Commit Graph

803 Commits

Author SHA1 Message Date
Michael Weiss
97677fa34f
chromiumDev: Unmark the build as broken
The build succeeds again as dirmd is no longer required for building.
2020-11-21 00:27:27 +01:00
Michael Weiss
54673b1f3b
chromium: 86.0.4240.198 -> 87.0.4280.66
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This update includes 33 security fixes.

CVEs:
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021
CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027
CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2019-8075
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16012 CVE-2020-16036

Note: We'll finally build with use_ozone=true on Hydra now :) \o/
2020-11-17 22:53:12 +01:00
Michael Weiss
b91153fd7a
chromium: 86.0.4240.193 -> 86.0.4240.198
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

This update includes 2 security fixes. Google is aware of reports that
exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

CVEs: CVE-2020-16013 CVE-2020-16017
2020-11-12 12:39:24 +01:00
Michael Weiss
841664a172
chromium: 86.0.4240.183 -> 86.0.4240.193
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

This update includes 1 security fix (no CVE).
2020-11-10 12:11:55 +01:00
Michael Weiss
197ddbced2
mesa: Replace all usages of old aliases 2020-11-08 22:56:55 +01:00
Michael Weiss
d7f5386474
chromium: Extend update.py to automatically update gn
The gn version depends on the channel and new gn versions aren't always
backward compatible. Therefore we should also include it in
upstream-info.json (I've scoped it under "deps" as we'll likely have to
add more like this in the future).
2020-11-03 20:00:25 +01:00
Michael Weiss
531decc11d
chromium: 86.0.4240.111 -> 86.0.4240.183
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html

This update includes 10 security fixes. Google is aware of reports that
an exploit for CVE-2020-16009 exists in the wild.

CVEs:
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007
CVE-2020-16008 CVE-2020-16009 CVE-2020-16011
2020-11-03 11:14:20 +01:00
Michael Weiss
7c700c9ff6
chromium: Drop useVaapi (was deprecated) 2020-10-29 13:48:38 +01:00
TredwellGit
2bb011032c
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.

LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.

PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.

CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.

Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 12:27:40 +02:00
Michael Weiss
7c76eafdb7
chromiumDev: Mark as broken for now 2020-10-23 19:47:43 +02:00
Michael Weiss
50a2f50acb
chromiumDev: 88.0.4292.2 -> 88.0.4298.4
This should also fix VA-API for chromiumBeta (though that part needs
some cleanup). However, chromiumDev likely still fails due to the
absence of dirmd (not included in the tarball so far, we might have to
package and add it as a dependency).
2020-10-23 17:49:46 +02:00
Michael Weiss
b36db49ae7
chromium: Add some brief documentation
Wanted to do this for a long time to collect important knowledge and
make it easier to pass maintainership.
Only time will tell if this'll be useful or become outdated instead.
2020-10-23 11:39:05 +02:00
TredwellGit
7dc2d9f819 chromium: 86.0.4240.75 -> 86.0.4240.111
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003
2020-10-22 00:38:17 +00:00
Vladimír Čunát
65d6adcf3e
Merge #100713: chromium: build on all cores 2020-10-20 20:58:16 +02:00
conferno
c557c27ac3
chromium: fix build on i686 (#100512)
ld.gold runs out of memory on i686.
2020-10-16 19:37:28 +02:00
volth
8e861c07ce chromium: build on $NIX_BUILD_CORES 2020-10-16 13:09:54 +00:00
volth
5742fcdfa9 chromium: build on all cores 2020-10-16 11:22:28 +00:00
Michael Weiss
aee3076ba7
chromiumDev: M87 -> M88 2020-10-16 11:58:20 +02:00
Michael Weiss
a667bc7ae1
chromiumBeta: M86 -> M87 2020-10-15 20:46:24 +02:00
Michael Weiss
015c5a2be6
chromium: Drop the libwebp include patch
Chromium 86.0.4240.75 builds fine without this patch. And since
WEBP_MAX_DIMENSION is the same in the system libwebp this patch should
not be required anymore (it was introduced in 06ec2a9f19, apparently to
fix the build).
2020-10-15 14:33:15 +02:00
Mario Rodas
e24a4b950c
Merge pull request #100415 from taku0/flashplayer-32.0.0.445
flashplayer: 32.0.0.433 -> 32.0.0.445 [Critical security fix]
2020-10-13 22:08:54 -05:00
Michael Weiss
89003c67a1
Merge pull request #100110 from TredwellGit/chromium
chromium: speed up build and enable system ffmpeg, libjpeg, and zlib
2020-10-13 15:07:30 +02:00
taku0
52dcd5b211 flashplayer: 32.0.0.433 -> 32.0.0.445 2020-10-13 21:13:22 +09:00
TredwellGit
eb74717477 chromium: enable system ffmpeg, libjpeg, and zlib 2020-10-09 21:29:16 +00:00
TredwellGit
a7cbf67a24 chromium: disable symbols
By default GN produces a build with all of the debug assertions enabled (is_debug=true) and including full debug info (symbol_level=2). Setting symbol_level=1 will produce enough information for stack traces, but not line-by-line debugging. Setting symbol_level=0 will include no debug symbols at all. Either will speed up the build compared to full symbols.
2020-10-09 21:24:20 +00:00
Michael Weiss
73b67da169
chromium: Disable VA-API by default
This is done to avoid driver specific issues and restores the previous
behaviour. Like before video acceleration can be enabled without having
to rebuild Chromium.
2020-10-09 21:59:48 +02:00
TredwellGit
757bbdd948
chromium: Fix and enable our ANGLE support
This will additionally install the following files:
libEGL.so libGLESv2.so
libVkICD_mock_icd.so libvk_swiftshader.so libvulkan.so

