chromium,chromedriver: 129.0.6668.100 -> 130.0.6723.58

https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

This update includes 17 security fixes.

CVEs:
CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958
CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963
CVE-2024-9964 CVE-2024-9965 CVE-2024-9966
This commit is contained in:
emilylange 2024-10-18 01:56:56 +02:00
parent b5cd423a36
commit b71ae2d950
No known key found for this signature in database
GPG Key ID: 0AD773CE46FD0F87
3 changed files with 33 additions and 11 deletions

View File

@ -70,9 +70,9 @@ let
# source tree.
extraAttrs = buildFun base;
githubPatch = { commit, hash, revert ? false }: fetchpatch {
githubPatch = { commit, hash, revert ? false, excludes ? [] }: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit hash revert;
inherit hash revert excludes;
};
mkGnFlags =
@ -314,6 +314,22 @@ let
] ++ lib.optionals (chromiumVersionAtLeast "129") [
# Rebased variant of patch right above to build M129+ with our rust and our clang.
./patches/chromium-129-rust.patch
] ++ lib.optionals (chromiumVersionAtLeast "130") [
# Our rustc.llvmPackages is too old for std::hardware_destructive_interference_size
# and std::hardware_constructive_interference_size.
# So let's revert the change for now and hope that our rustc.llvmPackages and
# nixpkgs-stable catch up sooner than later.
# https://groups.google.com/a/chromium.org/g/cxx/c/cwktrFxxUY4
# https://chromium-review.googlesource.com/c/chromium/src/+/5767325
# Note: We exclude the changes made to the partition_allocator (PA), as the revert
# would otherwise not apply because upstream reverted those changes to PA already
# in https://chromium-review.googlesource.com/c/chromium/src/+/5841144
(githubPatch {
commit = "fc838e8cc887adbe95110045d146b9d5885bf2a9";
hash = "sha256-NNKzIp6NYdeZaqBLWDW/qNxiDB1VFRz7msjMXuMOrZ8=";
excludes = [ "base/allocator/partition_allocator/src/partition_alloc/*" ];
revert = true;
})
];
postPatch = ''

View File

@ -58,6 +58,12 @@ let
# Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:
# cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
hardeningDisable = [ "format" ];
} // lib.optionalAttrs (chromiumVersionAtLeast "130") {
# At the time of writing, gn is at v2024-05-13 and has a backported patch.
# This patch appears to be already present in v2024-09-09 (from M130), which
# results in the patch not applying and thus failing the build.
# As a work around until gn is updated again, we filter specifically that patch out.
patches = lib.filter (e: lib.getName e != "LFS64.patch") oldAttrs.patches;
});
recompressTarball = callPackage ./recompress-tarball.nix { inherit chromiumVersionAtLeast; };
});

View File

@ -1,22 +1,22 @@
{
stable = {
chromedriver = {
hash_darwin = "sha256-/0mBZCSNULvZSQ/irsQSgNPsuOSWiRRnJA/6ogHYeGk=";
hash_darwin = "sha256-YndBzhUNmn5tJdCqLmpUrs2WBXXpTxiKCNczWEz6DU4=";
hash_darwin_aarch64 =
"sha256-JWcYFYaaXM2KN6oSu7wwxztYPbhql2XYZlvL2ymKgwI=";
hash_linux = "sha256-odFoTWjDa9ilyOrQ0T+0xxedRD7YOe/s7xdAyyku74w=";
version = "129.0.6668.91";
"sha256-taG58kMgQUD40aGqnyx9O9e9m4qGsTWX57cjD3NeHm4=";
hash_linux = "sha256-raWGzhjqWdm5bRK+Z7Qga8QM9kQYSXxdL5N+wk1hlXI=";
version = "130.0.6723.58";
};
deps = {
gn = {
hash = "sha256-8o3rDdojqVHMQCxI2T3MdJOXKlW3XX7lqpy3zWhJiaA=";
rev = "d010e218ca7077928ad7c9e9cc02fe43b5a8a0ad";
hash = "sha256-iNXRq3Mr8+wmY1SR4sV7yd2fDiIZ94eReelwFI0UhGU=";
rev = "20806f79c6b4ba295274e3a589d85db41a02fdaa";
url = "https://gn.googlesource.com/gn";
version = "2024-08-19";
version = "2024-09-09";
};
};
hash = "sha256-LOZ9EPw7VgBNEV7Wxb8H5WfSYTTWOL8EDP91uCrZAsA=";
version = "129.0.6668.100";
hash = "sha256-w1xQr+B7ROeCqBRN+M9vmh45YTRqVfjDYSsN5saDuDo=";
version = "130.0.6723.58";
};
ungoogled-chromium = {
deps = {