From b10fdd510e2a48438b1ae07232e5275ddbf6e582 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 22 Oct 2020 18:29:26 +0200 Subject: gnu: ungoogled-chromium: Embed absolute references to libGL and friends. * gnu/packages/chromium.scm (ungoogled-chromium)[arguments]: Provide absolute references to dlopen'd Mesa libraries. --- gnu/packages/chromium.scm | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index 7bc69c7386..344f3a72ef 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -617,6 +617,16 @@ (substitute* "device/udev_linux/udev1_loader.cc" (("libudev\\.so\\.1") (string-append udev "/lib/libudev.so.1"))) + + (substitute* '("ui/ozone/platform/x11/gl_ozone_glx.cc" + "ui/ozone/common/egl_util.cc" + "ui/gl/init/gl_initializer_linux_x11.cc") + (("libGL\\.so\\.1") + (string-append mesa "/lib/libGL.so.1")) + (("libEGL\\.so\\.1") + (string-append mesa "/lib/libEGL.so.1")) + (("libGLESv2\\.so\\.2") + (string-append mesa "/lib/libGLESv2.so.2"))) #t))) (add-before 'configure 'prepare-build-environment (lambda* (#:key inputs #:allow-other-keys) -- cgit v1.2.3 From a45071978c25d4c3d66e0798b6b28fc0ce7756af Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 21 Oct 2020 23:55:42 +0200 Subject: gnu: ungoogled-chromium: Update to 86.0.4240.111-0.c34a56d [security fixes]. This fixes CVE-2020-15999, CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, and CVE-2020-16003. * gnu/packages/chromium.scm (ungoogled-chromium): Update to 86.0.4240.111-0.c34a56d. --- gnu/packages/chromium.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index 344f3a72ef..f32a779805 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -301,7 +301,7 @@ "/svntogit-packages/" revision "/trunk/" name)) (sha256 (base32 hash)))) -(define %chromium-version "86.0.4240.75") +(define %chromium-version "86.0.4240.111") (define %ungoogled-revision "c34a56db4c121238fface560e21531b6199ce5dd") (define %debian-revision "debian/84.0.4147.105-1") (define %arch-revision "2cbe439471932d30ff2c8ded6b3dfd51b312bbc9") @@ -446,10 +446,10 @@ (method url-fetch) (uri (string-append "https://commondatastorage.googleapis.com" "/chromium-browser-official/chromium-" - (car (string-split version #\-)) ".tar.xz")) + %chromium-version ".tar.xz")) (sha256 (base32 - "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx")) + "05y7lwr89awkhvgmwkx3br9j4ap2aypg2wsc0nz8mi7kxc1dnyzj")) (modules '((guix build utils))) (snippet (force ungoogled-chromium-snippet)))) (build-system gnu-build-system) -- cgit v1.2.3 From 867e3830e6a3ee92317379e33d80c58a57107af4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 23 Oct 2020 10:17:21 +0200 Subject: gnu: ungoogled-chromium: Add search path for installed extensions. * gnu/packages/patches/ungoogled-chromium-extension-search-path.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/chromium.scm (%guix-patches): New variable. (ungoogled-chromium-snippet): Apply %GUIX-PATCHES. (ungoogled-chromium)[arguments]: Don't hard-code extensions directory. [native-search-paths]: New field. --- gnu/local.mk | 1 + gnu/packages/chromium.scm | 18 +++++++------- .../ungoogled-chromium-extension-search-path.patch | 28 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/ungoogled-chromium-extension-search-path.patch (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 2a994bd3b9..72f81a9913 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1653,6 +1653,7 @@ dist_patch_DATA = \ %D%/packages/patches/u-boot-riscv64-fix-extlinux.patch \ %D%/packages/patches/ucx-tcp-iface-ioctl.patch \ %D%/packages/patches/udiskie-no-appindicator.patch \ + %D%/packages/patches/ungoogled-chromium-extension-search-path.patch \ %D%/packages/patches/ungoogled-chromium-system-nspr.patch \ %D%/packages/patches/unison-fix-ocaml-4.08.patch \ %D%/packages/patches/unknown-horizons-python-3.8-distro.patch \ diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index f32a779805..b2191701df 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -334,6 +334,10 @@ (base32 "18p9a7qffmy8m03nqva7maalgil13lj2mn0s56v3crbs4wk4lalj")))) +(define %guix-patches + (list (local-file (search-patch "ungoogled-chromium-system-nspr.patch")) + (local-file (search-patch "ungoogled-chromium-extension-search-path.patch")))) + ;; This is a source 'snippet' that does the following: ;; *) Applies various patches for unbundling purposes and libstdc++ compatibility. ;; *) Runs the ungoogled patch-, domain substitution-, and scrubbing scripts. @@ -356,9 +360,7 @@ (invoke "patch" "-p1" "--force" "--input" patch "--no-backup-if-mismatch")) (append '#+%debian-patches '#+%arch-patches - '#+(list (local-file - (search-patch - "ungoogled-chromium-system-nspr.patch"))))) + '#+%guix-patches)) (with-directory-excursion #+%ungoogled-origin (format #t "Ungooglifying...~%") @@ -571,11 +573,6 @@ (find-files (string-append "third_party/webrtc/modules" "/audio_coding/codecs/opus"))) - (substitute* "chrome/common/chrome_paths.cc" - (("/usr/share/chromium/extensions") - ;; TODO: Add ~/.guix-profile. - "/run/current-system/profile/share/chromium/extensions")) - ;; Many files try to include ICU headers from "third_party/icu/...". ;; Remove the "third_party/" prefix to use system headers instead. (substitute* (find-files "chrome" "\\.cc$") @@ -840,6 +837,11 @@ ("udev" ,eudev) ("valgrind" ,valgrind) ("vulkan-headers" ,vulkan-headers))) + (native-search-paths + (list (search-path-specification + (variable "CHROMIUM_EXTENSION_DIRECTORY") + (separator #f) ;single entry + (files '("share/chromium/extensions"))))) ;; Building Chromium takes ... a very long time. On a single core, a busy ;; mid-end x86 system may need more than 24 hours to complete the build. diff --git a/gnu/packages/patches/ungoogled-chromium-extension-search-path.patch b/gnu/packages/patches/ungoogled-chromium-extension-search-path.patch new file mode 100644 index 0000000000..5ce219ccc7 --- /dev/null +++ b/gnu/packages/patches/ungoogled-chromium-extension-search-path.patch @@ -0,0 +1,28 @@ +Look for extensions in $CHROMIUM_EXTENSION_DIRECTORY instead of +/usr/share/chromium/extensions. + +--- a/chrome/common/chrome_paths.cc ++++ b/chrome/common/chrome_paths.cc +@@ -4,6 +4,7 @@ + + #include "chrome/common/chrome_paths.h" + ++#include "base/environment.h" + #include "base/files/file_util.h" + #include "base/logging.h" + #include "base/native_library.h" +@@ -511,7 +512,13 @@ + #endif + #if defined(OS_LINUX) || defined(OS_CHROMEOS) + case chrome::DIR_STANDALONE_EXTERNAL_EXTENSIONS: { +- cur = base::FilePath(kFilepathSinglePrefExtensions); ++ std::unique_ptr environment(base::Environment::Create()); ++ std::string extension_dir; ++ if (environment->GetVar("CHROMIUM_EXTENSION_DIRECTORY", &extension_dir)) { ++ cur = base::FilePath(extension_dir); ++ } else { ++ cur = base::FilePath(kFilepathSinglePrefExtensions); ++ } + break; + } + #endif -- cgit v1.2.3 From 81dfd459e3a3d1b8c4a3de61fd9b677fefde8f36 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 3 Nov 2020 10:42:47 +0100 Subject: gnu: ungoogled-chromium: Update to 86.0.4240.183-0.b68e17f [security fixes]. This fixes CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, and CVE-2020-16011. * gnu/packages/chromium.scm (%ungoogled-revision, %ungoogled-origin): Update to b68e17f. (ungoogled-chromium): Update to 86.0.4240.183. --- gnu/packages/chromium.