| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
This update includes 12 security fixes.
CVEs:
CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673
CVE-2024-1674 CVE-2024-1675 CVE-2024-1676
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
This update includes 12 security fixes.
CVEs:
CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673
CVE-2024-1674 CVE-2024-1675 CVE-2024-1676
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
This update includes 1 security fix.
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
This update includes 1 security fix.
|
|
|
|
|
|
| |
this patch teaches the update script to use the hash for a recompressed
chromium source tarball from the upstream-info.nix file instead of
recompressing a new tarball for an already hashed version.
|
|
|
|
|
|
|
|
| |
this patch introduces an in memory cache for the result of hashing a
chromium release tarball after recompressing and pruning it.
previously updating chromium and ungoogled-chromium to the same chromium
version would result in the expensive recompression happening twice.
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
This update includes 3 security fixes.
CVEs:
CVE-2024-1284 CVE-2024-1283
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
This update includes 3 security fixes.
CVEs:
CVE-2024-1284 CVE-2024-1283
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
This update includes 4 security fixes.
CVEs:
CVE-2024-1060 CVE-2024-1059 CVE-2024-1077
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
This update includes 4 security fixes.
CVEs:
CVE-2024-1060 CVE-2024-1059 CVE-2024-1077
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rust toolchain is required for chromium since M121.
In the last major bump (M120 -> M121) we had to work around this
requirement because we hadn't had our that part of our toolchain ready.
Until now :)
So this fixes and enables the toolchain for any chromium/electron >= 121
and removes the workaround from the last major bump.
|
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
This update includes 17 security fixes.
CVEs:
CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814
CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811
CVE-2024-0809
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
M121 is the first version to require the new rust toolchain, which we
haven't ready yet.
Specifically, there seems to be an issue where clang looks up library
paths (with `clang_version = 17;` added to `gnFlags` (defaults to 18 and
is part of the lookup path)):
```
ninja: error: '../../../../nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a', needed by 'obj/third_party/protobuf/libprotoc_lib.a', missing and no known rule to make it
```
Instead of
```
/nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a
/nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/lib/clang/18/lib/x86_64-unknown-linux-gnu/libclang_rt.builtins.a
```
it should be something like
```
/nix/store/q5f07rqsvsxnzwbw97yi8lacksrmy13x-clang-wrapper-17.0.6/resource-root/lib/linux/libclang_rt.builtins-x86_64.a
```
So to give us ever so slightly more time to figure out and fix the rust
toolchain, we revert the upstream commit, that requires the rust
toolchain.
The c++ version of the QR code generator will be gone in the next few
version bumps, meaning we can no longer work around this by then.
Again, this is only to buy us ever so slightly more time.
This could have been prepared better and ahead of the stable bump, but
we simply don't have enough chromium maintainers right now :(
|
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
This update includes 17 security fixes.
CVEs:
CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814
CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811
CVE-2024-0809
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
This update includes 4 security fixes. Google is aware of reports that
an exploit for CVE-2024-0519 exists in the wild.
CVEs:
CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
This update includes 4 security fix.
CVEs:
CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
This update includes 1 security fix.
CVEs:
CVE-2024-0333
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
This update includes 1 security fix.
CVEs:
CVE-2024-0333
|
|\
| |
| | |
{ungoogled-,}chromium: 120.0.6099.129 -> 120.0.6099.199, improve and move `recompressTarball`
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
This update includes 6 security fixes.
CVEs:
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
This update includes 6 security fixes.
CVEs:
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recap: We need that (arguably stupid) helper function/drv because the
chromium tarball is big -- and is likely to increase even more in the
future. So big, that we eventually exceeded hydra.nixos.org's
max-output-limit (3G). Instead of raising global hydra's limit, it was
decided that we recompress the tarball after deleting unused vendored
files from it.
I spent a lot of time on a version/prototype that does everything
(downloading, decompression, tar extraction, deleting unused files,
reproducible tar recreation and finally recompression) via stdin but
eventually had to scratch that.
GNU tar does not allow to create a tarball just from stdin, nixpkgs'
stdenv isn't built with stdin/stdout/pipes in mind, and things a lot of
other things I probably already forgot.
