gnu: ungoogled-chromium: Update to 83.0.4103.106-0.f08ce8b [security fixes].

This fixes CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468,
CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473,
CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478,
CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483,
CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488,
CVE-2020-6489, CVE-2020-6490, CVE-2020-6491, CVE-2020-6493, CVE-2020-6494,
CVE-2020-6495, CVE-2020-6496, CVE-2020-6497, and CVE-2020-6498.

* gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch,
gnu/packages/patches/ungoogled-chromium-system-zlib.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 83.
(%chromium-version): Set to 83.0.4103.106.
(%ungoogled-revision): Set to f08ce8b3f1300ef0750b5d6bf967b9cbbfd9a56d.
(%gentoo-revision, %gentoo-patches, %debian-patches): New variables.
(gentoo-patch, debian-patch): New procedures.
(%chromium-origin, %ungoogled-origin): Update hashes.
(ungoogled-chromium-source): Don't apply patches from %DEBIAN-ORIGIN, but take
%GENTOO-PATCHES, %DEBIAN-PATCHES, and the local patch files.
(ungoogled-chromium)[arguments]: Remove "enable_swiftshader=false" from
 #:configure-flags.  Add "icu_use_data_file=false".  Set CFLAGS in phase.
Remove obsolete substitution.  Adjust install phase to install .so files for
ANGLE and Swiftshader.
[native-inputs]: Change from CLANG-9 to CLANG-10.
[inputs]: Replace ICU4C with ICU4C-67.
(ungoogled-chromium/wayland): Remove obsolete substitution.  Add
"ozone_platform_x11=true" in #:configure-flags.

2 files changed, 112 insertions, 0 deletions

diff --git a/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch b/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch
new file mode 100644
index 0000000000..294e1ea33b
--- /dev/null
+++ b/gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch
@@ -0,0 +1,65 @@
+Build with the system jsoncpp instead of the bundled one.
+
+Adapted from Debian:
+https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/patches/system/jsoncpp.patch
+
+diff --git a/third_party/jsoncpp/BUILD.gn b/third_party/jsoncpp/BUILD.gn
+--- a/third_party/jsoncpp/BUILD.gn
++++ b/third_party/jsoncpp/BUILD.gn
+@@ -3,52 +3,14 @@
+ # found in the LICENSE file.
+ 
+ import("//testing/libfuzzer/fuzzer_test.gni")
++import("//build/config/linux/pkg_config.gni")
+ 
+-config("jsoncpp_config") {
+-  include_dirs = [
+-    "source/include",
+-    "generated",
+-  ]
+-
+-  # TODO(crbug.com/983223): Update JsonCpp BUILD.gn to remove deprecated
+-  # declaration flag.
+-  # This temporary flag allowing clients to update to the new version, and then
+-  # update to the new StreamWriter and CharReader classes.
+-  if (!is_win || is_clang) {
+-    cflags_cc = [ "-Wno-deprecated-declarations" ]
+-  }
++pkg_config("jsoncpp_config") {
++  packages = [ "jsoncpp" ]
+ }
+ 
+-source_set("jsoncpp") {
+-  sources = [
+-    "generated/version.h",
+-    "source/include/json/assertions.h",
+-    "source/include/json/autolink.h",
+-    "source/include/json/config.h",
+-    "source/include/json/features.h",
+-    "source/include/json/forwards.h",
+-    "source/include/json/json.h",
+-    "source/include/json/reader.h",
+-    "source/include/json/value.h",
+-    "source/include/json/writer.h",
+-    "source/src/lib_json/json_reader.cpp",
+-    "source/src/lib_json/json_tool.h",
+-    "source/src/lib_json/json_value.cpp",
+-    "source/src/lib_json/json_writer.cpp",
+-  ]
+-
++group("jsoncpp") {
+   public_configs = [ ":jsoncpp_config" ]
+-
+-  defines = [
+-    "JSON_USE_EXCEPTION=0",
+-    "JSON_USE_NULLREF=0",
+-  ]
+-
+-  include_dirs = [ "source/src/lib_json" ]
+-
+-  if (!is_win || is_clang) {
+-    cflags_cc = [ "-Wno-implicit-fallthrough" ]
+-  }
+ }
+ 
+ if (build_with_chromium) {
diff --git a/gnu/packages/patches/ungoogled-chromium-system-zlib.patch b/gnu/packages/patches/ungoogled-chromium-system-zlib.patch
new file mode 100644
index 0000000000..b6e3c0f075
--- /dev/null
+++ b/gnu/packages/patches/ungoogled-chromium-system-zlib.patch
@@ -0,0 +1,47 @@
+Use zlib instead of the bundled lzma_sdk.
+
+Adapted from Debian:
+https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/patches/system/zlib.patch
+
+diff --git a/courgette/BUILD.gn b/courgette/BUILD.gn
+--- a/courgette/BUILD.gn
++++ b/courgette/BUILD.gn
+@@ -58,7 +58,6 @@ static_library("courgette_lib") {
+ 
+   deps = [
+     "//base",
+-    "//third_party/lzma_sdk",
+   ]
+ 
+   public_deps = [
+@@ -79,7 +78,6 @@ source_set("courgette_common") {
+   ]
+   deps = [
+     "//base",
+-    "//third_party/lzma_sdk",
+   ]
+ }
+ 
+diff --git a/courgette/crc.cc b/courgette/crc.cc
+--- a/courgette/crc.cc
++++ b/courgette/crc.cc
+@@ -7,6 +7,8 @@
+ #include <stdint.h>
+ #include <stddef.h>
+ 
++#define COURGETTE_USE_CRC_LIB
++
+ #ifdef COURGETTE_USE_CRC_LIB
+ #  include "zlib.h"
+ #else
+diff --git a/third_party/perfetto/gn/BUILD.gn b/third_party/perfetto/gn/BUILD.gn
+--- a/third_party/perfetto/gn/BUILD.gn
++++ b/third_party/perfetto/gn/BUILD.gn
+@@ -304,7 +304,6 @@ if (enable_perfetto_zlib) {
+       public_configs = [ "//buildtools:zlib_config" ]
+       public_deps = [ "//buildtools:zlib" ]
+     } else {
+-      public_configs = [ "//third_party/zlib:zlib_config" ]
+       public_deps = [ "//third_party/zlib" ]
+     }
+   }