From e4514334bb72b7300eec9ec55a2140162a5cf2b6 Mon Sep 17 00:00:00 2001
From: networkException <git@nwex.de>
Date: Sun, 17 Sep 2023 13:05:16 +0200
Subject: [PATCH 1/4] chromium: 116.0.5845.187 -> 117.0.5938.88

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_15.html

This update includes 11 security fixes.

CVEs:
CVE-2023-4863 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903
CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908
CVE-2023-4909
---
 .../networking/browsers/chromium/upstream-info.nix   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index 4df0ee1915178..a4bf215d66568 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -35,15 +35,15 @@
     };
     deps = {
       gn = {
-        rev = "4bd1a77e67958fb7f6739bd4542641646f264e5d";
-        sha256 = "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw";
+        rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
+        sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
         url = "https://gn.googlesource.com/gn";
-        version = "2023-06-09";
+        version = "2023-08-01";
       };
     };
-    sha256 = "152lyrw8k36gbmf4fmfny4ajqh0523y5d48yrshbgwn5klmbhaji";
-    sha256bin64 = "118sk39939d52srws2vgs1mfizpikswxh5ihd9x053vzn0aj8cfa";
-    version = "116.0.5845.187";
+    sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6";
+    sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi";
+    version = "117.0.5938.88";
   };
   ungoogled-chromium = {
     deps = {

From b677e255d9934a9ec9d4056d2f20543e9757daba Mon Sep 17 00:00:00 2001
From: networkException <git@nwex.de>
Date: Sun, 17 Sep 2023 13:16:55 +0200
Subject: [PATCH 2/4] ungoogled-chromium: 116.0.5845.187 -> 117.0.5938.88

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_15.html

This update includes 11 security fixes.

CVEs:
CVE-2023-4863 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903
CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908
CVE-2023-4909
---
 .../browsers/chromium/ungoogled-flags.toml       |  1 -
 .../browsers/chromium/upstream-info.nix          | 16 ++++++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/ungoogled-flags.toml b/pkgs/applications/networking/browsers/chromium/ungoogled-flags.toml
index 8578089ae41a3..76a992fef3d02 100644
--- a/pkgs/applications/networking/browsers/chromium/ungoogled-flags.toml
+++ b/pkgs/applications/networking/browsers/chromium/ungoogled-flags.toml
@@ -4,7 +4,6 @@ clang_use_chrome_plugins=false
 disable_fieldtrial_testing_config=true
 enable_hangout_services_extension=false
 enable_mdns=false
-enable_mse_mpeg2ts_stream_parser=true
 enable_nacl=false
 enable_reading_list=false
 enable_remoting=false
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index a4bf215d66568..d836ceca8d57b 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -48,18 +48,18 @@
   ungoogled-chromium = {
     deps = {
       gn = {
-        rev = "4bd1a77e67958fb7f6739bd4542641646f264e5d";
-        sha256 = "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw";
+        rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
+        sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
         url = "https://gn.googlesource.com/gn";
-        version = "2023-06-09";
+        version = "2023-08-01";
       };
       ungoogled-patches = {
-        rev = "116.0.5845.187-1";
-        sha256 = "0br5lms6mxg2mg8ix5mkb79bg6wk5f2hn0xy1xc7gk9h3rl58is1";
+        rev = "117.0.5938.88-1";
+        sha256 = "1wz15ib56j8c84bgrbf0djk5wli49b1lvaqbg18pdclkp1mqy5w9";
       };
     };
-    sha256 = "152lyrw8k36gbmf4fmfny4ajqh0523y5d48yrshbgwn5klmbhaji";
-    sha256bin64 = "118sk39939d52srws2vgs1mfizpikswxh5ihd9x053vzn0aj8cfa";
-    version = "116.0.5845.187";
+    sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6";
+    sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi";
+    version = "117.0.5938.88";
   };
 }

From c62013004e42033c5f11cfff99d3ce5d0d1f09be Mon Sep 17 00:00:00 2001
From: networkException <git@nwex.de>
Date: Sun, 17 Sep 2023 13:12:31 +0200
Subject: [PATCH 3/4] chromedriver: 116.0.5845.96 -> 117.0.5938.88

---
 .../networking/browsers/chromium/upstream-info.nix        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index d836ceca8d57b..e67e3c1144681 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -27,11 +27,11 @@
   };
   stable = {
     chromedriver = {
-      sha256_darwin = "0gzx3zka8i2ngsdiqp8sr0v6ir978vywa1pj7j08vsf8kmb93iiy";
+      sha256_darwin = "0phhcqid7wjw923qdi65zql3fid25swwszksgnw3b8fgz67jn955";
       sha256_darwin_aarch64 =
-        "18iyapwjg0yha8qgbw7f605n0j54nd36shv3497bd84lc9k74b14";
-      sha256_linux = "0d8mqzjc11g1bvxvffk0xyhxfls2ycl7ym4ssyjq752g2apjblhp";
-      version = "116.0.5845.96";
+        "00fwq8slvjm6c7krgwjd4mxhkkrp23n4icb63qlvi2hy06gfj4l6";
+      sha256_linux = "0ws8ch1j2hzp483vr0acvam1zxmzg9d37x6gqdwiqwgrk6x5pvkh";
+      version = "117.0.5938.88";
     };
     deps = {
       gn = {

From df39696f6b35b4e21cf15bb65518ee1b5f67ee3d Mon Sep 17 00:00:00 2001
From: emilylange <git@emilylange.de>
Date: Sun, 17 Sep 2023 14:08:00 +0200
Subject: [PATCH 4/4] chromium: temporarily work around stdenv/patchShebangs.sh
 bug

---
 pkgs/applications/networking/browsers/chromium/common.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index 6d24f18ec94c8..3825849aac3ae 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -294,6 +294,12 @@ let
       # We need the fix for https://bugs.chromium.org/p/chromium/issues/detail?id=1254408:
       base64 --decode ${clangFormatPython3} > buildtools/linux64/clang-format
 
+      # Add final newlines to scripts that do not end with one.
+      # This is a temporary workaround until https://github.com/NixOS/nixpkgs/pull/255463 (or similar) has been merged,
+      # as patchShebangs hard-crashes when it encounters files that contain only a shebang and do not end with a final
+      # newline.
+      find . -type f -perm -0100 -exec sed -i -e '$a\' {} +
+
       patchShebangs .
       # Link to our own Node.js and Java (required during the build):
       mkdir -p third_party/node/linux/node-linux-x64/bin