mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
chromium: 77.0.3865.90 -> 77.0.3865.120
CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 Disable jumbo mode because upstream dropped support for it. (See chromium-dev "We're removing support for the jumbo build") This makes builds take about 3x as long, but we have no alternative.
This commit is contained in:
parent
ccc06a7e01
commit
f45798e544
|
@ -96,18 +96,9 @@ let
|
||||||
buildPath = "out/${buildType}";
|
buildPath = "out/${buildType}";
|
||||||
libExecPath = "$out/libexec/${packageName}";
|
libExecPath = "$out/libexec/${packageName}";
|
||||||
|
|
||||||
versionRange = min-version: upto-version:
|
|
||||||
let inherit (upstream-info) version;
|
|
||||||
result = versionAtLeast version min-version && versionOlder version upto-version;
|
|
||||||
stable-version = (import ./upstream-info.nix).stable.version;
|
|
||||||
in if versionAtLeast stable-version upto-version
|
|
||||||
then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
|
|
||||||
result
|
|
||||||
else result;
|
|
||||||
|
|
||||||
base = rec {
|
base = rec {
|
||||||
name = "${packageName}-unwrapped-${version}";
|
name = "${packageName}-unwrapped-${version}";
|
||||||
inherit (upstream-info) version;
|
inherit (upstream-info) channel version;
|
||||||
inherit packageName buildType buildPath;
|
inherit packageName buildType buildPath;
|
||||||
|
|
||||||
src = upstream-info.main;
|
src = upstream-info.main;
|
||||||
|
@ -125,19 +116,22 @@ let
|
||||||
glib gtk3 dbus-glib
|
glib gtk3 dbus-glib
|
||||||
libXScrnSaver libXcursor libXtst libGLU_combined
|
libXScrnSaver libXcursor libXtst libGLU_combined
|
||||||
pciutils protobuf speechd libXdamage at-spi2-core
|
pciutils protobuf speechd libXdamage at-spi2-core
|
||||||
|
jdk.jre
|
||||||
] ++ optional gnomeKeyringSupport libgnome-keyring3
|
] ++ optional gnomeKeyringSupport libgnome-keyring3
|
||||||
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
|
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
|
||||||
++ optionals cupsSupport [ libgcrypt cups ]
|
++ optionals cupsSupport [ libgcrypt cups ]
|
||||||
++ optional useVaapi libva
|
++ optional useVaapi libva
|
||||||
++ optional pulseSupport libpulseaudio
|
++ optional pulseSupport libpulseaudio;
|
||||||
++ optional (versionAtLeast version "72") jdk.jre;
|
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
./patches/nix_plugin_paths_68.patch
|
./patches/nix_plugin_paths_68.patch
|
||||||
./patches/remove-webp-include-69.patch
|
./patches/remove-webp-include-69.patch
|
||||||
./patches/jumbo-sorted.patch
|
|
||||||
./patches/no-build-timestamps.patch
|
./patches/no-build-timestamps.patch
|
||||||
|
] ++ optionals (channel == "stable" || channel == "beta") [
|
||||||
./patches/widevine.patch
|
./patches/widevine.patch
|
||||||
|
] ++ optionals (channel == "dev") [
|
||||||
|
./patches/widevine-79.patch
|
||||||
|
] ++ optionals (channel == "stable") [
|
||||||
# Revert "Implement GetFallbackFont on Linux" to fix a performance regression
|
# Revert "Implement GetFallbackFont on Linux" to fix a performance regression
|
||||||
# Remove after https://bugs.chromium.org/p/chromium/issues/detail?id=1003997 is fixed
|
# Remove after https://bugs.chromium.org/p/chromium/issues/detail?id=1003997 is fixed
|
||||||
(fetchpatch {
|
(fetchpatch {
|
||||||
|
@ -153,7 +147,7 @@ let
|
||||||
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
|
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
|
||||||
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
|
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
|
||||||
#
|
#
|
||||||
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
|
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
|
||||||
] ++ optionals (useVaapi) [
|
] ++ optionals (useVaapi) [
|
||||||
# source: https://aur.archlinux.org/cgit/aur.git/plain/chromium-vaapi.patch?h=chromium-vaapi
|
# source: https://aur.archlinux.org/cgit/aur.git/plain/chromium-vaapi.patch?h=chromium-vaapi
|
