summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2020-04-12 19:00:12 +0200
committerMarius Bakke <mbakke@fastmail.com>2020-04-12 19:00:12 +0200
commit25c93be652d3c982b63dd011d5dcf0cdc69c27a9 (patch)
tree1b9e55a3deb470e76039cb86d4cd4f17153f2680
parente15acf8cac3378745b761dbd9b05385de74e07f0 (diff)
downloadguix-25c93be652d3c982b63dd011d5dcf0cdc69c27a9.tar.gz
gnu: ungoogled-chromium: Update to 81.0.4044.92-0.b484ad4 [security fixes].
This release fixes CVE-2020-6430, CVE-2020-6456, CVE-2020-6431, CVE-2020-6432,
CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437,
CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442,
CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446,  CVE-2020-6447,
and CVE-2020-6448.

* gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 81.
(%chromium-version): Set to 81.0.4044.92.
(%ungoogled-revision): Set to b484ad4c0bdb696c86d941798ae6b0e2bd0db35d.
(%debian-revision): Set to debian/81.0.4044.92-1.
(%chromium-origin, %ungoogled-origin, %debian-origin): Update hashes.
(ungoogled-chromium-source): Remove PYTHON-2 from the environment, use
PYTHON-WRAPPER instead.  Call "remove_bundled_libraries.py" using PYTHON-2
directly.
(ungoogled-chromium)[arguments]: Remove "is_cfi=false" from #:configure-flags.
Adjust CXXFLAGS to ignore unknown compiler warnings.
[inputs]: Change from ICU4C to ICU4C-66.1.
-rw-r--r--gnu/packages/chromium.scm42
1 files changed, 23 insertions, 19 deletions
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 3d079559f3..f79254d825 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -135,8 +135,11 @@
     "third_party/dawn" ;ASL2.0
     "third_party/depot_tools/owners.py" ;BSD-3
     "third_party/devtools-frontend" ;BSD-3
+    "third_party/devtools-frontend/src/front_end/third_party/fabricjs" ;Expat
+    "third_party/devtools-frontend/src/front_end/third_party/wasmparser" ;ASL2.0
     "third_party/devtools-frontend/src/third_party/axe-core" ;MPL2.0
     "third_party/devtools-frontend/src/third_party/pyjson5" ;ASL2.0
+    "third_party/devtools-frontend/src/third_party/typescript" ;ASL2.0
     "third_party/dom_distiller_js" ;BSD-3
     "third_party/emoji-segmenter" ;ASL2.0
     "third_party/flatbuffers" ;ASL2.0
@@ -196,7 +199,6 @@
     "third_party/qcms" ;Expat
     "third_party/rnnoise" ;BSD-3
     "third_party/s2cellid" ;ASL2.0
-    "third_party/sfntly" ;ASL2.0
     "third_party/skia" ;BSD-3
     "third_party/skia/include/third_party/skcms" ;BSD-3
     "third_party/skia/third_party/skcms" ;BSD-3
@@ -206,7 +208,6 @@
     "third_party/spirv-headers" ;ASL2.0
     "third_party/SPIRV-Tools" ;ASL2.0
     "third_party/sqlite" ;Public domain
-    "third_party/ungoogled" ;BSD-3
     "third_party/usb_ids" ;BSD-3
     "third_party/usrsctp" ;BSD-2
     "third_party/wayland/wayland_scanner_wrapper.py" ;BSD-3
@@ -247,9 +248,9 @@ from forcing GEXP-PROMISE."
                       #:system system
                       #:guile-for-build guile)))
 
-(define %chromium-version "80.0.3987.163")
-(define %ungoogled-revision "516e2d990a50a4bbeb8c583e56333c2935e2af95")
-(define %debian-revision "debian/80.0.3987.116-1")
+(define %chromium-version "81.0.4044.92")
+(define %ungoogled-revision "b484ad4c0bdb696c86d941798ae6b0e2bd0db35d")
+(define %debian-revision "debian/81.0.4044.92-1")
 (define package-revision "0")
 (define %package-version (string-append %chromium-version "-"
                                         package-revision "."
@@ -263,7 +264,7 @@ from forcing GEXP-PROMISE."
                         %chromium-version ".tar.xz"))
     (sha256
      (base32
-      "0ikk4cgz3jgjhyncsvlqvlc03y7jywjpa6v34fwsjxs88flyzpdn"))))
+      "0i0szd749ihb08rxnsmsbxq75b6x952wpk94jwc0ncv6gb83zkx2"))))
 
