3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

108 commits

Author SHA1 Message Date
Michael Weiss adccc8b65b
chromiumBeta: 89.0.4389.58 -> 89.0.4389.69 2021-02-27 16:35:48 +01:00
Michael Weiss 62df868822
ungoogled-chromium: 88.0.4324.150 -> 88.0.4324.182 2021-02-19 19:47:38 +01:00
Michael Weiss 8df4ea8d28
chromiumDev: 90.0.4412.3 -> 90.0.4421.5 2021-02-19 19:45:39 +01:00
Michael Weiss 849bd20271
chromiumBeta: 89.0.4389.47 -> 89.0.4389.58 2021-02-18 12:13:16 +01:00
TredwellGit c3181699cd chromium: 88.0.4324.150 -> 88.0.4324.182
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html

This update includes 10 security fixes.

CVEs:
CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152
CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157
2021-02-17 05:43:11 +00:00
Michael Weiss d35eb344f8
chromiumBeta: 89.0.4389.40 -> 89.0.4389.47 2021-02-11 12:37:06 +01:00
Michael Weiss ed6ccd4b27
chromiumDev: 90.0.4408.0 -> 90.0.4412.3 2021-02-09 22:35:08 +01:00
Michael Weiss 43161bc2b7
ungoogled-chromium: 88.0.4324.146 -> 88.0.4324.150 2021-02-09 15:24:38 +01:00
Michael Weiss 06d0d8ecfa
chromiumDev: 90.0.4400.8 -> 90.0.4408.0 2021-02-06 00:55:35 +01:00
Michael Weiss ad588f04d4
chromium: 88.0.4324.146 -> 88.0.4324.150
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html

This update includes 1 security fix. Google is aware of reports that an
exploit for CVE-2021-21148 exists in the wild.

CVEs: CVE-2021-21148
2021-02-05 21:03:36 +01:00
Michael Weiss 6f0de2b041
chromiumBeta: 89.0.4389.23 -> 89.0.4389.40 2021-02-04 11:42:14 +01:00
Michael Weiss bdf7d732d3
ungoogled-chromium: 88.0.4324.104 -> 88.0.4324.146 (security) 2021-02-03 12:38:21 +01:00
Michael Weiss 4fe69d33ae
chromium: 88.0.4324.96 -> 88.0.4324.146
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html

This update includes 6 security fixes.

CVEs:
CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145
CVE-2021-21146 CVE-2021-21147
2021-02-03 12:38:09 +01:00
Michael Weiss 268600e6b7
ungoogled-chromium: 87.0.4280.141 -> 88.0.4324.104
Unfortunately this requires a crazy hack to support building with
Google's proprietary Widevine DRM technology as that requires fetching
the Google Chrome sources (see also 86ff1e45ce).
The hack is required because ungoogled-chromium doesn't always use tags
that correspond to a Google Chrome release.
2021-01-30 19:22:22 +01:00
Michael Weiss 11ec29dd70
chromiumDev: 89.0.4389.23 -> 90.0.4400.8 2021-01-28 21:30:26 +01:00
Michael Weiss a7339c3a24
chromiumBeta: 88.0.4324.96 -> 89.0.4389.23 2021-01-28 21:30:25 +01:00
Michael Weiss bfc1cee4bf
chromiumDev: 89.0.4389.9 -> 89.0.4389.23 2021-01-28 15:45:00 +01:00
Michael Weiss f5de4608de
chromiumDev: 89.0.4385.0 -> 89.0.4389.9 2021-01-21 11:53:53 +01:00
Michael Weiss 5b6d3c4b13
chromium: 87.0.4280.141 -> 88.0.4324.96
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

This update includes 36 security fixes.

CVEs:
CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120
CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124
CVE-2021-21125 CVE-2020-16044 CVE-2021-21126 CVE-2021-21127
CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131
CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135
CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139
CVE-2021-21140 CVE-2021-21141
2021-01-19 20:56:29 +01:00
Michael Weiss 101d42849d
chromiumBeta: 88.0.4324.87 -> 88.0.4324.96 2021-01-19 13:25:47 +01:00
Michael Weiss aee78d463e
ungoogled-chromium: 87.0.4280.88 -> 87.0.4280.141 (security)
I did a quick, automated test by reusing the VM test for Chromium.
2021-01-18 14:56:32 +01:00
Michael Weiss c0e177d09f
chromiumBeta: 88.0.4324.79 -> 88.0.4324.87 2021-01-14 20:36:28 +01:00
Michael Weiss 79150e0573
chromiumDev: 89.0.4381.6 -> 89.0.4385.0 2021-01-13 17:43:12 +01:00
Michael Weiss 84840c81e3
chromiumDev: 89.0.4356.6 -> 89.0.4381.6 2021-01-09 14:53:20 +01:00
Michael Weiss f274df0cda
chromiumBeta: 88.0.4324.50 -> 88.0.4324.79 2021-01-08 12:48:31 +01:00
TredwellGit ba0068cf9e chromium: 87.0.4280.88 -> 87.0.4280.141
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

This update includes 16 security fixes.

