[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47154: ungoogled-chromium@88.0.4324.182 package vulnerable to variou
From: |
Marius Bakke |
Subject: |
bug#47154: ungoogled-chromium@88.0.4324.182 package vulnerable to various severe CVEs |
Date: |
Sat, 20 Mar 2021 14:41:04 +0100 |
Hello!
Sorry for not seeing this earlier.
Léo Le Bouter <lle-bout@zaclys.net> skriver:
> I am not sure how to undertake this upgrade, I tried a little bit but
> it failed at failing to delete some bundled third_party directories.
>
> Would love to know in more detail what is the process for upgrading
> ungoogled-chromium, license checking and patch rebasing if necessary.
For major upgrades such as 88->89, I usually comment out the pruning
script from the snippet, and add a phase such as...
(add-after 'unpack 'prune
(lambda _
(apply invoke "python"
"build/linux/unbundle/remove_bundled_libraries.py"
"--do-remove" (list ,@%preserved-third-party-files))))
...to avoid having to repack for every change to
%preserved-third-party-files.
Then just run './pre-inst-env guix build ...' as usual, see what the
configure phase reports, and adjust %preserved-third-party-files
accordingly.
Each "third_party" directory contains a README.chromium with license
information. That file is not always correct (i.e. listing a single
license when multiple are involved), so I typically check the source
files too.
For patch rebasing, sometimes I make the necessary adjustments manually
and use plain old "diff"; other times I'll create a git repository from
the vanilla Chromium source, apply patches, branch out and try to
cherry-pick the patches to the new version in order to benefit from
git's conflict markers.
I also keep an eye on the Arch and Gentoo Chromium packages for
"inspiration" (that's how I found the recent Opus patch).
Hope this helps, and thanks for the interest in helping out with
maintaining this package. :-)
signature.asc
Description: PGP signature