From 75527eb1cbbd0cad80d10743fb3b6e4ac0b4ba22 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 21 Jun 2020 21:44:07 +0200 Subject: gnu: ungoogled-chromium: Update to 83.0.4103.106-0.f08ce8b [security fixes]. This fixes CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491, CVE-2020-6493, CVE-2020-6494, CVE-2020-6495, CVE-2020-6496, CVE-2020-6497, and CVE-2020-6498. * gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch, gnu/packages/patches/ungoogled-chromium-system-zlib.patch: New files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 83. (%chromium-version): Set to 83.0.4103.106. (%ungoogled-revision): Set to f08ce8b3f1300ef0750b5d6bf967b9cbbfd9a56d. (%gentoo-revision, %gentoo-patches, %debian-patches): New variables. (gentoo-patch, debian-patch): New procedures. (%chromium-origin, %ungoogled-origin): Update hashes. (ungoogled-chromium-source): Don't apply patches from %DEBIAN-ORIGIN, but take %GENTOO-PATCHES, %DEBIAN-PATCHES, and the local patch files. (ungoogled-chromium)[arguments]: Remove "enable_swiftshader=false" from #:configure-flags. Add "icu_use_data_file=false". Set CFLAGS in phase. Remove obsolete substitution. Adjust install phase to install .so files for ANGLE and Swiftshader. [native-inputs]: Change from CLANG-9 to CLANG-10. [inputs]: Replace ICU4C with ICU4C-67. (ungoogled-chromium/wayland): Remove obsolete substitution. Add "ozone_platform_x11=true" in #:configure-flags. --- .../ungoogled-chromium-system-jsoncpp.patch | 65 ++++++++++++++++++++++ .../patches/ungoogled-chromium-system-zlib.patch | 47 ++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch create mode 100644 gnu/packages/patches/ungoogled-chromium-system-zlib.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch b/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch new file mode 100644 index 0000000000..294e1ea33b --- /dev/null +++ b/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch @@ -0,0 +1,65 @@ +Build with the system jsoncpp instead of the bundled one. + +Adapted from Debian: +https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/patches/system/jsoncpp.patch + +diff --git a/third_party/jsoncpp/BUILD.gn b/third_party/jsoncpp/BUILD.gn +--- a/third_party/jsoncpp/BUILD.gn ++++ b/third_party/jsoncpp/BUILD.gn +@@ -3,52 +3,14 @@ + # found in the LICENSE file. + + import("//testing/libfuzzer/fuzzer_test.gni") ++import("//build/config/linux/pkg_config.gni") + +-config("jsoncpp_config") { +- include_dirs = [ +- "source/include", +- "generated", +- ] +- +- # TODO(crbug.com/983223): Update JsonCpp BUILD.gn to remove deprecated +- # declaration flag. +- # This temporary flag allowing clients to update to the new version, and then +- # update to the new StreamWriter and CharReader classes. +- if (!is_win || is_clang) { +- cflags_cc = [ "-Wno-deprecated-declarations" ] +- } ++pkg_config("jsoncpp_config") { ++ packages = [ "jsoncpp" ] + } + +-source_set("jsoncpp") { +- sources = [ +- "generated/version.h", +- "source/include/json/assertions.h", +- "source/include/json/autolink.h", +- "source/include/json/config.h", +- "source/include/json/features.h", +- "source/include/json/forwards.h", +- "source/include/json/json.h", +- "source/include/json/reader.h", +- "source/include/json/value.h", +- "source/include/json/writer.h", +- "source/src/lib_json/json_reader.cpp", +- "source/src/lib_json/json_tool.h", +- "source/src/lib_json/json_value.cpp", +- "source/src/lib_json/json_writer.cpp", +- ] +- ++group("jsoncpp") { + public_configs = [ ":jsoncpp_config" ] +- +- defines = [ +- "JSON_USE_EXCEPTION=0", +- "JSON_USE_NULLREF=0", +- ] +- +- include_dirs = [ "source/src/lib_json" ] +- +- if (!is_win || is_clang) { +- cflags_cc = [ "-Wno-implicit-fallthrough" ] +- } + } + + if (build_with_chromium) { diff --git a/gnu/packages/patches/ungoogled-chromium-system-zlib.patch b/gnu/packages/patches/ungoogled-chromium-system-zlib.patch new file mode 100644 index 0000000000..b6e3c0f075 --- /dev/null +++ b/gnu/packages/patches/ungoogled-chromium-system-zlib.patch @@ -0,0 +1,47 @@ +Use zlib instead of the bundled lzma_sdk. + +Adapted from Debian: +https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/patches/system/zlib.patch + +diff --git a/courgette/BUILD.gn b/courgette/BUILD.gn +--- a/courgette/BUILD.gn ++++ b/courgette/BUILD.gn +@@ -58,7 +58,6 @@ static_library("courgette_lib") { + + deps = [ + "//base", +- "//third_party/lzma_sdk", + ] + + public_deps = [ +@@ -79,7 +78,6 @@ source_set("courgette_common") { + ] + deps = [ + "//base", +- "//third_party/lzma_sdk", + ] + } + +diff --git a/courgette/crc.cc b/courgette/crc.cc +--- a/courgette/crc.cc ++++ b/courgette/crc.cc +@@ -7,6 +7,8 @@ + #include + #include + ++#define COURGETTE_USE_CRC_LIB ++ + #ifdef COURGETTE_USE_CRC_LIB + # include "zlib.h" + #else +diff --git a/third_party/perfetto/gn/BUILD.gn b/third_party/perfetto/gn/BUILD.gn +--- a/third_party/perfetto/gn/BUILD.gn ++++ b/third_party/perfetto/gn/BUILD.gn +@@ -304,7 +304,6 @@ if (enable_perfetto_zlib) { + public_configs = [ "//buildtools:zlib_config" ] + public_deps = [ "//buildtools:zlib" ] + } else { +- public_configs = [ "//third_party/zlib:zlib_config" ] + public_deps = [ "//third_party/zlib" ] + } + } -- cgit 1.4.1