CVEs:
CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109
CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113
CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115
CVE-2021-21116
2021-01-07 01:59:35 +00:00
Michael Weiss 86ff1e45ce
ungoogled-chromium: Support enableWideVine=true
Building with Google's proprietary Widevine DRM technology requires
fetching the Google Chrome sources.
2020-12-22 13:35:40 +01:00
Michael Weiss 94bee10904
ungoogled-chromium: Support automatic updates via update.py 2020-12-18 19:10:45 +01:00
Michael Weiss 40199cd3d8
chromiumDev: 89.0.4350.4 -> 89.0.4356.6 2020-12-18 13:02:51 +01:00
Michael Weiss 39c5d116a2
chromiumBeta: 88.0.4324.41 -> 88.0.4324.50 2020-12-17 21:02:14 +01:00
Michael Weiss f5944b74e6
Merge pull request #106475 from primeos/ungoogled-chromium-merge
Merge ungoogled-chromium back into the chromium expressions
2020-12-17 19:02:21 +01:00
Michael Weiss 397a5ee2ee
chromiumDev: 89.0.4343.0 -> 89.0.4350.4 2020-12-11 10:54:19 +01:00
Michael Weiss 4ea2b2129e
chromiumBeta: 88.0.4324.27 -> 88.0.4324.41 2020-12-10 17:43:52 +01:00
Michael Weiss 240a8f746e
ungoogled-chromium: Move ungoogled-src.nix into upstream-info.json
This also adds a dedicated channel for ungoogled-chromium that enables
us to update ungoogled-chromium independently of chromium.
TODO: Automate ungoogled-chromium updates via update.py (currently it
needs to be updated manually).

Note: Unfortunately this changes the ungoogled-chromium derivation
because common.nix passes the channel as an argument to
stdenv.mkDerivation (this makes it more difficult to verify this commit
but the result should remain the same).
2020-12-10 17:41:22 +01:00
Michael Weiss d35b635628
chromedriver.src: Update the hash
I just regenerated upstream-info.json using update.py again and got a
different hash this time (but the same hash as in #106272). Therefore,
the only possible explanation I have is that upstream changed the file
that is hosted at [0]. I'll try to contact upstream regarding this.

Fix #106272.

[0]: https://chromedriver.storage.googleapis.com/87.0.4280.88/chromedriver_linux64.zip
2020-12-08 13:46:47 +01:00
Michael Weiss f4419dd970
chromiumDev: 88.0.4324.27 -> 89.0.4343.0 2020-12-04 19:21:57 +01:00
Michael Weiss beb83591fb
chromiumBeta: 87.0.4280.66 -> 88.0.4324.27 2020-12-04 19:21:57 +01:00
Michael Weiss 36d40f77a9
chromium: 87.0.4280.66 -> 87.0.4280.88
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html

This update includes 0 security fixes.
2020-12-03 10:36:48 +01:00
Michael Weiss 8eb2551e51
chromiumDev: 88.0.4324.11 -> 88.0.4324.27 2020-12-02 11:43:43 +01:00
Michael Weiss 6aea53c3ce
chromedriver: Switch to Chromium's upstream-info.json (#105054)
This enables automatic updates and fixes #85629.
2020-11-27 12:38:07 +01:00
Michael Weiss 97677fa34f
chromiumDev: Unmark the build as broken
The build succeeds again as dirmd is no longer required for building.
2020-11-21 00:27:27 +01:00
Michael Weiss 54673b1f3b
chromium: 86.0.4240.198 -> 87.0.4280.66
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This update includes 33 security fixes.

CVEs:
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021
CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027
CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2019-8075
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16012 CVE-2020-16036

Note: We'll finally build with use_ozone=true on Hydra now :) \o/
2020-11-17 22:53:12 +01:00
Michael Weiss b91153fd7a
chromium: 86.0.4240.193 -> 86.0.4240.198
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

This update includes 2 security fixes. Google is aware of reports that
exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

CVEs: CVE-2020-16013 CVE-2020-16017
2020-11-12 12:39:24 +01:00
Michael Weiss 841664a172
chromium: 86.0.4240.183 -> 86.0.4240.193
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

This update includes 1 security fix (no CVE).
2020-11-10 12:11:55 +01:00
Michael Weiss d7f5386474
chromium: Extend update.py to automatically update gn
The gn version depends on the channel and new gn versions aren't always
backward compatible. Therefore we should also include it in
upstream-info.json (I've scoped it under "deps" as we'll likely have to
add more like this in the future).
2020-11-03 20:00:25 +01:00
Michael Weiss 531decc11d
chromium: 86.0.4240.111 -> 86.0.4240.183
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html

This update includes 10 security fixes. Google is aware of reports that
an exploit for CVE-2020-16009 exists in the wild.

