From 0c3aa7fbd1b9c26eace2e67513d018a81fbc046f Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 21 Feb 2024 01:58:20 +0100 Subject: [PATCH 1/3] chromium: 121.0.6167.184 -> 122.0.6261.57 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html This update includes 12 security fixes. CVEs: CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676 --- .../networking/browsers/chromium/upstream-info.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 6711701fe3f9..2ea3fdde3568 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -9,15 +9,15 @@ }; deps = { gn = { - hash = "sha256-eD3KORYYuIH+94+BgL+yFD5lTQFvj/MqPU9DPiHc98s="; - rev = "7367b0df0a0aa25440303998d54045bda73935a5"; + hash = "sha256-UhdDsq9JyP0efGpAaJ/nLp723BbjM6pkFPcAnQbgMKY="; + rev = "f99e015ac35f689cfdbf46e4eb174e5d2da78d8e"; url = "https://gn.googlesource.com/gn"; - version = "2023-11-28"; + version = "2024-01-22"; }; }; - hash = "sha256-mLXBaW4KBieOiz2gRXfgA/KPdmUnNlpUIOqdj7CywcY="; - hash_deb_amd64 = "sha256-UDgO1sJ7bggFTe7C36CnHYXjG9rM+ZqFCOzNyIDpQ0Y="; - version = "121.0.6167.184"; + hash = "sha256-VvurD1r89dI0ahaVDQ3yinGlHOfzzm7TkL09tF4nebE="; + hash_deb_amd64 = "sha256-Q3AUKzUsRzW00+WLhuri86QzBGk/rlq5Hk+NdoRbbM4="; + version = "122.0.6261.57"; }; ungoogled-chromium = { deps = { From c563706a164839efcd3b0a14e8584cffc6a261e4 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 21 Feb 2024 01:58:39 +0100 Subject: [PATCH 2/3] chromedriver: 121.0.6167.85 -> 122.0.6261.57 --- .../networking/browsers/chromium/upstream-info.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 2ea3fdde3568..daaad6ae08f4 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,11 +1,11 @@ { stable = { chromedriver = { - hash_darwin = "sha256-IDPdjq3FpLy6Y9xkR15mzbIal8wjeQzzWtWuZ4uKmzA="; + hash_darwin = "sha256-Mdm+aOd8czNX7oJcNCSdu5TFwIlh5Y37OLdiPpOD+mk="; hash_darwin_aarch64 = - "sha256-3Mol45MrvrSqrpkKy2Trt0JFNfV4ekXTxEveUUGmJm4="; - hash_linux = "sha256-O8U4pZ76/N7q9bV7d0A+wlIqqaoz6WyfZQO4cIV2CIM="; - version = "121.0.6167.85"; + "sha256-ZF8nfAXX99I4x6RUEvQkiXZ/SMugXYYyzgC1SzcE1OE="; + hash_linux = "sha256-DIC7Ew7aCvtYMVXVXsnMItdeLPDdkNZXZH35I0ZdWEs="; + version = "122.0.6261.57"; }; deps = { gn = { From 46c7c8a7774fdc697c32e3ecbdffb3c5014fea91 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 21 Feb 2024 15:06:31 +0100 Subject: [PATCH 3/3] chromedriver: fix src download link Upstream migrated to a new bucket for their chromedriver releases. See https://github.com/GoogleChromeLabs/chrome-for-testing/commit/dd90f461197402d01208a690b58f8a7776db6e7c Our chromium/update.py (and by proxy upstream-info.nix) does not need to by changed in any way, since it already uses the new API endpoint since 65e801cb43a4ec4d9d7445fc42b9c51d3c1cad81 (which already uses the new bucket URL). --- pkgs/development/tools/selenium/chromedriver/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/selenium/chromedriver/default.nix b/pkgs/development/tools/selenium/chromedriver/default.nix index 55ce40832f9e..c40a32ff30e8 100644 --- a/pkgs/development/tools/selenium/chromedriver/default.nix +++ b/pkgs/development/tools/selenium/chromedriver/default.nix @@ -41,7 +41,7 @@ in stdenv.mkDerivation rec { version = upstream-info.version; src = fetchurl { - url = "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/${version}/${spec.system}/chromedriver-${spec.system}.zip"; + url = "https://storage.googleapis.com/chrome-for-testing-public/${version}/${spec.system}/chromedriver-${spec.system}.zip"; hash = spec.hash; };