Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3b28e23a04cb
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 16b3b1eef03e
Choose a head ref
  • 10 commits
  • 10 files changed
  • 4 contributors

Commits on Nov 11, 2020

  1. chromium: Extend update.py to automatically update gn 

    The gn version depends on the channel and new gn versions aren't always
backward compatible. Therefore we should also include it in
upstream-info.json (I've scoped it under "deps" as we'll likely have to
add more like this in the future).

(cherry picked from commit d7f5386)
    @primeos
    primeos committed Nov 11, 2020
    Copy the full SHA
    67d9c40 View commit details

  2. chromium: 86.0.4240.183 -> 86.0.4240.193 

    https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

This update includes 1 security fix (no CVE).

(cherry picked from commit 841664a)
    @primeos
    primeos committed Nov 11, 2020
    Copy the full SHA
    abe53c3 View commit details

  3. linux: 4.14.205 -> 4.14.206

    @NeQuissimus
    NeQuissimus committed Nov 11, 2020
    Copy the full SHA
    6e3ca0f View commit details

  4. linux: 4.19.156 -> 4.19.157

    @NeQuissimus
    NeQuissimus committed Nov 11, 2020
    Copy the full SHA
    838e06d View commit details

  5. linux: 4.4.242 -> 4.4.243

    @NeQuissimus
    NeQuissimus committed Nov 11, 2020
    Copy the full SHA
    e4f15b2 View commit details

  6. linux: 4.9.242 -> 4.9.243

    @NeQuissimus
    NeQuissimus committed Nov 11, 2020
    Copy the full SHA
    c539e2f View commit details

  7. linux: 5.4.76 -> 5.4.77

    @NeQuissimus
    NeQuissimus committed Nov 11, 2020
    Copy the full SHA
    5d82031 View commit details

Commits on Nov 13, 2020

  1. chromium: 86.0.4240.193 -> 86.0.4240.198 

    https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

This update includes 2 security fixes. Google is aware of reports that
exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

CVEs: CVE-2020-16013 CVE-2020-16017
(cherry picked from commit b91153f)
Backport of #103595.
    @primeos
    primeos committed Nov 13, 2020
    Copy the full SHA
    b5f0a7d View commit details

  2. tor-browser-bundle-bin: Fix extension path. Fixes NoScript. 

    (cherry picked from commit 4117c0b)
    @chkno @erictapen
    chkno authored and erictapen committed Nov 13, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    edolstra Eelco Dolstra
    GPG key ID: 8170B4726D7198DE
    Verified
    Learn about vigilant mode
    Copy the full SHA
    9315a5f View commit details

  3. tor-browser-bundle-bin: 10.0.2 -> 10.0.4 

    (cherry picked from commit 9e8f4ff)
    @xaverdh @erictapen
    xaverdh authored and erictapen committed Nov 13, 2020
    Copy the full SHA
    16b3b1e View commit details
7 changes: 6 additions & 1 deletion pkgs/applications/networking/browsers/chromium/common.nix
View file
Original file line number Diff line number Diff line change
@@ -335,7 +335,12 @@ let
patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
'';

passthru.updateScript = ./update.py;
passthru = {
updateScript = ./update.py;
chromiumDeps = {
gn = gnChromium;
};
};
};

# Remove some extraAttrs we supplied to the base attributes already.
15 changes: 2 additions & 13 deletions pkgs/applications/networking/browsers/chromium/default.nix
View file
Original file line number Diff line number Diff line change
@@ -35,26 +35,15 @@ let
mkChromiumDerivation = callPackage ./common.nix ({
inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
cupsSupport pulseSupport useOzone;
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-07-20";
inherit (upstream-info.deps.gn) version;
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "3028c6a426a4aaf6da91c4ebafe716ae370225fe";
sha256 = "0h3wf4152zdvrbb0jbj49q6814lfl3rcy5mj8b2pl9s0ahvkbc6q";
inherit (upstream-info.deps.gn) url rev sha256;
};
});
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") {
useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/
useVaapi = !stdenv.isAarch64; # TODO: Might be best to not set use_vaapi anymore (default is fine)
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-08-17";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "6f13aaac55a977e1948910942675c69f2b4f7a94";
sha256 = "01hpma1sllpdx09mvr4d6073sg6zmk6iv44kd3r28khymcj4s251";
};
});
});

