit messages as well.
2021-01-14 21:02:16 +01:00
Michael Weiss
c0e177d09f
chromiumBeta: 88.0.4324.79 -> 88.0.4324.87 2021-01-14 20:36:28 +01:00
Michael Weiss
79150e0573
chromiumDev: 89.0.4381.6 -> 89.0.4385.0 2021-01-13 17:43:12 +01:00
Michael Weiss
84840c81e3
chromiumDev: 89.0.4356.6 -> 89.0.4381.6 2021-01-09 14:53:20 +01:00
Michael Weiss
f274df0cda
chromiumBeta: 88.0.4324.50 -> 88.0.4324.79 2021-01-08 12:48:31 +01:00
TredwellGit
ba0068cf9e chromium: 87.0.4280.88 -> 87.0.4280.141
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

This update includes 16 security fixes.

CVEs:
CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109
CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113
CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115
CVE-2021-21116
2021-01-07 01:59:35 +00:00
Michael Weiss
a90d0cd34c
Revert "chromium/doc: mention chromedriver when updating"
This reverts commit 7e26b5456d.

With 6aea53c3ce this is now handled automatically.
2021-01-02 16:15:00 +01:00
Michael Weiss
351f3c043d
chromiumDev: Fix the build (libxshmfence is now required)
Error:
../../components/viz/service/display_embedder/output_presenter_x11.cc:8:10:
fatal error: 'X11/xshmfence.h' file not found
         ^~~~~~~~~~~~~~~~~
1 error generated.
2020-12-25 10:22:06 +01:00
Michael Weiss
86ff1e45ce
ungoogled-chromium: Support enableWideVine=true
Building with Google's proprietary Widevine DRM technology requires
fetching the Google Chrome sources.
2020-12-22 13:35:40 +01:00
Michael Weiss
94bee10904
ungoogled-chromium: Support automatic updates via update.py 2020-12-18 19:10:45 +01:00
Michael Weiss
9b846b9600
chromium: Improve update.py (documentation + linting fixes) 2020-12-18 19:10:44 +01:00
Michael Weiss
be94a4cf23
ungoogled-chromium: Try to fix an evaluation error on Hydra
This should fix a regression from #106475 (hopefully this is the only
issue, my current implementation with channel+ungoogled isn't ideal):
https://github.com/NixOS/nixpkgs/pull/106475#issuecomment-748131224
2020-12-18 16:21:37 +01:00
Michael Weiss
40199cd3d8
chromiumDev: 89.0.4350.4 -> 89.0.4356.6 2020-12-18 13:02:51 +01:00
Michael Weiss
39c5d116a2
chromiumBeta: 88.0.4324.41 -> 88.0.4324.50 2020-12-17 21:02:14 +01:00
Michael Weiss
f5944b74e6
Merge pull request #106475 from primeos/ungoogled-chromium-merge
Merge ungoogled-chromium back into the chromium expressions
2020-12-17 19:02:21 +01:00
Michael Weiss
397a5ee2ee
chromiumDev: 89.0.4343.0 -> 89.0.4350.4 2020-12-11 10:54:19 +01:00
Michael Weiss
4ea2b2129e
chromiumBeta: 88.0.4324.27 -> 88.0.4324.41 2020-12-10 17:43:52 +01:00
Michael Weiss
240a8f746e
ungoogled-chromium: Move ungoogled-src.nix into upstream-info.json
This also adds a dedicated channel for ungoogled-chromium that enables
us to update ungoogled-chromium independently of chromium.
TODO: Automate ungoogled-chromium updates via update.py (currently it
needs to be updated manually).

Note: Unfortunately this changes the ungoogled-chromium derivation
because common.nix passes the channel as an argument to
stdenv.mkDerivation (this makes it more difficult to verify this commit
but the result should remain the same).
2020-12-10 17:41:22 +01:00
Michael Weiss
2b6b434477
ungoogled-chromium: Merge back into chromium
I used nix-instantiate to verify that the derivations for chromium and
ungoogled-chromium remain unchanged (only the meta attributes change
slightly as I added myself as ungoogled-chromium to receive
notifications for PRs/issues).
2020-12-10 17:41:11 +01:00
Sandro
da95c4d5b9
Merge pull request #106442 from taku0/flashplayer-32.0.0.465
flashplayer: 32.0.0.453 -> 32.0.0.465
2020-12-09 22:58:07 +01:00
Michael Weiss
d35b635628
chromedriver.src: Update the hash
I just regenerated upstream-info.json using update.py again and got a
different hash this time (but the same hash as in #106272). Therefore,
the only possible explanation I have is that upstream changed the file
that is hosted at [0]. I'll try to contact upstream regarding this.

Fix #106272.

