nixlib - Alyssa's collection of Nix expressions

	Commit message (Collapse)	Author	Age
*	ungoogled-chromium: 121.0.6167.184-1 -> 122.0.6261.69-1	networkException	2024-02-23
\| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html This update includes 12 security fixes. CVEs: CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676
*	chromium: 122.0.6261.57 -> 122.0.6261.69	networkException	2024-02-23
\| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html
*	chromedriver: 122.0.6261.57 -> 122.0.6261.69	networkException	2024-02-23
\|
*	chromedriver: 121.0.6167.85 -> 122.0.6261.57	emilylange	2024-02-21
\|
*	chromium: 121.0.6167.184 -> 122.0.6261.57	emilylange	2024-02-21
\| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html This update includes 12 security fixes. CVEs: CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676
*	ungoogled-chromium: 121.0.6167.160-1 -> 121.0.6167.184-1	networkException	2024-02-14
\| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html This update includes 1 security fix.
*	chromium: 121.0.6167.160 -> 121.0.6167.184	networkException	2024-02-14
\| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html This update includes 1 security fix.
*	chromium: use hashes in upstream-info.nix for tarballs in update script	networkException	2024-02-14
\| \| \| \| \| \|	this patch teaches the update script to use the hash for a recompressed chromium source tarball from the upstream-info.nix file instead of recompressing a new tarball for an already hashed version.
*	chromium: cache chromium tarball hashes in update script	networkException	2024-02-14
\| \| \| \| \| \| \| \|	this patch introduces an in memory cache for the result of hashing a chromium release tarball after recompressing and pruning it. previously updating chromium and ungoogled-chromium to the same chromium version would result in the expensive recompression happening twice.
*	ungoogled-chromium: 121.0.6167.139-1 -> 121.0.6167.160-1	networkException	2024-02-08
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html This update includes 3 security fixes. CVEs: CVE-2024-1284 CVE-2024-1283
*	chromium: 121.0.6167.139 -> 121.0.6167.160	emilylange	2024-02-07
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html This update includes 3 security fixes. CVEs: CVE-2024-1284 CVE-2024-1283
*	ungoogled-chromium: 121.0.6167.85-1 -> 121.0.6167.139-1	networkException	2024-02-01
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html This update includes 4 security fixes. CVEs: CVE-2024-1060 CVE-2024-1059 CVE-2024-1077
*	chromium: 121.0.6167.85 -> 121.0.6167.139	networkException	2024-02-01
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html This update includes 4 security fixes. CVEs: CVE-2024-1060 CVE-2024-1059 CVE-2024-1077
*	chromium: fix rust toolchain and remove M121 workaround	emilylange	2024-02-01
\| \| \| \| \| \| \| \| \| \| \| \|	The rust toolchain is required for chromium since M121. In the last major bump (M120 -> M121) we had to work around this requirement because we hadn't had our that part of our toolchain ready. Until now :) So this fixes and enables the toolchain for any chromium/electron >= 121 and removes the workaround from the last major bump.
*	ungoogled-chromium: 120.0.6099.224-1 -> 121.0.6167.85-1	networkException	2024-01-28
\| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html This update includes 17 security fixes. CVEs: CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814 CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811 CVE-2024-0809
*	chromium: work around rust toolchain requirement in M121+	emilylange	2024-01-24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	M121 is the first version to require the new rust toolchain, which we haven't ready yet. Specifically, there seems to be an issue where clang looks up library paths (with `clang_version = 17;` added to `gnFlags` (defaults to 18 and is part of the lookup path)): ``` ninja: error: '../../../../nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a', needed by 'obj/third_party/protobuf/libprotoc_lib.a', missing and no known rule to make it ``` Instead of ``` /nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a /nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/18/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a ``` it should be something like ``` /nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/resource-root/lib/linux/libclang_rt.builtins-x86_64.a ``` So to give us ever so slightly more time to figure out and fix the rust toolchain, we revert the upstream commit, that requires the rust toolchain. The c++ version of the QR code generator will be gone in the next few version bumps, meaning we can no longer work around this by then. Again, this is only to buy us ever so slightly more time. This could have been prepared better and ahead of the stable bump, but we simply don't have enough chromium maintainers right now :(
*	chromium: 120.0.6099.109 -> 121.0.6167.85	emilylange	2024-01-23
\| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html This update includes 17 security fixes. CVEs: CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814 CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811 CVE-2024-0809
*	ungoogled-chromium: 120.0.6099.216-1 -> 120.0.6099.224-1	networkException	2024-01-18
\| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html This update includes 4 security fixes. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild. CVEs: CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
*	chromium: 120.0.6099.216 -> 120.0.6099.224	David Leung	2024-01-18
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html This update includes 4 security fix. CVEs: CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
*	ungoogled-chromium: 120.0.6099.199-1 -> 120.0.6099.216-1	networkException	2024-01-11
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html This update includes 1 security fix. CVEs: CVE-2024-0333
*	chromium: 120.0.6099.199 -> 120.0.6099.216	emilylange	2024-01-10
\| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html This update includes 1 security fix. CVEs: CVE-2024-0333
*	Merge pull request #278603 from emilylange/chromium	Emily	2024-01-05
\|\ \| \| \| \|	{ungoogled-,}chromium: 120.0.6099.129 -> 120.0.6099.199, improve and move `recompressTarball`
\| *	ungoogled-chromium: 120.0.6099.129-1 -> 120.0.6099.199-1	networkException	2024-01-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html This update includes 6 security fixes. CVEs: CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
\| *	chromium: 120.0.6099.129 -> 120.0.6099.199	emilylange	2024-01-04
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html This update includes 6 security fixes. CVEs: CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
\| *	chromium: improve and move `recompressTarball`	emilylange	2024-01-04
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Recap: We need that (arguably stupid) helper function/drv because the chromium tarball is big -- and is likely to increase even more in the future. So big, that we eventually exceeded hydra.nixos.org's max-output-limit (3G). Instead of raising global hydra's limit, it was decided that we recompress the tarball after deleting unused vendored files from it. I spent a lot of time on a version/prototype that does everything (downloading, decompression, tar extraction, deleting unused files, reproducible tar recreation and finally recompression) via stdin but eventually had to scratch that. GNU tar does not allow to create a tarball just from stdin, nixpkgs' stdenv isn't built with stdin/stdout/pipes in mind, and things a lot of other things I probably already forgot. Nonetheless, this version improves multiple things: - No more `mv` (used to be multiple, not just ours, since fetchzip had some as well) - No more `rm` to get rid of the extracted files before recompressing. Instead, we simply don't extract them in the first place (thanks to tar's --exlude). - No more "no space left" that happened due to `downloadToTemp = true;`. - Multithreaded xz decompression, since that commit is still in staging-next. We cannot use stdenv's unpackFile() because that does not allow us to specify the needed --exclude (and --strip-components=1 if we don't want to rely on glob matching). The hash changed because we now have a static base directory ("source") in the tarball, instead of whatever upstream provided us with (e.g. "chromium-120.0.6099.129").
* \|	Merge pull request #275459 from emilylange/chromium-drop-inactive-maintainers	Weijia Wang	2024-01-05
\|\ \ \| \|/ \|/\|	chromium: drop inactive maintainers, CODEOWNERS: init chromium
\| *	chromium: remove maintainer handles from README.md, mention electron	emilylange	2023-12-30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Specifically the maintainers section is quite outdated and prone to get out of sync with whatever primary data we have (mostly meta.maintainers) in each derivation. In an attempt to lower the risk of ending up out of sync again, we simply remove the maintainer handles. Also adds a mention for the newly from source built electron variant, as almost everything except `upstream-info.nix` bumps will trigger electron rebuilds as well. And lastly, removes mentions of `chromium{Beta,Dev}` and the accompanying `google-chrome-{beta,dev}, that have been removed a few months ago. I might look into reworking bigger parts of the README.md in the future, but this honestly isn't that high of a priority for me for now.
\| *	chromium: drop inactive maintainers	emilylange	2023-12-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Our ./maintainers/README.md has a section titled "How to lose maintainer status", which describes an "inactivity measure": Maintainers how haven't reacted to "package-related notifications" for more than 3 months can be removed. All those 4 maintainers that are getting dropped as part of this commit haven't responded to any such notifications (mostly review pings) for at least 3 months.