browser = callPackage ./browser.nix { inherit channel enableWideVine; };
30 changes: 29 additions & 1 deletion pkgs/applications/networking/browsers/chromium/update.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python -p python3 nix
#! nix-shell -i python -p python3 nix nix-prefetch-git

import csv
import json
import re
import subprocess
import sys

from codecs import iterdecode
from collections import OrderedDict
from datetime import datetime
from os.path import abspath, dirname
from urllib.request import urlopen

@@ -26,6 +28,30 @@ def nix_prefetch_url(url, algo='sha256'):
out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
return out.decode('utf-8').rstrip()

def nix_prefetch_git(url, rev):
print(f'nix-prefetch-git {url} {rev}')
out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev])
return json.loads(out)

def get_file_revision(revision, file_path):
url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}'
with urlopen(url) as http_response:
return http_response.read()

def get_channel_dependencies(channel):
deps = get_file_revision(channel['version'], 'DEPS')
gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'"
gn_commit = re.search(gn_pattern, deps).group(1).decode()
gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit)
return {
'gn': {
'version': datetime.fromisoformat(gn['date']).date().isoformat(),
'url': gn['url'],
'rev': gn['rev'],
'sha256': gn['sha256']
}
}

channels = {}
last_channels = load_json(JSON_PATH)

@@ -58,6 +84,8 @@ def nix_prefetch_url(url, algo='sha256'):
# the next one.
continue

channel['deps'] = get_channel_dependencies(channel)

channels[channel_name] = channel

with open(JSON_PATH, 'w') as out:
42 changes: 33 additions & 9 deletions pkgs/applications/networking/browsers/chromium/upstream-info.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,41 @@
{
"stable": {
"version": "86.0.4240.183",
"sha256": "1g39i82js7fm4fqb8i66d6xs0kzqjxzi4vzvvwz5y9rkbikcc4ma",
"sha256bin64": "1r0dxqsx6j19hgwr3v2sdlb2vd7gb961c4wba4ymd8wy8j8pzly9"
"version": "86.0.4240.198",
"sha256": "0i3s1il0x5yi3528gdsg3bhnyhs2x24zh7p1nd5apv3va9g85ax0",
"sha256bin64": "0qfhs73r6j0r3nyqbnscnf7h1rs1s68lfl5ndsyd32dmip7ma01x",
"deps": {
"gn": {
"version": "2020-08-07",
"url": "https://gn.googlesource.com/gn",
"rev": "e327ffdc503815916db2543ec000226a8df45163",
"sha256": "0kvlfj3www84zp1vmxh76x8fdjm9hyk8lkh2vdsidafpmm75fphr"
}
}
},
"beta": {
"version": "87.0.4280.40",
"sha256": "07xh76fl257np68way6i5rf64qbvirkfddy7m5gvqb0fzcqd7dp3",
"sha256bin64": "1b2z0aqlh28pqrk6dmabxp1d4mvp9iyfmi4kqmns4cdpg0qgaf41"
"version": "87.0.4280.47",
"sha256": "0a3c4kz85857wrbcxqknbqmai250d36nq332l66a83r8sidhbxfq",
"sha256bin64": "0bjls2airr4p448rx7im1a7gff68yfnfb5vymr4bin4kz0s38mpw",
"deps": {
"gn": {
"version": "2020-09-09",
"url": "https://gn.googlesource.com/gn",
"rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2",
"sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk"
}
}
},
"dev": {
"version": "88.0.4300.0",
"sha256": "00cfs2rp4h8ybn2snr1d8ygg635hx7q5gv2aqriy1j6f8a1pgh1b",
"sha256bin64": "110r1m14h91212nx6pfhn8wkics7wlwx1608l5cqsxxcpvpzl3pv"
"version": "88.0.4315.5",
"sha256": "0k6man2xq8vmnk73dqv3fcc9929agqq8j6s6nvc9z653q4jdphkw",
"sha256bin64": "0m139w8lwaawridk8in24ss1g1i6ah5298xky226k3vhk5i4mn3j",
"deps": {
"gn": {
"version": "2020-10-21",
"url": "https://gn.googlesource.com/gn",
"rev": "f5f465b52e5df6d4de9fbe67cc79f1914ba4dbfc",
"sha256": "1xb31vsvg27ivvcdyiq93h8wj4d90qdrpagfh1dvm6xszkajsca1"
}
}
}
}
11 changes: 6 additions & 5 deletions pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
View file
Original file line number Diff line number Diff line change
@@ -91,19 +91,19 @@ let
fteLibPath = makeLibraryPath [ stdenv.cc.cc gmp ];

