Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chromium: 79.0.3945.130 -> 80.0.3987.87 #79242

Merged
merged 1 commit into from Feb 7, 2020
Merged

chromium: 79.0.3945.130 -> 80.0.3987.87 #79242

merged 1 commit into from Feb 7, 2020

Conversation

@primeos
Copy link
Member

@primeos primeos commented Feb 4, 2020

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

This update includes 56 security fixes.

CVEs:
CVE-2020-6381 CVE-2020-6382 CVE-2019-18197 CVE-2019-19926 CVE-2020-6385
CVE-2019-19880 CVE-2019-19925 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389
CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394
CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399
CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
CVE-2020-6405 CVE-2020-6406 CVE-2019-19923 CVE-2020-6408 CVE-2020-6409
CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414
CVE-2020-6415 CVE-2020-6416 CVE-2020-6417

Status
platform attribute status tester
x86_64 chromium ✔️ @primeos and @Frostman
x86_64 nixosTests.chromium ✔️ @primeos
x86_64 google-chrome{,-beta,-dev} ✔️ @primeos
aarch64 chromium ✔️ @thefloweringash

Note: The cached build result for chromium (on this branch) is available here: https://primeos.cachix.org/

Note: The timing of this update isn't ideal for me (@primeos), I started the build but the testing most likely has to wait until Thursday evening / Friday (but that shouldn't be a problem anyway).
Update: Will finalize this on Friday.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

This update includes 56 security fixes.

CVEs:
CVE-2020-6381 CVE-2020-6382 CVE-2019-18197 CVE-2019-19926 CVE-2020-6385
CVE-2019-19880 CVE-2019-19925 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389
CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394
CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399
CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
CVE-2020-6405 CVE-2020-6406 CVE-2019-19923 CVE-2020-6408 CVE-2020-6409
CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414
CVE-2020-6415 CVE-2020-6416 CVE-2020-6417
@Frostman
Copy link
Member

@Frostman Frostman commented Feb 5, 2020

I'm using NixOS in headless mode, so, can't test it fully. But nixpkgs-review pr ... worked fine for me and produced 4 binaries: chromium google-chrome google-chrome-beta google-chrome-dev

I've tested each of them with chromium --headless --disable-gpu --screenshot https://nixos.org/ command.

nixpkgs-review pr ... took about 1h on my system (on half cores), so, I can signup for chromium patches testing if such headless test make sense for you folks. @grahamc @primeos

@FRidh FRidh added this to the 20.03 milestone Feb 5, 2020
@thefloweringash
Copy link
Member

@thefloweringash thefloweringash commented Feb 5, 2020

platform attribute status tester
aarch64 chromium ✔️ @thefloweringash
aarch64 chromiumBeta ✔️ @thefloweringash
aarch64 chromiumDev WIP @thefloweringash
@worldofpeace
Copy link
Member

@worldofpeace worldofpeace commented Feb 6, 2020

@disassembler just wanted to notify you of this since we discussed some concern, but it seems to be handled.

@primeos
Copy link
Member Author

@primeos primeos commented Feb 7, 2020

nixpkgs-review pr ... took about 1h on my system (on half cores), so, I can signup for chromium patches testing if such headless test make sense for you folks. @grahamc @primeos

@Frostman Awesome, that would be absolutely great! :)
Can you also run NixOS VM tests on that machine? In that case you could run nixosTests.chromium to automatically test the build. If you can commit to this then I'd like to add you as nixos-unstable tester for chromium on x86_64 in #78450.

Edit: @worldofpeace anything I should be aware of?

@primeos
Copy link
Member Author

@primeos primeos commented Feb 7, 2020

Final testing was successful, didn't notice any regressions :)

@primeos primeos merged commit 3103167 into NixOS:master Feb 7, 2020
13 checks passed
13 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
@primeos primeos mentioned this pull request Feb 7, 2020
3 of 10 tasks complete
@worldofpeace
Copy link
Member

@worldofpeace worldofpeace commented Feb 7, 2020

@primeos It was about #78450, glad to see things are improving here, especially with your feedback.

@Frostman
Copy link
Member

@Frostman Frostman commented Feb 7, 2020

@primeos I guess if running nixosTests.chromium it doesn't make sense to do my dumb manual test :) Is that right that it would be enough to run the nixpkgs-review pr xxxxx -p nixosTests.chromium to run the needed tests?

@primeos
Copy link
Member Author

@primeos primeos commented Feb 8, 2020

@Frostman yes, running nixpkgs-review pr xxxxx -p nixosTests.chromium should be enough, thanks :)

@primeos
Copy link
Member Author

@primeos primeos commented Feb 9, 2020

Potential (minor) regression (but shouldn't be Nixpkgs specific): On my main laptop I had to disable the EFF Privacy Badger Extension (Version 2020.1.13) which prevented all (of the few ones I've tried) pages from loading. But I didn't see any bug reports regarding this yet: https://github.com/EFForg/privacybadger/issues. My other extensions still work without any issues.

Feel free to comment here / open issues if this affects you too (or if someone can confirm this, might be just me).

Edit: Forgot to mention this here, but I tried to reproduce this in my test VM, but it worked fine there (with the EFF Privacy Badger extension). Therefore this issue probably only affects me (e.g. due to some specific local state or it only happens in combination with other plugins).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.