* \|	Merge pull request #274863 from yu-re-ka/chromium-llvm17	Emily	2024-01-02
\|\ \ \| \| \| \| \| \|	chromium: use llvm 17
\| * \|	chromium: use llvm 17	Yureka	2023-12-17
\| \| \|
* \| \|	ungoogled-chromium: 120.0.6099.109-1 -> 120.0.6099.129-1	networkException	2023-12-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html This update includes 1 security fix. Google is aware that an exploit for CVE-2023-7024 exists in the wild. CVEs: CVE-2023-7024
* \| \|	chromium: 120.0.6099.109 -> 120.0.6099.129	networkException	2023-12-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html This update includes 1 security fix. Google is aware that an exploit for CVE-2023-7024 exists in the wild. CVEs: CVE-2023-7024
* \| \|	chromedriver: 120.0.6099.71 -> 120.0.6099.109	networkException	2023-12-22
\| \|/ \|/\|
* \|	Merge pull request #274386 from reedrw/chromium-disable-libpng-patch	Emily	2023-12-18
\|\ \ \| \|/ \|/\|	chromium: never use libpng-apng patch
\| *	chromium: never use libpng-apng patch	Reed	2023-12-15
\| \|
* \|	ungoogled-chromium: 120.0.6099.71-1 -> 120.0.6099.109-1	networkException	2023-12-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html This update includes 9 security fixes. CVEs: CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707
* \|	chromium: 120.0.6099.71 -> 120.0.6099.109	networkException	2023-12-14
\|/ \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html This update includes 9 security fixes. CVEs: CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707
*	chromium: fix increased build time for non-cross-compilation builds	emilylange	2023-12-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Having ```nix host_toolchain = "//build/toolchain/linux/unbundle:host"; v8_snapshot_toolchain = "//build/toolchain/linux/unbundle:host"; ``` on native, non-cross-compilation builds roughly doubles the build steps and, by proxy, compute and time needed to build. So to resolve this, we conditionally change those values depending on whether we are cross-compiling or not. Co-authored-by: Adam Joseph <adam@westernsemico.com>
*	chromium: move stray patches into `./patches` directory	emilylange	2023-12-12
\|
*	ungoogled-chromium: add `ungoogled-` prefix to `chromium-unwrapped`	emilylange	2023-12-12
\|
*	chromedriver: 119.0.6045.105 -> 120.0.6099.71	networkException	2023-12-09
\|
*	ungoogled-chromium: 119.0.6045.199-1 -> 120.0.6099.71-1	networkException	2023-12-09
\| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_6.html This update includes 10 security fixes. CVEs: CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512
*	chromium: 119.0.6045.199 -> 120.0.6099.71	networkException	2023-12-09
\| \| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_6.html This update includes 10 security fixes. CVEs: CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512 Co-authored-by: emilylange <git@emilylange.de>
*	chromium: fix build for chromium >=120	Yureka	2023-12-05
\|
*	chromium: add update script command to use unreleased ungoogled-chromium	networkException	2023-11-29
\| \| \| \| \| \| \| \| \| \| \| \|	this patch adds a new subcommand to the update script ``` update.py ungoogled-rev <rev> ``` to update to an unreleased version of ungoogled-chromium by referencing a git ref from the ungoogled-chromium repository (like a commit hash in an update pull request).
*	ungoogled-chromium: 119.0.6045.159-1 -> 119.0.6045.199-1	networkException	2023-11-29
\| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html This update includes 7 security fixes. Google is aware that an exploit for CVE-2023-6345 exists in the wild. CVEs: CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351 CVE-2023-6345
*	chromium: 119.0.6045.159 -> 119.0.6045.199	networkException	2023-11-29
\| \| \| \| \| \| \| \| \| \| \|	https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html This update includes 7 security fixes. Google is aware that an exploit for CVE-2023-6345 exists in the wild. CVEs: CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351 CVE-2023-6345
*	chromium: add rpath to libGLESv2.so from libANGLE (#269345)	Lily Foster	2023-11-23
\| \| \| \| \|	Chromium libANGLE-based GL loading was working by accident before, because the cairo lib pulled in libEGL previously (so dlopen didn't need to search rpath when called in libGLESv2) but no longer does and the rpath needs to be added on both the chromium binary and the libGLESv2.so (and yes both even expect to have pciutils available it seems) Fixes #268490 #269104
*	Revert "chromium: add libglvnd to rpath" (#269308)	Yureka	2023-11-23
\|
*	chromium: Fix build with at-spi2-core 2.49	Jan Tojnar	2023-11-21
\|