server.py tries to launch a matrix_sso_helper binary when connecting to
a homeserver that uses some SSO mechanism instead of plain login and
password, but doesn't have $out/bin in $PATH.
Using substituteInPlace to patch server.py so that the helper process is
started by using its actual filesystem location instead of relying on
$PATH.
Fixes: https://github.com/NixOS/nixpkgs/issues/124186
(cherry picked from commit f7ccc5f35d0e1fe11a7e01e3dddd1ff28566ba1d)
This executable is required to fix a startup error:
[990:990:0609/092114.482805:FATAL:double_fork_and_exec.cc(131)] execv /nix/store/k02xhxzn6sn2cihaal68wwsyk8cg9pkg-chromium-unwrapped-93.0.4535.3/libexec/chromium/crashpad_handler: No such file or directory (2)
Unfortunately Chromium M93 still segfaults in the VM test:
machine # [0610/100626.225850:ERROR:process_memory_range.cc(75)] read out of range
machine # [0610/100626.227312:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
machine # [0610/100626.240410:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
machine # [ 19.810981] systemd-coredump[1015]: Process 987 (chromium) of user 1000 dumped core.
(cherry picked from commit 1d6a0d3cf24f2edcf6755fd4db1901f9e1db1ac6)
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
This update includes 14 security fixes. Google is aware that an exploit
for CVE-2021-30551 exists in the wild.
CVEs:
CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547
CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551
CVE-2021-30552 CVE-2021-30553
(cherry picked from commit 053f1dc49028f8f438506b187739d80d83984c16)
The build was failing with:
clang++: error: unknown argument: '-fsanitize-ignorelist=../../tools/cfi/ignores.txt'
(cherry picked from commit 950b321244d541e3c4d05bb163912d53c6c063df)
Quickfix to allow firefox to recognize certificates as trusted by
Mozilla.
Related: #126065
(cherry picked from commit 42e25d855fa959b7832fbdbc0a384294460d9258)
Fixes https://nvd.nist.gov/vuln/detail/CVE-2021-33896.
The current 9acb54df9254609f2fe4de83c9047d408412de28 patch landed in
dino as 4592b72dfa324d8a4b9f8c25b359110889b2206c. Removing it from the
patch list.
(cherry picked from commit 70173c1519118a5ec79b8e7969b2f91c78e8c297)
In order to make the man pages accessible, the previous code used
nix-support/propagated-user-env-packages. However this file is also used to set
the PATH when the application is executed with `nix run`, thus including the
wrapped and the wrappee in the environment.
Having the wrappee enumerated first in the environment caused `firefox` to
default to the wrappee, and as such not being able to find a proper GTK. This
was a source of failures while opening a file-picker.
This change removes the code to propagate the wrappe in the environment, as the
man pages are already linked in the wrapper output.
(cherry picked from commit efef092ba59259fb2654038bbd952baca5c8bab7)