[0]: https://chromedriver.storage.googleapis.com/87.0.4280.88/chromedriver_linux64.zip
2020-12-08 13:46:47 +01:00
taku0
052ea75f03 flashplayer: 32.0.0.453 -> 32.0.0.465 2020-12-08 21:12:29 +09:00
taku0
5101b357ec
flashplayer: 32.0.0.445 -> 32.0.0.453 (#103441) 2020-12-08 00:54:43 +00:00
github-actions[bot]
4763e8b8fd
Merge master into staging-next 2020-12-05 00:38:01 +00:00
Michael Weiss
f4419dd970
chromiumDev: 88.0.4324.27 -> 89.0.4343.0 2020-12-04 19:21:57 +01:00
Michael Weiss
beb83591fb
chromiumBeta: 87.0.4280.66 -> 88.0.4324.27 2020-12-04 19:21:57 +01:00
github-actions[bot]
884a0b091b
Merge master into staging-next 2020-12-04 00:37:25 +00:00
Michael Weiss
36d40f77a9
chromium: 87.0.4280.66 -> 87.0.4280.88
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html

This update includes 0 security fixes.
2020-12-03 10:36:48 +01:00
github-actions[bot]
89e8bf0f2a
Merge master into staging-next 2020-12-02 12:30:55 +00:00
Michael Weiss
8eb2551e51
chromiumDev: 88.0.4324.11 -> 88.0.4324.27 2020-12-02 11:43:43 +01:00
Michael Weiss
f09799441f
chromium: Drop gn build arguments that match the default 2020-11-28 17:48:16 +01:00
Michael Weiss
fb0239c654
chromium: Set use_vaapi=!stdenv.isAarch64 for M87
I've removed that option in 063b369908 but forgot that M87 still
defaults to use_vaapi=false.
2020-11-28 17:38:28 +01:00
Michael Weiss
063b369908
chromium: Cleanup useOzone and useVaapi
But since Ozone is still experimental I'll keep useOzone in common.nix
for some time.
2020-11-27 23:03:48 +01:00
Frederik Rietdijk
ce9c513856 Merge staging-next into staging 2020-11-27 15:09:41 +01:00
Michael Weiss
2d5bb88418
chromium: Enable Ozone's DRM/GBM platform [0]
We've only set ozone_platform_gbm=false to fix the build with Mesa's
libgbm (vs. Google's own minigbm). However, since this issue has
resolved itself we can now drop it. Building with the recommended
settings should also avoid some issues (e.g. #104885).

[0]: https://chromium.googlesource.com/chromium/src.git/+/master/docs/ozone_overview.md#drm_gbm
2020-11-27 12:56:54 +01:00
Michael Weiss
6aea53c3ce
chromedriver: Switch to Chromium's upstream-info.json (#105054)
This enables automatic updates and fixes #85629.
2020-11-27 12:38:07 +01:00
Jonathan Ringer
7e26b5456d chromium/doc: mention chromedriver when updating 2020-11-26 00:19:08 -08:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Michael Weiss
97677fa34f
chromiumDev: Unmark the build as broken
The build succeeds again as dirmd is no longer required for building.
2020-11-21 00:27:27 +01:00
Michael Weiss
54673b1f3b
chromium: 86.0.4240.198 -> 87.0.4280.66
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This update includes 33 security fixes.

CVEs:
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021
CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027
CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2019-8075
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16012 CVE-2020-16036

Note: We'll finally build with use_ozone=true on Hydra now :) \o/
2020-11-17 22:53:12 +01:00
Michael Weiss
b91153fd7a
chromium: 86.0.4240.193 -> 86.0.4240.198
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

This update includes 2 security fixes. Google is aware of reports that
exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

CVEs: CVE-2020-16013 CVE-2020-16017
2020-11-12 12:39:24 +01:00
Michael Weiss
841664a172
chromium: 86.0.4240.183 -> 86.0.4240.193
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

This update includes 1 security fix (no CVE).
2020-11-10 12:11:55 +01:00
Michael Weiss
197ddbced2
mesa: Replace all usages of old aliases 2020-11-08 22:56:55 +01:00
Michael Weiss
d7f5386474
chromium: Extend update.py to automatically update gn
The gn version depends on the channel and new gn versions aren't always
backward compatible. Therefore we should also include it in
upstream-info.json (I've scoped it under "deps" as we'll likely have to
add more like this in the future).
2020-11-03 20:00:25 +01:00
Michael Weiss
531decc11d
chromium: 86.0.4240.111 -> 86.0.4240.183
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html

This update includes 10 security fixes. Google is aware of reports that
an exploit for CVE-2020-16009 exists in the wild.

CVEs:
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007
CVE-2020-16008 CVE-2020-16009 CVE-2020-16011
2020-11-03 11:14:20 +01:00
Michael Weiss
7c700c9ff6
chromium: Drop useVaapi (was deprecated) 2020-10-29 13:48:38 +01:00
TredwellGit
2bb011032c
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.

LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.

PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.

CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.

Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 12:27:40 +02:00
Michael Weiss
7c76eafdb7
chromiumDev: Mark as broken for now 2020-10-23 19:47:43 +02:00
Michael Weiss
50a2f50acb
chromiumDev: 88.0.4292.2 -> 88.0.4298.4
This should also fix VA-API for chromiumBeta (though that part needs
some cleanup). However, chromiumDev likely still fails due to the
absence of dirmd (not included in the tarball so far, we might have to
package and add it as a dependency).
2020-10-23 17:49:46 +02:00