[20.09] chromium, llvm_11: Backport additional patches #102758
Motivation for this change
I'm trying to keep the differences between 20.09 and nixos-unstable minimal. I didn't backport these patches right away as the last two Chromium updates needed to be merged more quickly for security reasons. A few (two?) Chromium patches are still missing for now.
So that it can be accessed via llvmPackages_11.clang-unwrapped.clang-tools-extra_src (e.g. useful for nix-prefetch-url). (cherry picked from commit 72cc4d2)
https://lists.llvm.org/pipermail/release-testers/2020-October/001377.html https://lists.llvm.org/pipermail/llvm-announce/2020-October/000089.html Fixes: - builds on Darwin - builds `libcxx` on Linux (cherry picked from commit cffb7cf)
compiler-rt (and as a result clang) can't be build for i686 (as noticed here: #99984). The patch adds the required variables and should result in the same behavior as in the nixpkgs-llvm10. It essentially forces to use i386 buildins when using i486, i586 or i686, which are not supported. Fixes #100392 (cherry picked from commit 6948875)
The gn version depends on the channel and new gn versions aren't always backward compatible. Therefore we should also include it in upstream-info.json (I've scoped it under "deps" as we'll likely have to add more like this in the future). (cherry picked from commit d7f5386)
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html This update includes 1 security fix (no CVE). (cherry picked from commit 841664a) Backport of #103294.
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html This update includes 2 security fixes. Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. CVEs: CVE-2020-16013 CVE-2020-16017 (cherry picked from commit b91153f) Backport of #103595.