 (define %ungoogled-origin
   (origin
@@ -274,7 +275,7 @@ from forcing GEXP-PROMISE."
                               (string-take %ungoogled-revision 7)))
     (sha256
      (base32
-      "0nm55qq4ahw9haf5g7hmzic4mr2xjgpay7lxps7xjp7s1pda4g0q"))))
+      "071a33idn2zcix6z8skn7y85mhb9w5s0bh0fvrjm269y7cmjrh3l"))))
 
 (define %debian-origin
   (origin
@@ -288,7 +289,7 @@ from forcing GEXP-PROMISE."
                                 (_ (string-take %debian-revision 7)))))
     (sha256
      (base32
-      "1cc5sp566dd8f2grgr770xwbxgxf58dk1w7q3s8pmv4js5h3pwq8"))))
+      "0srgbcqga3l75bfkv3bnmjk416189nazsximvzdx2k5n8v5k4p3m"))))
 
 ;; This is a "computed" origin that does the following:
 ;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
@@ -319,8 +320,7 @@ from forcing GEXP-PROMISE."
                   (list #+(canonical-package patch)
                         #+(canonical-package xz)
                         #+(canonical-package tar)
-                        #+python-2
-                        #+python))
+                        #+python-wrapper))
 
                  (copy-recursively #+ungoogled-source "/tmp/ungoogled")
 
@@ -338,11 +338,11 @@ from forcing GEXP-PROMISE."
 
                    (format #t "Ungooglifying...~%")
                    (force-output)
-                   (invoke "python3" "utils/prune_binaries.py" chromium-dir
+                   (invoke "python" "utils/prune_binaries.py" chromium-dir
                            "pruning.list")
-                   (invoke "python3" "utils/patches.py" "apply"
+                   (invoke "python" "utils/patches.py" "apply"
                            chromium-dir "patches")
-                   (invoke "python3" "utils/domain_substitution.py" "apply" "-r"
+                   (invoke "python" "utils/domain_substitution.py" "apply" "-r"
                            "domain_regex.list" "-f" "domain_substitution.list"
                            "-c" "/tmp/domainscache.tar.gz" chromium-dir)
 
@@ -390,13 +390,13 @@ from forcing GEXP-PROMISE."
 
                      (format #t "Pruning third party files...~%")
                      (force-output)
-                     (apply invoke "python"
+                     (apply invoke (string-append #+python-2 "/bin/python")
                             "build/linux/unbundle/remove_bundled_libraries.py"
                             "--do-remove" preserved-files)
 
                      (format #t "Replacing GN files...~%")
                      (force-output)
-                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+                     (invoke "python" "build/linux/unbundle/replace_gn_files.py"
                              "--system-libraries" "ffmpeg" "flac" "fontconfig"
                              "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
                              "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
@@ -462,7 +462,6 @@ from forcing GEXP-PROMISE."
        ;; directory for an exhaustive list of supported flags.
        ;; (Note: The 'configure' phase will do that for you.)
        (list "is_debug=false"
-             "is_cfi=false"
              "use_gold=false"
              "use_lld=false"
              "clang_use_chrome_plugins=false"
@@ -648,8 +647,13 @@ from forcing GEXP-PROMISE."
              (setenv "AR" "ar") (setenv "NM" "nm")
              (setenv "CC" "clang") (setenv "CXX" "clang++")
 
-             ;; Do not optimize away null pointer safety checks.
-             (setenv "CXXFLAGS" "-fno-delete-null-pointer-checks")
+             (setenv "CXXFLAGS"
+                     (string-join
+                      '(;; Do not optimize away null pointer safety checks.
+                        "-fno-delete-null-pointer-checks"
+                        ;; Disable warnings about unknown warnings that require
+                        ;; Clang plugins or newer versions.
+                        "-Wno-unknown-warning-option")))
 
              ;; TODO: pre-compile instead. Avoids a race condition.
              (setenv "PYTHONDONTWRITEBYTECODE" "1")
@@ -795,7 +799,7 @@ from forcing GEXP-PROMISE."
        ("glib" ,glib)
        ("gtk+" ,gtk+)
        ("harfbuzz" ,harfbuzz)
-       ("icu4c" ,icu4c)
+       ("icu4c" ,icu4c-66.1)
        ("jsoncpp" ,jsoncpp)
        ("lcms" ,lcms)
        ("libevent" ,libevent)