chromium: 83.0.4103.116 -> 84.0.4147.89

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

This update includes 38 security fixes.

CVEs:
CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514
CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519
CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529
CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535
CVE-2020-6536

pkgs/applications/networking/browsers/chromium/common.nix

@@ -81,7 +81,7 @@ let
     # "ffmpeg" # https://crbug.com/731766
     # "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together
                     # so we can't build with one from system and other from source
-  ] ++ optional (versionRange "0" "84") "yasm";
+  ];
 
   opusWithCustomModes = libopus.override {
     withCustomModes = true;
@@ -94,9 +94,10 @@ let
     xdg_utils minizip libwebp
     libusb1 re2 zlib
     ffmpeg_3 libxslt libxml2
+    nasm
     # harfbuzz # in versions over 63 harfbuzz and freetype are being built together
                # so we can't build with one from system and other from source
-  ] ++ (if (versionRange "0" "84") then [ yasm ] else [ nasm ]);
+  ];
 
   # build paths and release info
   packageName = extraAttrs.packageName or extraAttrs.name;
@@ -123,9 +124,9 @@ let
     nativeBuildInputs = [
       ninja which python2Packages.python perl pkgconfig
       python2Packages.ply python2Packages.jinja2 nodejs
-      gnutar
+      gnutar python2Packages.setuptools
-    ] ++ optional (versionAtLeast version "83") python2Packages.setuptools
+      (xorg.xcbproto.override { python = python2Packages.python; })
-      ++ optional (versionAtLeast version "84") (xorg.xcbproto.override { python = python2Packages.python; });
+    ];
 
     buildInputs = defaultDependencies ++ [
       nspr nss systemd
@@ -181,6 +182,11 @@ let
           '/usr/share/locale/' \
           '${glibc}/share/locale/'
 
+      substituteInPlace ui/gfx/x/BUILD.gn \
+        --replace \
+          '/usr/share/xcb' \
+          '${xorg.xcbproto}/share/xcb/'
+
       sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
         chrome/browser/shell_integration_linux.cc
 
@@ -226,16 +232,9 @@ let
       ln -s ${stdenv.cc}/bin/clang              third_party/llvm-build/Release+Asserts/bin/clang
       ln -s ${stdenv.cc}/bin/clang++            third_party/llvm-build/Release+Asserts/bin/clang++
       ln -s ${llvmPackages.llvm}/bin/llvm-ar    third_party/llvm-build/Release+Asserts/bin/llvm-ar
-    '' + optionalString (versionAtLeast version "84") ''
-      substituteInPlace ui/gfx/x/BUILD.gn \
-        --replace \
-          '/usr/share/xcb' \
-          '${xorg.xcbproto}/share/xcb/'
     '';
 
-    gnFlags = mkGnFlags (optionalAttrs (versionRange "0" "84") {
+    gnFlags = mkGnFlags ({
-      linux_use_bundled_binutils = false;
-    } // {
       use_lld = false;
       use_gold = true;
       gold_path = "${stdenv.cc}/bin";

pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch

@@ -31,15 +31,6 @@
    // TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
    // |output_mode_| as well.
    if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
-@@ -1105,7 +1113,7 @@ VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
-   // depends on the bitstream and sometimes it's not enough to cover the amount
-   // of frames needed by the client pipeline (see b/133733739).
-   // TODO(crbug.com/911754): Enable for VP9 Profile 2.
--  if (IsGeminiLakeOrLater() &&
-+  if (false && IsGeminiLakeOrLater() &&
-       (profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) {
-     // Add one to the reference frames for the one being currently egressed, and
-     // an extra allocation for both |client_| and |decoder_|, see
 --- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
 +++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
 @@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator

pkgs/applications/networking/browsers/chromium/upstream-info.nix

@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   beta = {
-    sha256 = "1s49qxg0gfmhm1lf5big6hprral21dbzjx0f1cp3xfvag9y61i7h";
+    sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
-    sha256bin64 = "1sjvi3qmpwpr51442324a853k6s0k59k4809k8j5sjv7h6arw0sm";
+    sha256bin64 = "017ix9a74f2gzlg6in0x6fqgiw8bpk0rypr6wsqqkslywprypjd0";
-    version = "84.0.4147.56";
+    version = "84.0.4147.89";
   };
   dev = {
-    sha256 = "1gxa0jg7xff87z7wvllp84a3ii1ypgy4vfzgxs4k7kzg5x0412vi";
+    sha256 = "1dbbr7s8vbhxd0sk4k2yqp630zp1r4gzkkd2a86pzlzq2mjhsk8a";
-    sha256bin64 = "0swmn37rmvjvvdcrd002qg1wcvna06y14s3kx34bfr4zxhqk3lby";
+    sha256bin64 = "0bphfwi6nkj9nzrjjaffiv27xfblgdikyifsbjl6vv2pawkh335q";
-    version = "85.0.4173.0";
+    version = "85.0.4183.15";
   };
   stable = {
-    sha256 = "1hravbi1lazmab2mih465alfzji1kzy38zya1visbwz9zs6pw35v";
+    sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
-    sha256bin64 = "1ggyv2b50sclnqph0r40lb8p9h3pq9aq4fj1wdszhwc4rb0cj746";
+    sha256bin64 = "1hzhgvs2ykqsncpnbnhzh09sw1vlsdfjhs06z5gc80l47brdi3wz";
-    version = "83.0.4103.116";
+    version = "84.0.4147.89";
   };
 }