From 3559129e552af22237e0bee6184ec255eaf67533 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 1 May 2024 22:04:47 +0200 Subject: chromium: 124.0.6367.91 -> 124.0.6367.118 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html This update includes 2 security fixes. CVEs: CVE-2024-4331 CVE-2024-4368 (cherry picked from commit b71eeb5b2d7a3c7aed0cb089bfad25b23cc008fc) --- pkgs/applications/networking/browsers/chromium/upstream-info.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index c3ef4848ee44e..345370868d715 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -15,9 +15,9 @@ version = "2024-03-14"; }; }; - hash = "sha256-tajZtdiXgs5lRLTmDmgNTM2vD+N+LuWpBS0dYzxUsMA="; - hash_deb_amd64 = "sha256-CyCbZQ5ce8WLTt2JVSqbDkLDboE4BloiZ8pJff3dmSY="; - version = "124.0.6367.91"; + hash = "sha256-+r/48dxipSAo74v1deMuKalW+Hj85hCun63ZcgLYDLk="; + hash_deb_amd64 = "sha256-H3bv6WiVBl4j38ROZ80+SD9UO9ok+xxcKFxDd9yjWNY="; + version = "124.0.6367.118"; }; ungoogled-chromium = { deps = { -- cgit 1.4.1 From 177ce9ca10c3620829fed67f8360aeebf02f110a Mon Sep 17 00:00:00 2001 From: emilylange Date: Thu, 2 May 2024 02:12:22 +0200 Subject: chromium: lower version range of `--ozone-platform-hint` patch Ref: fb10ea41b2a080cb4ecac34aa12cf056d8d3f90e We had to apply this patch from M125 to M124 because at the time, chromium hasn't backported this to M124 yet. Until now! Or at least somewhat. 124.0.6367.118 shipped and has an equivalent patch now, which means that this patch is no longer needed. (Ignoring the fact that it no longer applies because of this anyway) At least on chromium. The thing is, ungoogled-chromium hasn't caught up with chromium yet, meaning it is still on < .118 and thus still needs that patch. (cherry picked from commit 85dfe83a86658f3fba80c050a774195f08fb378d) --- pkgs/applications/networking/browsers/chromium/common.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index ad2e1620e70df..b93163e0fc9c1 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -248,8 +248,8 @@ let # Partial revert of https://github.com/chromium/chromium/commit/3687976b0c6d36cf4157419a24a39f6770098d61 # allowing us to use our rustc and our clang. ./patches/chromium-121-rust.patch - ] ++ lib.optionals (chromiumVersionAtLeast "124" && !chromiumVersionAtLeast "125") [ - # M124 shipped with broken --ozone-platform-hint flag handling, which we rely on + ] ++ lib.optionals (chromiumVersionAtLeast "124" && !chromiumVersionAtLeast "124.0.6367.118") [ + # M124 < 124.0.6367.118 shipped with broken --ozone-platform-hint flag handling, which we rely on # for our NIXOS_OZONE_WL (wayland) environment variable. # See . # This is the commit for the fix that landed in M125, which applies clean on M124. -- cgit 1.4.1