Age | Commit message (Collapse) | Author | Files | Lines |
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
|
|
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
This update includes 6 security fixes.
CVEs:
CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
This update includes 6 security fixes.
CVEs:
CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103
|
|
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html
|
|
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html
This update includes 21 security fixes.
CVEs:
CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834
CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839
CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
|
|
The minimum versions for both chromium and electron-source are higher
than the version bounds of those conditionals.
As such, they can be safely removed.
This is a no-op.
|
|
chromedriver,chromium: 125.0.6422.141 -> 126.0.6478.55, rebase patches, extend tarball exclude
|
|
Solves the following build error:
~~~
FAILED: obj/chrome/browser/devtools/devtools/devtools_window.o
In file included from ../../chrome/browser/devtools/devtools_window.cc:32:
../../chrome/browser/file_select_helper.h:16:10: fatal error: 'components/enterprise/buildflags/buildflags.h' file not found
16 | #include "components/enterprise/buildflags/buildflags.h"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
Can be removed once chromium and ungoogled-chromium are both on M126,
since the patch is from M126.
https://issues.chromium.org/issues/336911498
https://chromium-review.googlesource.com/c/chromium/src/+/5487538
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html
This update includes 21 security fixes.
CVEs:
CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834
CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839
CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
|
|
Note that we can't just update previous patches in place, as that would
prevent electron-source and ungoogled-chrome (< M126) from building.
|
|
Starting with M126, the upstream release tarball includes two full
Debian sysroots to compile chromium with:
~~~shell
$ du -sh build/linux/debian_bullseye_*
835M build/linux/debian_bullseye_amd64-sysroot
739M build/linux/debian_bullseye_i386-sysroot
~~~
But they are huge and we don't need them.
In order to stay below the current 3 GB tarball size limit that is
dictated by hydra.nixos.org's max-output-limit, we add them to our
exclude patterns.
This is a no-op for < M126.
|
|
|
|
|
|
Just like with Firefox, we need to make sure there's only a single
version of LLVM involved in building Chromium, or we get errors like
this:
ld.lld: error: Invalid record (Producer: 'LLVM18.1.7' Reader: 'LLVM 17.0.6')
Fixes: 23d4f834536b ("cargo,clippy,rustc,rustfmt: 1.77.2 -> 1.78.0")
|
|
I'm pretty sure this was a mistake — in Nixpkgs the target platform is
the platform that the program being built should output executables
for — i.e., it's only relevant for a compiler, which Chromium is not.
Tested that cross-compilation of Electron still works.
|
|
nix run nixpkgs#silver-searcher -- -G '\.nix$' -0l 'description.*"[Aa]n?' pkgs \
| xargs -0 nix run nixpkgs#gnused -- -i '' -Ee 's/(description.*")[Aa]n? (.)/\1\U\2/'
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html
This update includes 11 security fixes.
CVEs:
CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497
CVE-2024-5498 CVE-2024-5499
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html
This update includes 11 security fixes.
CVEs:
CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497
CVE-2024-5498 CVE-2024-5499
|
|
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-5274 exists in the wild.
CVEs:
CVE-2024-5274
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-5274 exists in the wild.
CVEs:
CVE-2024-5274
|
|
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
This update includes 6 security fixes.
CVEs:
CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
This update includes 6 security fixes.
CVEs:
CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160
|
|
|
|
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
This update includes 9 security fixes. Google is aware that an exploit
for CVE-2024-4947 exists in the wild.
CVEs:
CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950
|
|
Ref: https://github.com/chromium/chromium/commit/ca53cbde1728fbc0a30d1acb30357be55a18e26a
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
This update includes 9 security fixes. Google is aware that an exploit
for CVE-2024-4947 exists in the wild.
CVEs:
CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950
|
|
|
|
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-4761 exists in the wild.
CVEs:
CVE-2024-4761
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-4761 exists in the wild.
CVEs:
CVE-2024-4761
|
|
|
|
|
|
This gets rid of a lot of redundant logic that is already present in the
`widevine-cdm` package :)
The resulting directory structure is the same and works just as well.
|
|
|
|
element-desktop,electron: fix cross build
|
|
chromium: prevent automatic Widevine DRM download
|
|
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-4671 exists in the wild.
CVEs:
CVE-2024-4671
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
This update includes 1 security fix. Google is aware that an exploit for
CVE-2024-4671 exists in the wild.
CVEs:
CVE-2024-4671
|
|
|
|
Previously, chromium automatically downloaded Widevine via its
component updater when encountering DRM protected content for the first
time or when manually opening chrome://components.
This commit disables that and also prevents previously downloaded
Widevine blobs (usually in ~/.config/chromium/WidevineCdm/) from being
loaded and executed.
Widevine now only works using
~~~
chromium.override { enableWideVine = true; }
~~~
making Widevine truly opt-in, as it's supposed to be.
Using that override also sets meta.license to unfree, making the
end user aware that Widevine is in fact unfree.
See issue 115275 for further details.
|
|
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html
This update includes 2 security fixes.
CVEs:
CVE-2024-4558 CVE-2024-4559
|