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index b2191701df..6db791aa17 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -301,8 +301,8 @@ "/svntogit-packages/" revision "/trunk/" name)) (sha256 (base32 hash)))) -(define %chromium-version "86.0.4240.111") -(define %ungoogled-revision "c34a56db4c121238fface560e21531b6199ce5dd") +(define %chromium-version "86.0.4240.183") +(define %ungoogled-revision "b68e17f32e9eff56615a07b44e457835bb9460c6") (define %debian-revision "debian/84.0.4147.105-1") (define %arch-revision "2cbe439471932d30ff2c8ded6b3dfd51b312bbc9") @@ -332,7 +332,7 @@ (string-take %ungoogled-revision 7))) (sha256 (base32 - "18p9a7qffmy8m03nqva7maalgil13lj2mn0s56v3crbs4wk4lalj")))) + "0visyhz321ykrmbjndvx31yd8xlmha9gas0xbkavc2i45rpfahjq")))) (define %guix-patches (list (local-file (search-patch "ungoogled-chromium-system-nspr.patch")) @@ -451,7 +451,7 @@ %chromium-version ".tar.xz")) (sha256 (base32 - "05y7lwr89awkhvgmwkx3br9j4ap2aypg2wsc0nz8mi7kxc1dnyzj")) + "1g39i82js7fm4fqb8i66d6xs0kzqjxzi4vzvvwz5y9rkbikcc4ma")) (modules '((guix build utils))) (snippet (force ungoogled-chromium-snippet)))) (build-system gnu-build-system) -- cgit v1.2.3 From fddc87063231f8f9aa22bbbc5bca4a46b9bbf004 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 3 Nov 2020 20:51:27 +0100 Subject: gnu: ungoogled-chromium: Fix hardware acceleration. * gnu/packages/chromium.scm (ungoogled-chromium)[arguments]: Patch in absolute file name of libGL.so, and install Chromiums own libEGL.so and libGLESv2.so. --- gnu/packages/chromium.scm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index 6db791aa17..5c7bb12def 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -615,9 +615,11 @@ (("libudev\\.so\\.1") (string-append udev "/lib/libudev.so.1"))) - (substitute* '("ui/ozone/platform/x11/gl_ozone_glx.cc" - "ui/ozone/common/egl_util.cc" - "ui/gl/init/gl_initializer_linux_x11.cc") + (substitute* + '("ui/ozone/platform/x11/gl_ozone_glx.cc" + "ui/ozone/common/egl_util.cc" + "ui/gl/init/gl_initializer_linux_x11.cc" + "third_party/angle/src/libANGLE/renderer/gl/glx/FunctionsGLX.cpp") (("libGL\\.so\\.1") (string-append mesa "/lib/libGL.so.1")) (("libEGL\\.so\\.1") @@ -712,7 +714,10 @@ (libs '("chrome_100_percent.pak" "chrome_200_percent.pak" "resources.pak" - "v8_context_snapshot.bin")) + "v8_context_snapshot.bin" + ;; Chromium ships its own libGL + ;; implementation called ANGLE. + "libEGL.so" "libGLESv2.so")) (locales (string-append lib "/locales")) (resources (string-append lib "/resources")) (preferences (assoc-ref inputs "master-preferences")) -- cgit v1.2.3 From a5945a60cf7e0899447cabedf4ea5aff8ee8dff8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 5 Nov 2020 16:15:22 +0100 Subject: gnu: chromium: Silent 'local-file' warning. This is a followup to fddc87063231f8f9aa22bbbc5bca4a46b9bbf004. * gnu/packages/chromium.scm (%guix-patches): Use 'assume-valid-file-name'. --- gnu/packages/chromium.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'gnu/packages/chromium.scm') diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index 5c7bb12def..902f2a723c 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -335,8 +335,12 @@ "0visyhz321ykrmbjndvx31yd8xlmha9gas0xbkavc2i45rpfahjq")))) (define %guix-patches - (list (local-file (search-patch "ungoogled-chromium-system-nspr.patch")) - (local-file (search-patch "ungoogled-chromium-extension-search-path.patch")))) + (list (local-file + (assume-valid-file-name + (search-patch "ungoogled-chromium-system-nspr.patch"))) + (local-file + (assume-valid-file-name + (search-patch "ungoogled-chromium-extension-search-path.patch"))))) ;; This is a source 'snippet' that does the following: ;; *) Applies various patches for unbundling purposes and libstdc++ compatibility. -- cgit v1.2.3