chromium: 53 -> 54 #19565
chromium: 53 -> 54 #19565
Conversation
|
@NeQuissimus, thanks for your PR! By analyzing the history of the files in this pull request, we identified @grahamc and @aszlig to be potential reviewers. |
grahamc
added
the
9.needs: port to stable
|
Hrmmm not so simple this time :( |
|
Oh, I only built stable... |
|
OK, I need help with this... :D I don't even see your error when I build I get these
Seemed to me that PepperFlash has been removed but I am not sure how I would go about fixing that. I don't think I understand the nix expressions for Chromium... |
|
Continuing from #19678, shall we use this PR as a ticket for the chromium transition? I took @aszlig 's work on porting to GN and tried to get it built: https://github.com/bendlas/nixpkgs/tree/chromium-gn I added a commit to deactivate PepperFlash, but for a complete port we'll probably need distribute NPAPI flash: https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html |
|
@bendlas: Chromium has dropped support for the NPAPI a long time ago, so how do you exactly want to port it? Reviving the old (unsandboxed) NPAPI code? |
|
@aszlig I probably misremembered. Probably because chromium dropped the PPAPI flash from the default plugin package at the same time where Adobe announced plans to keep NPAPI flash updated in the future. Shall we continue to support PPAPI flash, by downloading it directly from Adobe? What's upstream doing? |
|
@bendlas: Ah, didn't get that in the first place... So the Chrome binary package doesn't include Pepperflash anymore, right? So yes, I'd get the (PPAPI) plugin directly from Adobe then and drop the plugin from the Chromium plugins package (leaving it to only include widevine). |
|
(bug roundup highlighted this issue again, #19884) What's the status on updating the stable chromium? |
|
@grahamc almost there, I could get a successful link with the |
|
Link issue should be fixed, just running another build. |
|
@bendlas: I think it's better to completely decouple pepperflash from Chromium, like it has been back then with the NPAPI flash plugin, especially because Flash versions are no longer tied to Chromium versions (okay, to be more exact: I assume they aren't). |
|
@aszlig if the auto-update via Component Updater works, wouldn't it be better to take advantage of this, to get faster security updates? I grepped GN flags for flash, but didn't find anything to control Component Updater. Let's see, what it does in a finished build, still waiting for that. Got to run in 15 minutes, unfortunately ... |
|
EDIT: builds and run I rebased and squashed everything in master...bendlas:chromium-54 if somebody wants to take care of pepperflash right now, you can do so on top of that branch, otherwise I recommend pushing this w/o pepperflash, for now. |
|
Where are we at with this? @bendlas can you send your progress as a PR? We should have a working up-to-date Chromium then, correct? |
This brings in the new stable version 54 which also introduces a lot of security fixes: CVE-2016-5198: Out of bounds memory access in V8 CVE-2016-5181: Universal XSS in Blink CVE-2016-5182: Heap overflow in Blink CVE-2016-5183: Use after free in PDFium CVE-2016-5184: Use after free in PDFium CVE-2016-5185: Use after free in Blink CVE-2016-5187: URL spoofing CVE-2016-5188: UI spoofing CVE-2016-5192: Cross-origin bypass in Blink CVE-2016-5189: URL spoofing CVE-2016-5186: Out of bounds read in DevTools CVE-2016-5191: Universal XSS in Bookmarks CVE-2016-5190: Use after free in Internals CVE-2016-5193: Scheme bypass Detailed announcements about these changes can be found here (latest to oldest): https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html The update process of Chromium has been a bit bumpy on our side, because version 54 also did the switch from GYP to GN so it wasn't just a matter of updating the upstream-info file. I've tested the Flash plugin (which runs fine) and WideVine manually, although I couldn't get WideVine to work (I was running this within a VM though). So if people want to use WideVine they need to use Chrome instead until we got this sorted out. VM test results along with builds for all platforms can be found here: https://headcounter.org/hydra/eval/339328 I'm going to backport these changes to stable as soon as the tests/builds succeed there as well. Closes: #19565 Closes: #20120
This is the merge c67a7ee from master but backported to stable, which brings a bunch of security updates to Chromium: CVE-2016-5198: Out of bounds memory access in V8 CVE-2016-5181: Universal XSS in Blink CVE-2016-5182: Heap overflow in Blink CVE-2016-5183: Use after free in PDFium CVE-2016-5184: Use after free in PDFium CVE-2016-5185: Use after free in Blink CVE-2016-5187: URL spoofing CVE-2016-5188: UI spoofing CVE-2016-5192: Cross-origin bypass in Blink CVE-2016-5189: URL spoofing CVE-2016-5186: Out of bounds read in DevTools CVE-2016-5191: Universal XSS in Bookmarks CVE-2016-5190: Use after free in Internals CVE-2016-5193: Scheme bypass Detailed announcements about these changes can be found here (latest to oldest): https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html The implementation of this backport differs in that we copy the cc-wrapper to the Chromium directory and add support for handling response files. Thanks to @bendlas for the work on this. Tests and builds pass successfully on my Hydra at: https://headcounter.org/hydra/eval/339329 Cc: @grahamc, @bendlas, @shlevy, @sternenseemann Closes: #19565 Closes: #20120
This is the merge c67a7ee from master but backported to stable, which brings a bunch of security updates to Chromium: CVE-2016-5198: Out of bounds memory access in V8 CVE-2016-5181: Universal XSS in Blink CVE-2016-5182: Heap overflow in Blink CVE-2016-5183: Use after free in PDFium CVE-2016-5184: Use after free in PDFium CVE-2016-5185: Use after free in Blink CVE-2016-5187: URL spoofing CVE-2016-5188: UI spoofing CVE-2016-5192: Cross-origin bypass in Blink CVE-2016-5189: URL spoofing CVE-2016-5186: Out of bounds read in DevTools CVE-2016-5191: Universal XSS in Bookmarks CVE-2016-5190: Use after free in Internals CVE-2016-5193: Scheme bypass Detailed announcements about these changes can be found here (latest to oldest): https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html The implementation of this backport differs in that we copy the cc-wrapper to the Chromium directory and add support for handling response files. Thanks to @bendlas for the work on this. Tests and builds pass successfully on my Hydra at: https://headcounter.org/hydra/eval/339329 Cc: @grahamc, @bendlas, @shlevy, @sternenseemann Closes: NixOS#19565 Closes: NixOS#20120
Motivation for this change
Update
Things done
Used update.sh
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)