libEGL.so and libGLESv2.so are required to fix our ANGLE support.
The rest should help with the Vulkan support (currently an experimental
feature that is disabled by default).
2020-10-07 20:37:35 +02:00
Michael Weiss
f79703e50c
chromium: 85.0.4183.121 -> 86.0.4240.75
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

This update includes 35 security fixes.

CVEs:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989
2020-10-07 20:37:35 +02:00
Michael Weiss
d1a27a5f00
chromium: 85.0.4183.102 -> 85.0.4183.121
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html

This update includes 10 security fixes.

CVEs:
CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963
CVE-2020-15965 CVE-2020-15966 CVE-2020-15964
2020-09-22 13:58:22 +02:00
Gabriel Ebner
705ecdc192 chromium: use jre8 2020-09-19 14:06:14 +02:00
Michael Weiss
8129917320
Merge pull request #97515 from primeos/chromium
chromium: 85.0.4183.83 -> 85.0.4183.102
2020-09-10 19:56:34 +02:00
Michael Weiss
e249baca22
chromiumDev: M86 -> M87 2020-09-10 12:31:00 +02:00
Michael Weiss
ceb3acfa8b
chromium: update.py: Keep the channel order consistent
This makes Git diffs way easier to read.
Using sort_keys=True is usually better but with this implementation the
output is a bit nicer to read IMO.
2020-09-10 12:30:03 +02:00
Michael Weiss
a9c78519d6
chromium: 85.0.4183.83 -> 85.0.4183.102
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

This update includes 5 security fixes.

CVEs:
CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959
2020-09-09 09:57:45 +02:00
taku0
807e4ae439 flashplayer: 32.0.0.414 -> 32.0.0.433 2020-09-08 15:15:04 +09:00
Michael Weiss
1fa610bdf0
chromium: Prefix $PATH with xdg_utils (#96922)
This is required for certain URIs that require launching external
programs (e.g. mailto:, magnet:, or irc:) or setting the default browser
via xdg-settings.
Fix #96897 and fix #92751.
2020-09-06 23:20:30 +02:00
Tethys Svensson
2927a19be3 chromium: Unblock nixos-unstable by using the correct argument to fetchurl 2020-09-06 14:54:42 +02:00
Florian Klink
c7a503bf2e Revert "chromiumDev: 86.0.4240.8 -> 87.0.4252.0"
This reverts commit 5da66561d1.

It seems the chromium build now unconditionally tries to enable ozone
(even though we disable it), causing the build to fail (as we only
provide xkbcommon when enabling Ozone):

```
configuring
ERROR at //build/config/linux/pkg_config.gni:103:17: Script returned non-zero exit code.
    pkgresult = exec_script(pkg_config_script, args, "value")
                ^----------
Current dir: /build/chromium-87.0.4252.0/out/Release/
Command: python /build/chromium-87.0.4252.0/build/config/linux/pkg-config.py xkbcommon
Returned 1.
stderr:

Package xkbcommon was not found in the pkg-config search path.
Perhaps you should add the directory containing `xkbcommon.pc'
to the PKG_CONFIG_PATH environment variable
No package 'xkbcommon' found
Could not run pkg-config.

See //ui/events/ozone/layout/BUILD.gn:12:3: whence it was called.
  pkg_config("xkbcommon") {
  ^------------------------
See //chrome/test/chromedriver/BUILD.gn:273:15: which caused the file to be included.
    deps += [ "//ui/events/ozone/layout" ]
              ^-------------------------
builder for '/nix/store/2dqhrd2qzyms078wnvwv6ays53ppvgc2-chromium-unwrapped-87.0.4252.0.drv' failed with exit code 1
cannot build derivation '/nix/store/4iyhgzsmpx80v75hvk1jycwzanw4z5dn-chromium-dev-87.0.4252.0.drv': 1 dependencies couldn't be built
```
2020-09-05 12:00:48 +02:00
Florian Klink
6c92847e81 chromiumBeta: 85.0.4183.83 -> 86.0.4240.22 2020-09-05 11:25:38 +02:00
Florian Klink
5da66561d1 chromiumDev: 86.0.4240.8 -> 87.0.4252.0 2020-09-05 11:24:57 +02:00
Alyssa Ross
de69b705d2 chromium: replace update.nix with Python impl
update.nix was a huuuuge hack, abusing checksum collisions, etc., and
was extremely difficult to read and maintain, especially because
values from update.nix were also used in the derivations themselves!