Nonetheless, this version improves multiple things:
- No more `mv` (used to be multiple, not just ours, since fetchzip had
some as well)
- No more `rm` to get rid of the extracted files before recompressing.
Instead, we simply don't extract them in the first place (thanks to
tar's --exlude).
- No more "no space left" that happened due to `downloadToTemp = true;`.
- Multithreaded xz decompression, since that commit is still in
staging-next.
We cannot use stdenv's unpackFile() because that does not allow us to
specify the needed --exclude (and --strip-components=1 if we don't want
to rely on glob matching).
The hash changed because we now have a static base directory ("source")
in the tarball, instead of whatever upstream provided us with (e.g.
"chromium-120.0.6099.129").
|
|\ \
| |/
|/| |
chromium: drop inactive maintainers, CODEOWNERS: init chromium
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Specifically the maintainers section is quite outdated and prone to get
out of sync with whatever primary data we have (mostly meta.maintainers)
in each derivation.
In an attempt to lower the risk of ending up out of sync again, we
simply remove the maintainer handles.
Also adds a mention for the newly from source built electron variant, as
almost everything except `upstream-info.nix` bumps will trigger electron
rebuilds as well.
And lastly, removes mentions of `chromium{Beta,Dev}` and the
accompanying `google-chrome-{beta,dev}, that have been removed a few
months ago.
I might look into reworking bigger parts of the README.md in the future,
but this honestly isn't that high of a priority for me for now.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our ./maintainers/README.md has a section titled "How to lose maintainer
status", which describes an "inactivity measure":
Maintainers how haven't reacted to "package-related notifications" for
more than 3 months can be removed.
All those 4 maintainers that are getting dropped as part of this commit
haven't responded to any such notifications (mostly review pings) for at
least 3 months.
|
|\ \
| | |
| | | |
chromium: use llvm 17
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
This update includes 1 security fix. Google is aware that an exploit
for CVE-2023-7024 exists in the wild.
CVEs:
CVE-2023-7024
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
This update includes 1 security fix. Google is aware that an exploit
for CVE-2023-7024 exists in the wild.
CVEs:
CVE-2023-7024
|
| |/
|/| |
|
|\ \
| |/
|/| |
chromium: never use libpng-apng patch
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
This update includes 9 security fixes.
CVEs:
CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706
CVE-2023-6707
|
|/
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
This update includes 9 security fixes.
CVEs:
CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706
CVE-2023-6707
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having
```nix
host_toolchain = "//build/toolchain/linux/unbundle:host";
v8_snapshot_toolchain = "//build/toolchain/linux/unbundle:host";
```
on native, non-cross-compilation builds roughly doubles the build steps
and, by proxy, compute and time needed to build.
So to resolve this, we conditionally change those values depending on
whether we are cross-compiling or not.
Co-authored-by: Adam Joseph <adam@westernsemico.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_6.html
This update includes 10 security fixes.
CVEs:
CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_6.html
This update includes 10 security fixes.
CVEs:
CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512
Co-authored-by: emilylange <git@emilylange.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
this patch adds a new subcommand to the update script
```
update.py ungoogled-rev <rev>
```
to update to an unreleased version of ungoogled-chromium by referencing
a git ref from the ungoogled-chromium repository (like a commit hash in an
update pull request).
|
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
This update includes 7 security fixes. Google is aware that an exploit
for CVE-2023-6345 exists in the wild.
CVEs:
CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351
CVE-2023-6345
|
|
|
|
|
|
|
|
|
|
|
| |
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
This update includes 7 security fixes. Google is aware that an exploit
for CVE-2023-6345 exists in the wild.
CVEs:
CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351
CVE-2023-6345
|
|
|
|
|
| |
Chromium libANGLE-based GL loading was working by accident before, because the cairo lib pulled in libEGL previously (so dlopen didn't need to search rpath when called in libGLESv2) but no longer does and the rpath needs to be added on both the chromium binary and the libGLESv2.so (and yes both even expect to have pciutils available it seems)
Fixes #268490 #269104
|
| |
|
| |
|