chromium: 85.0.4183.121 -> 86.0.4240.75

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

This update includes 35 security fixes.

CVEs:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989

1 files changed, 8 insertions, 16 deletions

diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index a79a48fffcc..af2d27342f8 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -13,7 +13,6 @@
 , bison, gperf
 , glib, gtk3, dbus-glib
 , glibc
-, xorg
 , libXScrnSaver, libXcursor, libXtst, libGLU, libGL
 , protobuf, speechd, libXdamage, cups
 , ffmpeg_3, libxslt, libxml2, at-spi2-core
@@ -131,7 +130,6 @@ let
       ninja which python2Packages.python perl pkgconfig
       python2Packages.ply python2Packages.jinja2 nodejs
       gnutar python2Packages.setuptools
-      (xorg.xcbproto.override { python = python2Packages.python; })
     ];
 
     buildInputs = defaultDependencies ++ [
@@ -150,9 +148,7 @@ let
       ++ optional pulseSupport libpulseaudio
       ++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
 
-    patches = optionals (versionRange "68" "86") [
-      ./patches/nix_plugin_paths_68.patch
-    ] ++ [
+    patches = [
       ./patches/remove-webp-include-69.patch
       ./patches/no-build-timestamps.patch
       ./patches/widevine-79.patch
@@ -166,18 +162,19 @@ let
       #
       # ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
       # ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
-    ] ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
-      ./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
-      ./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
-    ];
+    ]; # TODO: VA-API patches (we should be able to drop enable-video-acceleration-on-linux.patch now):
+    # ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
+    #   ./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
+    #   ./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
+    # ];
 
-    postPatch = optionalString (!versionRange "0" "86") ''
+    postPatch = ''
       # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
       substituteInPlace native_client/SConstruct \
         --replace "#! -*- python -*-" ""
       substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
         --replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
-    '' + ''
+
       # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
       substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
         --replace \
@@ -195,11 +192,6 @@ let
           '/usr/share/locale/' \
           '${glibc}/share/locale/'
 
-      substituteInPlace ui/gfx/x/BUILD.gn \
-        --replace \
-          '/usr/share/xcb' \
-          '${xorg.xcbproto}/share/xcb/'
-
       sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
         chrome/browser/shell_integration_linux.cc