From 7daf0986f20b4cea8bcfe2c265189f93df7107a8 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 12 Jun 2024 00:57:58 +0200 Subject: [PATCH 1/4] chromedriver: 125.0.6422.141 -> 126.0.6478.55 --- .../networking/browsers/chromium/upstream-info.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index feba3721ba63..c68dd0c24658 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,11 +1,11 @@ { stable = { chromedriver = { - hash_darwin = "sha256-Zz2U5zQWScID7rAE6FmTADecs4zR430KZVen+hsl+KI="; + hash_darwin = "sha256-a1gUAyNx0gKNZRKpQrsG3neKIy+xPquKUrzmcVbfQ54="; hash_darwin_aarch64 = - "sha256-NhnJdnrzTj8gQiyp4PzmXHx6ltsxUVrz0AL9x8nGibA="; - hash_linux = "sha256-iyhxx7KIpGPMYgf/I1hLUK8M49kWmgTy+UOXf5WBEWY="; - version = "125.0.6422.141"; + "sha256-8OzxncQs/pXIo7dVLCgOlyO5jjTKRdTMoMaQsAiJeO8="; + hash_linux = "sha256-lpYxCCjPacqZKiRMQrKdEaZJ8DO3jpbUK/6/j1i95a8="; + version = "126.0.6478.55"; }; deps = { gn = { From bda04d27a0c0a482d3506d74f367f96155392e66 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 12 Jun 2024 03:35:28 +0200 Subject: [PATCH 2/4] chromium: extend release tarball excludes to keep size below 3 GB Starting with M126, the upstream release tarball includes two full Debian sysroots to compile chromium with: ~~~shell $ du -sh build/linux/debian_bullseye_* 835M build/linux/debian_bullseye_amd64-sysroot 739M build/linux/debian_bullseye_i386-sysroot ~~~ But they are huge and we don't need them. In order to stay below the current 3 GB tarball size limit that is dictated by hydra.nixos.org's max-output-limit, we add them to our exclude patterns. This is a no-op for < M126. --- .../networking/browsers/chromium/recompress-tarball.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix b/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix index 0e77dd230f65..e663c393d8dc 100644 --- a/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix +++ b/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix @@ -34,6 +34,7 @@ fetchurl ({ --one-top-level=source \ --exclude=third_party/llvm \ --exclude=third_party/rust-src \ + --exclude='build/linux/debian_*-sysroot' \ --strip-components=1 tar \ From 7f36179f17f5893535a055d1246714b86790baf7 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 12 Jun 2024 03:35:30 +0200 Subject: [PATCH 3/4] chromium: rebase patches for M126 Note that we can't just update previous patches in place, as that would prevent electron-source and ungoogled-chrome (< M126) from building. --- .../networking/browsers/chromium/common.nix | 15 ++++++++-- .../patches/chromium-126-llvm-17.patch | 29 +++++++++++++++++++ .../chromium/patches/chromium-126-rust.patch | 21 ++++++++++++++ 3 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-126-llvm-17.patch create mode 100644 pkgs/applications/networking/browsers/chromium/patches/chromium-126-rust.patch diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index e7597249acdb..a5560acd8ad8 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -269,9 +269,15 @@ let # Chromium reads initial_preferences from its own executable directory # This patch modifies it to read /etc/chromium/initial_preferences ./patches/chromium-initial-prefs.patch - ] ++ lib.optionals (chromiumVersionAtLeast "120") [ - # We need to revert this patch to build M120+ with LLVM 17: + ] ++ lib.optionals (versionRange "120" "126") [ + # Partial revert to build M120+ with LLVM 17: + # https://github.com/chromium/chromium/commit/02b6456643700771597c00741937e22068b0f956 + # https://github.com/chromium/chromium/commit/69736ffe943ff996d4a88d15eb30103a8c854e29 ./patches/chromium-120-llvm-17.patch + ] ++ lib.optionals (chromiumVersionAtLeast "126") [ + # Rebased variant of patch right above to build M126+ with LLVM 17. + # staging-next will bump LLVM to 18, so we will be able to drop this soon. + ./patches/chromium-126-llvm-17.patch ] ++ lib.optionals (!chromiumVersionAtLeast "119.0.6024.0") [ # Fix build with at-spi2-core ≥ 2.49 # This version is still needed for electron. @@ -286,11 +292,14 @@ let commit = "b9bef8e9555645fc91fab705bec697214a39dbc1"; hash = "sha256-CJ1v/qc8+nwaHQR9xsx08EEcuVRbyBfCZCm/G7hRY+4="; }) - ] ++ lib.optionals (chromiumVersionAtLeast "121") [ + ] ++ lib.optionals (versionRange "121" "126") [ # M121 is the first version to require the new rust toolchain. # Partial revert of https://github.com/chromium/chromium/commit/3687976b0c6d36cf4157419a24a39f6770098d61 # allowing us to use our rustc and our clang. ./patches/chromium-121-rust.patch + ] ++ lib.optionals (chromiumVersionAtLeast "126") [ + # Rebased variant of patch right above to build M126+ with our rust and our clang. + ./patches/chromium-126-rust.patch ]; postPatch = '' diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-126-llvm-17.