# Upstream source
version = "10.0.2";
version = "10.0.4";

lang = "en-US";

srcs = {
x86_64-linux = fetchurl {
url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz";
sha256 = "sha256-JBJDMC44VSh1ekXPxsVvFk5nOB8Ro4UGtD32pG1weP8=";
sha256 = "sha256-2Ye1+mhFnkZnAYQXgKZ5YIOiIVaiunTCyCOM+ZExw2I==";
};

i686-linux = fetchurl {
url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz";
sha256 = "sha256-EanW2Q8TtCPY5FSp8zfgBXMte9+RfKE24fu8ROtArK0=";
sha256 = "sha256-B0WGkIt8KDtma/WGyenQ04ctKE7AantUtYnwsjAZZb0=";
};
};
in
@@ -232,9 +232,10 @@ stdenv.mkDerivation rec {
# Preload extensions by moving into the runtime instead of storing under the
# user's profile directory.
mkdir -p "$TBB_IN_STORE/browser/extensions"
# See https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions
mkdir -p "$TBB_IN_STORE/distribution/extensions"
mv "$TBB_IN_STORE/TorBrowser/Data/Browser/profile.default/extensions/"* \
"$TBB_IN_STORE/browser/extensions"
"$TBB_IN_STORE/distribution/extensions"
# Hard-code paths to geoip data files. TBB resolves the geoip files
# relative to torrc-defaults_path but if we do not hard-code them
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.14.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "4.14.205";
version = "4.14.206";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "0m6ajw3iypxwvym8hmymd0dlcm9gdczpa6y6id4b447r774aqmcc";
sha256 = "1b46f0s15xnlam43cmw8w41rrvcwrhm6km0278lq6f86lpx3w8qw";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.19.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "4.19.156";
version = "4.19.157";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "0b9g2v8dvlhq0kbns2z62v93pnaprk7xbjzzx8rk0b522x42nq08";
sha256 = "0mgpgv2ny49bb7kgaygy2ay6ckjgw7mg091viivi66jw4mjs7p3n";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.4.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:

buildLinux (args // rec {
version = "4.4.242";
version = "4.4.243";
extraMeta.branch = "4.4";

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "089gigqali5q8izac82ybigxyi1bnw0xhm1cc590h4v7lkmk0mm1";
sha256 = "1daqbmj9ka9wdkkym625hqwqaxq5n11y7c4yc9ln3xkjpnv4dplm";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-4.9.nix
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:

buildLinux (args // rec {
version = "4.9.242";
version = "4.9.243";
extraMeta.branch = "4.9";

src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1r1myvxkhnsz419i5y6zjdkz177q3d19jk7748vv1v505gi3k1g4";
sha256 = "111rlzx6z4kf8zwxncib96d9wy6qmkbs0cq3dhnybipwlyf1iank";
};
} // (args.argsOverride or {}))
4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-5.4.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "5.4.76";
version = "5.4.77";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1lpppqjsrcmpr6vawxycsy7lpwdh3pb3d3f841sxzqgm3b9mymkg";
sha256 = "1xyvml0mps7bsa11bgpa4l0w8x6pasdz9yab2z4ds394f1lkxq53";
};
} // (args.argsOverride or {}))