From 8427eb70442ac41d39104785d3dca667568ff4ad Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 14 Jul 2020 22:52:15 +0200 Subject: [PATCH] chromium: 83.0.4103.116 -> 84.0.4147.89 https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html This update includes 38 security fixes. CVEs: CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 --- .../networking/browsers/chromium/common.nix | 25 +++++++++---------- .../enable-vdpau-support-for-nvidia.patch | 9 ------- .../browsers/chromium/upstream-info.nix | 18 ++++++------- 3 files changed, 21 insertions(+), 31 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 5dbafcee837e..e538fb66bf9d 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -81,7 +81,7 @@ let # "ffmpeg" # https://crbug.com/731766 # "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together # so we can't build with one from system and other from source - ] ++ optional (versionRange "0" "84") "yasm"; + ]; opusWithCustomModes = libopus.override { withCustomModes = true; @@ -94,9 +94,10 @@ let xdg_utils minizip libwebp libusb1 re2 zlib ffmpeg_3 libxslt libxml2 + nasm # harfbuzz # in versions over 63 harfbuzz and freetype are being built together # so we can't build with one from system and other from source - ] ++ (if (versionRange "0" "84") then [ yasm ] else [ nasm ]); + ]; # build paths and release info packageName = extraAttrs.packageName or extraAttrs.name; @@ -123,9 +124,9 @@ let nativeBuildInputs = [ ninja which python2Packages.python perl pkgconfig python2Packages.ply python2Packages.jinja2 nodejs - gnutar - ] ++ optional (versionAtLeast version "83") python2Packages.setuptools - ++ optional (versionAtLeast version "84") (xorg.xcbproto.override { python = python2Packages.python; }); + gnutar python2Packages.setuptools + (xorg.xcbproto.override { python = python2Packages.python; }) + ]; buildInputs = defaultDependencies ++ [ nspr nss systemd @@ -181,6 +182,11 @@ let '/usr/share/locale/' \ '${glibc}/share/locale/' + substituteInPlace ui/gfx/x/BUILD.gn \ + --replace \ + '/usr/share/xcb' \ + '${xorg.xcbproto}/share/xcb/' + sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ chrome/browser/shell_integration_linux.cc @@ -226,16 +232,9 @@ let ln -s ${stdenv.cc}/bin/clang third_party/llvm-build/Release+Asserts/bin/clang ln -s ${stdenv.cc}/bin/clang++ third_party/llvm-build/Release+Asserts/bin/clang++ ln -s ${llvmPackages.llvm}/bin/llvm-ar third_party/llvm-build/Release+Asserts/bin/llvm-ar - '' + optionalString (versionAtLeast version "84") '' - substituteInPlace ui/gfx/x/BUILD.gn \ - --replace \ - '/usr/share/xcb' \ - '${xorg.xcbproto}/share/xcb/' ''; - gnFlags = mkGnFlags (optionalAttrs (versionRange "0" "84") { - linux_use_bundled_binutils = false; - } // { + gnFlags = mkGnFlags ({ use_lld = false; use_gold = true; gold_path = "${stdenv.cc}/bin"; diff --git a/pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch b/pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch index b5372d1a2556..8d879de7bfd8 100644 --- a/pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch +++ b/pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch @@ -31,15 +31,6 @@ // TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT // |output_mode_| as well. if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT) -@@ -1105,7 +1113,7 @@ VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() { - // depends on the bitstream and sometimes it's not enough to cover the amount - // of frames needed by the client pipeline (see b/133733739). - // TODO(crbug.com/911754): Enable for VP9 Profile 2. -- if (IsGeminiLakeOrLater() && -+ if (false && IsGeminiLakeOrLater() && - (profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) { - // Add one to the reference frames for the one being currently egressed, and - // an extra allocation for both |client_| and |decoder_|, see --- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h +++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h @@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 376d155d6f97..874e45307ebf 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,18 +1,18 @@ # This file is autogenerated from update.sh in the same directory. { beta = { - sha256 = "1s49qxg0gfmhm1lf5big6hprral21dbzjx0f1cp3xfvag9y61i7h"; - sha256bin64 = "1sjvi3qmpwpr51442324a853k6s0k59k4809k8j5sjv7h6arw0sm"; - version = "84.0.4147.56"; + sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp"; + sha256bin64 = "017ix9a74f2gzlg6in0x6fqgiw8bpk0rypr6wsqqkslywprypjd0"; + version = "84.0.4147.89"; }; dev = { - sha256 = "1gxa0jg7xff87z7wvllp84a3ii1ypgy4vfzgxs4k7kzg5x0412vi"; - sha256bin64 = "0swmn37rmvjvvdcrd002qg1wcvna06y14s3kx34bfr4zxhqk3lby"; - version = "85.0.4173.0"; + sha256 = "1dbbr7s8vbhxd0sk4k2yqp630zp1r4gzkkd2a86pzlzq2mjhsk8a"; + sha256bin64 = "0bphfwi6nkj9nzrjjaffiv27xfblgdikyifsbjl6vv2pawkh335q"; + version = "85.0.4183.15"; }; stable = { - sha256 = "1hravbi1lazmab2mih465alfzji1kzy38zya1visbwz9zs6pw35v"; - sha256bin64 = "1ggyv2b50sclnqph0r40lb8p9h3pq9aq4fj1wdszhwc4rb0cj746"; - version = "83.0.4103.116"; + sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp"; + sha256bin64 = "1hzhgvs2ykqsncpnbnhzh09sw1vlsdfjhs06z5gc80l47brdi3wz"; + version = "84.0.4147.89"; }; }