Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] chromium: 89.0.4389.128 -> 90.0.4430.85 #119551

Merged
14 commits merged into from Apr 22, 2021
Merged

[20.09] chromium: 89.0.4389.128 -> 90.0.4430.85 #119551

14 commits merged into from Apr 22, 2021

Conversation

primeos
Copy link
Member

@primeos primeos commented Apr 15, 2021

Motivation for this change

Backport of #119483.
Not sure if this compiles - at least nixosTests.chromium needs to succeed.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@primeos
Copy link
Member Author

primeos commented Apr 16, 2021
edited

Ugh, build fails:

[18321/46826] LINK ./character_data_generatorhared_typemap_traits.aKmedia_controls_resources.stamp.stampstamppl.o:default)gyroscope.o
FAILED: character_data_generator
python "../../build/toolchain/gcc_link_wrapper.py" --output="./character_data_generator" -- clang++ -fuse-ld=lld -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,--as-needed -Wl,--icf=all -Wl,--color-diagnostics -Wl,-mllvm,-instcombine-lower-dbg-declare=0 -flto=thin -Wl,--thinlto-jobs=all -Wl,--thinlto-cache-dir=thinlto-cache -Wl,--thinlto-cache-policy,cache_size=10\%:cache_size_bytes=40g:cache_size_files=100000 -Wl,-mllvm,-import-instr-limit=5 -fwhole-program-vtables -Wl,--no-call-graph-profile-sort -m64 -Wl,-O2 -Wl,--gc-sections -rdynamic -nostdlib++ -Wl,--lto-O0 -fsanitize=cfi-vcall -fsanitize=cfi-icall -pie -Wl,--disable-new-dtags -L/nix/store/ai5054xzilz0q285c0ldabmkvhyyl6yq-glib-2.64.6/lib -o "./character_data_generator" -Wl,--start-group @"./character_data_generator.rsp"  -Wl,--end-group  -ldl -lpthread -lrt -lgmodule-2.0 -lgobject-2.0 -lgthread-2.0 -lglib-2.0 -latomic -lz
ld.lld: error: unable to find library -latomic
clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
[18324/46826] CXX obj/third_party/perfetto/protos/perfetto/trace/chrome/minimal_complete_lite/chrome_trace_packet.pb.o
ninja: build stopped: subcommand failed.

Not sure which change we're missing (should be something unrelated to Chromium) - help would be welcome.

@primeos primeos marked this pull request as draft April 16, 2021 10:47
@primeos primeos mentioned this pull request Apr 21, 2021
Closed
@ghost
Copy link

ghost commented Apr 22, 2021
edited by ghost

Found a fix (for this error at least):

#120198

@primeos
Copy link
Member Author

primeos commented Apr 22, 2021

@petabyteboy huge thanks for handling this! Feel free to merge #120196 and #120198 (LLVM 12 was specifically backported for Chromium so no additional testing is required) or if you want me to review/merge them I can also do so after running @GrahamcOfBorg build llvmPackages_12.

Also a quick note that #120056 is not yet in this PR (I can already add it if you want) but if this version builds that update shouldn't cause any issues. Anyway, just let me know if I should review/merge/cherry-pick anything and feel free to make any Chromium / LLVM 12 changes you want.

@primeos
chromium: Switch from PipeWire 0.2 to the current 0.3.x releases
3241b92 
This should make it work more reliable and support additional features
like window sharing. See [0] for more details.

[0]: https://jgrulich.cz/2020/12/18/webrtc-chromium-updates-in-2020/

(cherry picked from commit 36e5fe0)
@primeos
chromiumDev: 91.0.4455.2 -> 91.0.4464.5
806417f 
(cherry picked from commit 985e98f)
@primeos
chromium{Beta,Dev}: Use LLVM 12
d431290 
LLVM 12 is required but the build still fails due to other changes that
where introduced in the meantime (and Chromium 90.0.4430.51 introduced
another LLVM failure).

(cherry picked from commit 1665208)
@primeos
chromiumBeta: 90.0.4430.51 -> 90.0.4430.61
9bcc3da 
(cherry picked from commit 705e5ae)
@primeos
chromiumDev: 91.0.4464.5 -> 91.0.4469.4
ec266f6 
(cherry picked from commit d5fcfcb)
@primeos
chromium{Beta,Dev}: Fix the linking
e6010a8 
Linking with ThinLTO (required for CFI) was failing as I forgot use
stdenv from llvmPackages_12 in 1665208 (need to refactor that part).

(cherry picked from commit 5768ccf)
@primeos
chromiumBeta: Fix the build (NixOS#119087)
337152e 
(cherry picked from commit 5d775bb)
@primeos
chromiumDev: Fix two build errors
a909d27 
Python 3 is now required (hard-coded in some scripts, but other scripts
still require Python 2) and a patch is required for [0].

[0]: https://bugs.chromium.org/p/chromium/issues/detail?id=1192875

(cherry picked from commit 8c60448)
@primeos
chromiumBeta: 90.0.4430.61 -> 90.0.4430.70
1442335 
(cherry picked from commit fc58686)
@primeos
chromiumDev: Fix the build
4be8cea 
Mixing Python 2 and Python 3 causes issues with the Python dependencies.

(cherry picked from commit acf402b)
@primeos
chromium: get-commit-message.py: Deduplicate the CVE list
3f9c5da 
(cherry picked from commit de2edb8)
@primeos
chromiumBeta: 90.0.4430.70 -> 90.0.4430.72
44ffe82 
(cherry picked from commit 14ec94a)
@primeos
chromium: 89.0.4389.128 -> 90.0.4430.72
9c162a4 
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html

This update includes 37 security fixes.

CVEs:
CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204
CVE-2021-21205 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208
CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212
CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216
CVE-2021-21217 CVE-2021-21218 CVE-2021-21219

(cherry picked from commit 6720b03)
@primeos
chromium: 90.0.4430.72 -> 90.0.4430.85
2812f6d 
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html

This update includes 7 security fixes. Google is aware of reports that
exploits for CVE-2021-21224 exist in the wild.

CVEs:
CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225
CVE-2021-21226

(cherry picked from commit a2dd59e)
@ghost ghost force-pushed the chromium-backport branch from 3d54faf to 2812f6d Compare April 22, 2021 12:56
@ghost
Copy link

ghost commented Apr 22, 2021
edited by ghost

I rebased and added #120056. Now building and seeing if it runs fine, but it'll take a while.

@ghost ghost marked this pull request as ready for review April 22, 2021 13:24
@ghost ghost changed the title [20.09] chromium: 89.0.4389.128 -> 90.0.4430.72 [20.09] chromium: 89.0.4389.128 -> 90.0.4430.85 Apr 22, 2021
@ghost ghost merged commit f6984a4 into NixOS:release-20.09 Apr 22, 2021
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bendlas bendlas Awaiting requested review from bendlas

@squalus squalus Awaiting requested review from squalus

@thefloweringash thefloweringash Awaiting requested review from thefloweringash

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@primeos