CVEs:
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007
CVE-2020-16008 CVE-2020-16009 CVE-2020-16011
2020-11-03 11:14:20 +01:00
Michael Weiss 50a2f50acb
chromiumDev: 88.0.4292.2 -> 88.0.4298.4
This should also fix VA-API for chromiumBeta (though that part needs
some cleanup). However, chromiumDev likely still fails due to the
absence of dirmd (not included in the tarball so far, we might have to
package and add it as a dependency).
2020-10-23 17:49:46 +02:00
TredwellGit 7dc2d9f819 chromium: 86.0.4240.75 -> 86.0.4240.111
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003
2020-10-22 00:38:17 +00:00
Michael Weiss aee3076ba7
chromiumDev: M87 -> M88 2020-10-16 11:58:20 +02:00
Michael Weiss a667bc7ae1
chromiumBeta: M86 -> M87 2020-10-15 20:46:24 +02:00
Michael Weiss f79703e50c
chromium: 85.0.4183.121 -> 86.0.4240.75
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

This update includes 35 security fixes.

CVEs:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989
2020-10-07 20:37:35 +02:00
Michael Weiss d1a27a5f00
chromium: 85.0.4183.102 -> 85.0.4183.121
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html

This update includes 10 security fixes.

CVEs:
CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963
CVE-2020-15965 CVE-2020-15966 CVE-2020-15964
2020-09-22 13:58:22 +02:00
Michael Weiss e249baca22
chromiumDev: M86 -> M87 2020-09-10 12:31:00 +02:00
Michael Weiss a9c78519d6
chromium: 85.0.4183.83 -> 85.0.4183.102
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

This update includes 5 security fixes.

CVEs:
CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959
2020-09-09 09:57:45 +02:00
Florian Klink c7a503bf2e Revert "chromiumDev: 86.0.4240.8 -> 87.0.4252.0"
This reverts commit 5da66561d1.

It seems the chromium build now unconditionally tries to enable ozone
(even though we disable it), causing the build to fail (as we only
provide xkbcommon when enabling Ozone):

```
configuring
ERROR at //build/config/linux/pkg_config.gni:103:17: Script returned non-zero exit code.
    pkgresult = exec_script(pkg_config_script, args, "value")
                ^----------
Current dir: /build/chromium-87.0.4252.0/out/Release/
Command: python /build/chromium-87.0.4252.0/build/config/linux/pkg-config.py xkbcommon
Returned 1.
stderr:

Package xkbcommon was not found in the pkg-config search path.
Perhaps you should add the directory containing `xkbcommon.pc'
to the PKG_CONFIG_PATH environment variable
No package 'xkbcommon' found
Could not run pkg-config.

See //ui/events/ozone/layout/BUILD.gn:12:3: whence it was called.
  pkg_config("xkbcommon") {
  ^------------------------
See //chrome/test/chromedriver/BUILD.gn:273:15: which caused the file to be included.
    deps += [ "//ui/events/ozone/layout" ]
              ^-------------------------
builder for '/nix/store/2dqhrd2qzyms078wnvwv6ays53ppvgc2-chromium-unwrapped-87.0.4252.0.drv' failed with exit code 1
cannot build derivation '/nix/store/4iyhgzsmpx80v75hvk1jycwzanw4z5dn-chromium-dev-87.0.4252.0.drv': 1 dependencies couldn't be built
```
2020-09-05 12:00:48 +02:00
Florian Klink 6c92847e81 chromiumBeta: 85.0.4183.83 -> 86.0.4240.22 2020-09-05 11:25:38 +02:00
Florian Klink 5da66561d1 chromiumDev: 86.0.4240.8 -> 87.0.4252.0 2020-09-05 11:24:57 +02:00
Alyssa Ross de69b705d2 chromium: replace update.nix with Python impl
update.nix was a huuuuge hack, abusing checksum collisions, etc., and
was extremely difficult to read and maintain, especially because
values from update.nix were also used in the derivations themselves!

I've replaced this with an implementation in Python, which I chose for
readability.  Rather than generating Nix, I chose to
generate JSON, since Python can do that in the standard library and
Nix can read it.

I also set update.py as an updateScript, so Chromium can now
automatically be updated!

Fixes: https://github.com/NixOS/nixpkgs/issues/89635
2020-09-05 11:20:13 +02:00