I've replaced this with an implementation in Python, which I chose for
readability.  Rather than generating Nix, I chose to
generate JSON, since Python can do that in the standard library and
Nix can read it.

I also set update.py as an updateScript, so Chromium can now
automatically be updated!

Fixes: https://github.com/NixOS/nixpkgs/issues/89635
2020-09-05 11:20:13 +02:00
Alyssa Ross
5811b6c1cd chromiumDev: 86.0.4238.0 -> 86.0.4240.8 2020-09-05 11:08:50 +02:00
Matthew Bauer
25ac498482
Merge pull request #96404 from matthewbauer/gcc-cross
Fix cycle detected in Darwin->Linux cross GCC
2020-08-26 16:17:14 -05:00
Michael Weiss
9a96d71f71
chromiumDev: Unbreak the build by using LLVM 11 2020-08-26 22:29:07 +02:00
Michael Weiss
b8fb1e15b9
Merge pull request #96308 from primeos/chromium
chromium: 84.0.4147.135 -> 85.0.4183.83
2020-08-26 22:27:11 +02:00
Michael Weiss
8815c9e186
chromiumDev: Fix "patchShebangs ."
Note: The following might also need to be updated:
substituteStream(): WARNING: pattern '/usr/share/xcb' doesn't match anything in file 'ui/gfx/x/BUILD.gn'
2020-08-26 14:33:18 +02:00
Michael Weiss
bf0e13a322
chromiumDev: Drop the optional VA-API patches
I didn't look into this yet but IIRC M86 will finally have a flag for
Linux to enable VA-API. So we shouldn't need
enable-video-acceleration-on-linux.patch anymore.

But we likely need to update enable-vdpau-support-for-nvidia.patch
when/before M86 hits the stable channel if we want to keep VDPAU
support.
2020-08-26 14:30:49 +02:00
Michael Weiss
2213c464f6
chromiumDev: Drop nix_plugin_paths_68.patch
Ok, so I was about to update the patch (didn't apply anymore) when I
also started looking at it's usage and realized that
NIX_CHROMIUM_PLUGIN_PATH_ (and other substrings) only appears in the
patch itself (i.e. it seemed like we don't need this patch anymore).

Turns out that we have this patch since 2014 (1b84fbf0ca) and it was
only ever used for NIX_CHROMIUM_PLUGIN_PATH_WIDEVINE (and from the log
it isn't clear if/when or how well that worked). But in 2019 that last
usage got removed (545d58a1ef) so we should be able to safely drop this
patch now :) \o/

(I just wanted to note that as it seemed somewhat of a funny story :D
But there is of course nothing wrong with it.)
Git history (git log --oneline -S NIX_CHROMIUM_PLUGIN_PATH_):
7205bd64a3 ungoogled-chromium: init at 81.0.4044.92-2
545d58a1ef chromium: fix widevine
cd3283f921 chromium: 67.0.3396.99 -> 68.0.3440.75
72d7b5ddb1 chromium: fix nix_plugin_paths for 68+
7a3a16dd80 chromium: Remove plugin paths patch for version 50
79d18eb604 chromium: Update dev channel to v52.0.2743.10
c7a3645e7b chromium: Remove stuff for versions <= v51
8b97ca270e chromium: Update all channels to latest versions
b9093f1c64 chromium: Updates, fixes #11492
471cdd15e2 chromium: Update beta and dev channels.
5c6aa391fc chromium: Cleanup old patch and update stable
af54ddf8b6 chromium: Drop plugin_paths patch for old versions.
6a8afa4bb3 chromium: Fix plugin_paths patch for version 44.
0aad4b7ee4 chromium: Update all channels to latest versions.
1b84fbf0ca chromium: Allow env vars for passing plugin paths.
2020-08-26 14:30:49 +02:00
Michael Weiss
25aed428aa
chromium: Make the gnChromium overrides depend on the version
This is more robust than depending on the channel, though the version
should only matter if the configuration phase fails.
This also switches to the intended version for `chromium` which should
be higher since M85 is in the stable channel.

Thanks `@volth` for pointing this out.
2020-08-25 23:22:41 +02:00
Michael Weiss
4252ba90f4
chromium: 84.0.4147.135 -> 85.0.4183.83
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

This update includes 20 security fixes.

CVEs:
CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562
CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567
CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571
2020-08-25 22:36:56 +02:00