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-126-llvm-17.patch new file mode 100644 index 000000000000..ea059d884b5a --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-126-llvm-17.patch @@ -0,0 +1,29 @@ +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index 6efe967eb0a1c..590a2c274ac13 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -568,24 +568,6 @@ config("compiler") { + } + } + +- # TODO(crbug.com/40283598): This causes binary size growth and potentially +- # other problems. +- # TODO(crbug.com/40284925): This isn't supported by Cronet's mainline llvm version. +- if (default_toolchain != "//build/toolchain/cros:target" && +- !llvm_android_mainline) { +- cflags += [ +- "-mllvm", +- "-split-threshold-for-reg-with-hint=0", +- ] +- if (use_thin_lto && is_a_target_toolchain) { +- if (is_win) { +- ldflags += [ "-mllvm:-split-threshold-for-reg-with-hint=0" ] +- } else { +- ldflags += [ "-Wl,-mllvm,-split-threshold-for-reg-with-hint=0" ] +- } +- } +- } +- + # TODO(crbug.com/40192287): Investigate why/if this should be needed. + if (is_win) { + cflags += [ "/clang:-ffp-contract=off" ] diff --git a/pkgs/applications/networking/browsers/chromium/patches/chromium-126-rust.patch b/pkgs/applications/networking/browsers/chromium/patches/chromium-126-rust.patch new file mode 100644 index 000000000000..776655babdd2 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/patches/chromium-126-rust.patch @@ -0,0 +1,21 @@ +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index 6efe967eb0a1c..2ddae4efacbfa 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -1653,16 +1653,6 @@ config("runtime_library") { + configs += [ "//build/config/c++:runtime_library" ] + } + +- # Rust and C++ both provide intrinsics for LLVM to call for math operations. We +- # want to use the C++ intrinsics, not the ones in the Rust compiler_builtins +- # library. The Rust symbols are marked as weak, so that they can be replaced by +- # the C++ symbols. This config ensures the C++ symbols exist and are strong in +- # order to cause that replacement to occur by explicitly linking in clang's +- # compiler-rt library. +- if (is_clang && toolchain_has_rust) { +- configs += [ "//build/config/clang:compiler_builtins" ] +- } +- + # TODO(crbug.com/40570904): Come up with a better name for is POSIX + Fuchsia + # configuration. + if (is_posix || is_fuchsia) { From 4942c64484400fe046785efe3b95cc45c2c8fb41 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 12 Jun 2024 03:43:56 +0200 Subject: [PATCH 4/4] chromium: 125.0.6422.141 -> 126.0.6478.55 https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html This update includes 21 security fixes. CVEs: CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845 CVE-2024-5846 CVE-2024-5847 --- .../networking/browsers/chromium/upstream-info.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index c68dd0c24658..93d02bb556f4 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -9,14 +9,14 @@ }; deps = { gn = { - hash = "sha256-lrVAb6La+cvuUCNI90O6M/sheOEVFTjgpfA3O/6Odp0="; - rev = "d823fd85da3fb83146f734377da454473b93a2b2"; + hash = "sha256-mNoQeHSSM+rhR0UHrpbyzLJC9vFqfxK1SD0X8GiRsqw="; + rev = "df98b86690c83b81aedc909ded18857296406159"; url = "https://gn.googlesource.com/gn"; - version = "2024-04-10"; + version = "2024-05-13"; }; }; - hash = "sha256-8Qe1hgDEjvdAf2ao4CIieC7l2pTSIPLTZb+vdctUEo0="; - version = "125.0.6422.141"; + hash = "sha256-nXRzISkU37TIgV8rjO0qgnhq8uM37M6IpMoGHdsOGIM="; + version = "126.0.6478.55"; }; ungoogled-chromium = { deps = {