||||||
./patches/chromium-vaapi.patch
|
./patches/chromium-vaapi.patch
|
||||||
|
@ -234,9 +228,6 @@ let
|
||||||
use_gold = true;
|
use_gold = true;
|
||||||
gold_path = "${stdenv.cc}/bin";
|
gold_path = "${stdenv.cc}/bin";
|
||||||
is_debug = false;
|
is_debug = false;
|
||||||
# Use jumbo for a 2x (at least) compilation speedup, except where it is currently broken:
|
|
||||||
# https://gist.github.com/ivan/6fe7014c1b1cc35dec133fa6de0549d9
|
|
||||||
use_jumbo_build = (version != "78.0.3904.17");
|
|
||||||
|
|
||||||
proprietary_codecs = false;
|
proprietary_codecs = false;
|
||||||
use_sysroot = false;
|
use_sysroot = false;
|
||||||
|
|
|
@ -62,7 +62,7 @@ in let
|
||||||
if upstream-info.channel == "stable" then
|
if upstream-info.channel == "stable" then
|
||||||
"./opt/google/chrome/libwidevinecdm.so"
|
"./opt/google/chrome/libwidevinecdm.so"
|
||||||
else if upstream-info.channel == "beta" then
|
else if upstream-info.channel == "beta" then
|
||||||
"./opt/google/chrome-beta/libwidevinecdm.so"
|
"./opt/google/chrome-beta/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
|
||||||
else if upstream-info.channel == "dev" then
|
else if upstream-info.channel == "dev" then
|
||||||
"./opt/google/chrome-unstable/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
|
"./opt/google/chrome-unstable/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
--- chromium-70.0.3538.67/build/config/merge_for_jumbo.py.old 2018-10-25 19:15:54.578222230 +0300
|
|
||||||
+++ chromium-70.0.3538.67/build/config/merge_for_jumbo.py 2018-10-25 19:20:44.397613032 +0300
|
|
||||||
@@ -132,6 +132,8 @@
|
|
||||||
assert not inputs
|
|
||||||
continue
|
|
||||||
|
|
||||||
+ inputs.sort()
|
|
||||||
+ outputs.sort()
|
|
||||||
write_jumbo_files(inputs, outputs, written_input_set, written_output_set)
|
|
||||||
|
|
||||||
assert set(args.outputs) == written_output_set, "Did not fill all outputs"
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
diff --git a/third_party/widevine/cdm/widevine_cdm_version.h b/third_party/widevine/cdm/widevine_cdm_version.h
|
||||||
|
index dd6efed02646..4d8b2b7d85f7 100644
|
||||||
|
--- a/third_party/widevine/cdm/widevine_cdm_version.h
|
||||||
|
+++ b/third_party/widevine/cdm/widevine_cdm_version.h
|
||||||
|
@@ -11,5 +11,6 @@
|
||||||
|
// If the Widevine CDM is available define the following:
|
||||||
|
// - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
|
||||||
|
// as a string, e.g., "1.0.123.456").
|
||||||
|
+#define WIDEVINE_CDM_VERSION_STRING "undefined"
|
||||||
|
|
||||||
|
#endif // WIDEVINE_CDM_VERSION_H_
|
|
@ -1,18 +1,18 @@
|
||||||
# This file is autogenerated from update.sh in the same directory.
|
# This file is autogenerated from update.sh in the same directory.
|
||||||
{
|
{
|
||||||
beta = {
|
beta = {
|
||||||
sha256 = "1hzgzmrn0d6cqvqnqayl048zwlcx0f7azg2rhvm7p13lvyqzsk00";
|
sha256 = "0al26nfcxa00gvgn02iasjm53wq089r3c6b3rqqanljffng565y7";
|
||||||
sha256bin64 = "0p3275ii8800swlfmljbdrvyqjd5nlw0vgv2my4r8ccszgbhidbd";
|
sha256bin64 = "0qfj08adqn19sxsgd98fy5l23cikvfkpzkz9mqq90mlabmhhrp0z";
|
||||||
version = "77.0.3865.90";
|
version = "78.0.3904.50";
|
||||||
};
|
};
|
||||||
dev = {
|
dev = {
|
||||||
sha256 = "0zka01ml3hbximswzkkqbqq8wpiz8f4fq4wx5fys002hi69l296l";
|
sha256 = "0ck52j5acdns7vqqvb665xpc68yl6qz0ca8lwjfhriw5hn8g1pjy";
|
||||||
sha256bin64 = "0nrip45s0ylri34vlpf16xlwv3ybmy2jg7dz8l9rvgbdwwdzdb75";
|
sha256bin64 = "073gxyfayrb1dqsq8ngmnrs8ajwwrr2qbs311ns64davn1z3sscf";
|
||||||
version = "78.0.3904.17";
|
version = "79.0.3928.4";
|
||||||
};
|
};
|
||||||
stable = {
|
stable = {
|
||||||
sha256 = "1hzgzmrn0d6cqvqnqayl048zwlcx0f7azg2rhvm7p13lvyqzsk00";
|
sha256 = "1y3ay0ppwakbw2hqrmxbv4ykil8dahf62ypld17ddkqxkfqgk4np";
|
||||||
sha256bin64 = "1npx867j39mdyivf8nlkcfwgq7j34hl7s948vf6h2kqni0y50hzl";
|
sha256bin64 = "0j1sk36nfmhx6nk8lmsdi93vcrmn58pidhb5hzkapx8mgk6xraq7";
|
||||||
version = "77.0.3865.90";
|
version = "77.0.3865.120";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue