From 0bfafd5e11feed0120e8438f7cba18e3e5c6a577 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Thu, 11 Sep 2025 15:24:26 -0300
Subject: [PATCH] gnu: ungoogled-chromium: Update to 140.0.7339.127.

Fixes CVEs 2025-9864, 2025-9865, 2025-9866, 2025-9867, 2025-10200 and
2025-10201.  See:
<https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html>
and
<https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html>

* gnu/packages/chromium.scm (%preserved-third-party-files): Remove
'third_party/wasm_tts_engine' which does not exist anymore.
(%chromium-version): Update to 140.0.7339.127.
(%ungoogled-origin, %debian-origin): Update hashes.
(%debian-patches): Add 'trixie/rust-no-alloc-shim.patch'.
(%guix-patches): Remove 'ungoogled-chromium-nullptr_t.patch' which
was merged upstream;  Add 'ungoogled-chromium-unbundle-icu-target.patch'.
(ungoogled-chromium) [arguments] <#:configure-flags>:  Add 'use_system_icu'
and set it true.
* gnu/packages/patches/ungoogled-chromium-nullptr_t.patch: Remove it.
* gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch: Add it.
* gnu/local.mk (dist_patch_DATA): Register and unregister the above.

Change-Id: I315dfa7e20ad48e03d8abb764ac726a999d6fbf7
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
---
 gnu/local.mk                                  |  2 +-
 gnu/packages/chromium.scm                     | 17 ++++---
 .../ungoogled-chromium-nullptr_t.patch        | 44 -------------------
 ...googled-chromium-unbundle-icu-target.patch | 21 +++++++++
 4 files changed, 32 insertions(+), 52 deletions(-)
 delete mode 100644 gnu/packages/patches/ungoogled-chromium-nullptr_t.patch
 create mode 100644 gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 13aaa806ce5..c5767dcb9e5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2386,9 +2386,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/uftrace-fix-tests.patch			\
   %D%/packages/patches/ultrastar-deluxe-no-freesans.patch		\
   %D%/packages/patches/ungoogled-chromium-extension-search-path.patch	\
-  %D%/packages/patches/ungoogled-chromium-nullptr_t.patch       \
   %D%/packages/patches/ungoogled-chromium-RUNPATH.patch		\
   %D%/packages/patches/ungoogled-chromium-system-nspr.patch	\
+  %D%/packages/patches/ungoogled-chromium-unbundle-icu-target.patch     \
   %D%/packages/patches/unknown-horizons-python-3.8-distro.patch	\
   %D%/packages/patches/unknown-horizons-python-3.9.patch	\
   %D%/packages/patches/unknown-horizons-python-3.10.patch	\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index b964468a059..27e30e97600 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -322,7 +322,6 @@
     "third_party/vulkan-tools" ;ASL2.0
     "third_party/vulkan-validation-layers" ;ASL2.0
     "third_party/vulkan-utility-libraries" ;ASL2.0
-    "third_party/wasm_tts_engine" ; ASL2.0, Non-copyleft
     "third_party/wayland" ;BSD-3, Expat
     "third_party/wayland-protocols" ;Expat
     "third_party/webdriver" ;ASL2.0
@@ -367,7 +366,7 @@
   ;; run the Blink performance tests, just remove everything to save ~70MiB.
   '("third_party/blink/perf_tests"))
 
-(define %chromium-version "139.0.7258.154")
+(define %chromium-version "140.0.7339.127")
 (define %ungoogled-revision (string-append %chromium-version "-1"))
 (define %debian-revision (string-append "debian/" %ungoogled-revision))
 
@@ -379,7 +378,7 @@
     (file-name (git-file-name "ungoogled-chromium" %ungoogled-revision))
     (sha256
      (base32
-      "12z1qqwqkxd34xwkfc6hc873rsj545zg4rkdsvr4nk4w9898fsqq"))))
+      "1dvwa4gln3yg35bawapjmkmmgvwxnzgln0k1fb6amnal29vjw4ws"))))
 
 (define %debian-origin
   (origin
@@ -392,7 +391,7 @@
                                 ((_ version) version))))
     (sha256
      (base32
-      "0zs7z0kk5ni01qgc85lwr045pmgn5sghp15scp7x79i8i8a5rfcq"))))
+      "0nb844l24a9mpjzb2x6hna09yi0fhyzn3m8khj94fv6jv9js796a"))))
 
 (define (origin-file origin file)
   (computed-file
@@ -412,7 +411,10 @@
 	 "system/openjpeg.patch"
 	 ;; adler2 is not part of our rust toolchain, check on next version.
 	 "trixie/adler1.patch"
-	 "trixie/libxml-parseerr.patch")))
+         "trixie/libxml-parseerr.patch"
+         ;; Remove after rust is past
+         ;; <https://github.com/rust-lang/rust/pull/141061>.
+         "trixie/rust-no-alloc-shim.patch")))
 
 (define %guix-patches
   (list (local-file
@@ -422,7 +424,7 @@
 	(local-file
 	 (assume-valid-file-name
           (search-patch
-	   "ungoogled-chromium-nullptr_t.patch")))
+	   "ungoogled-chromium-unbundle-icu-target.patch")))
         (local-file
 	 (assume-valid-file-name
           (search-patch
@@ -524,7 +526,7 @@
                                   %chromium-version "-lite.tar.xz"))
               (sha256
                (base32
-                "0bgnay6g2qbl6jxzr7kzl4nf0k2a27k0h7nhcj1if9plm611jzn9"))
+                "0z6siz1k0z1ns0iy1rwclx4mmjgi1ch5gd0vp3jq1dqvh5zx3802"))
               (modules '((guix build utils)))
               (snippet (force ungoogled-chromium-snippet))))
     (build-system gnu-build-system)
@@ -623,6 +625,7 @@
               ;; Prefer system libraries.
               "use_system_freetype=true"
               "use_system_harfbuzz=true"
+              "use_system_icu=true"
               "use_system_lcms2=true"
               "use_system_libffi=true"
               "use_system_libjpeg=true"
diff --git a/gnu/packages/patches/ungoogled-chromium-nullptr_t.patch b/gnu/packages/patches/ungoogled-chromium-nullptr_t.patch
deleted file mode 100644
index c2c981c6965..00000000000
--- a/gnu/packages/patches/ungoogled-chromium-nullptr_t.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Maybe not needed with libc++.  With libstdc++ we get these errors:
-
-../../third_party/perfetto/src/trace_processor/dataframe/impl/types.h:142:36: error: unknown type name 'nullptr_t'; did you mean 'std::nullptr_t'?
-  142 |   using DataPointer = std::variant<nullptr_t,
-      |                                    ^~~~~~~~~
-      |                                    std::nullptr_t
-/gnu/store/jb4szkjkmlqdc92nnhxvm9ypq6hvk9vw-gcc-14.3.0/include/c++/x86_64-unknown-linux-gnu/bits/c++config.h:314:29: note: 'std::nullptr_t' declared here
-  314 |   typedef decltype(nullptr)     nullptr_t;
-      |                                 ^
-In file included from ../../third_party/perfetto/src/trace_processor/trace_processor_storage.cc:20:
-In file included from ../../third_party/perfetto/src/trace_processor/trace_processor_storage_impl.h:23:
-In file included from ../../third_party/perfetto/src/trace_processor/importers/common/trace_file_tracker.h:23:
-In file included from ../../third_party/perfetto/src/trace_processor/storage/trace_storage.h:46:
-In file included from gen/third_party/perfetto/src/trace_processor/tables/android_tables_py.h:25:
-../../third_party/perfetto/src/trace_processor/dataframe/typed_cursor.h:50:64: error: unknown type name 'nullptr_t'; did you mean 'std::nullptr_t'?
-   50 |     static const Type kNull = base::variant_index<FilterValue, nullptr_t>();
-      |                                                                ^~~~~~~~~
-      |                                                                std::nullptr_t
-/gnu/store/jb4szkjkmlqdc92nnhxvm9ypq6hvk9vw-gcc-14.3.0/include/c++/x86_64-unknown-linux-gnu/bits/c++config.h:314:29: note: 'std::nullptr_t' declared here
-  314 |   typedef decltype(nullptr)     nullptr_t;
-      |                                 ^
-
---- a/third_party/perfetto/src/trace_processor/dataframe/impl/types.h
-+++ b/third_party/perfetto/src/trace_processor/dataframe/impl/types.h
-@@ -139,7 +139,7 @@
-   using Double = FlexVector<double>;
-   using String = FlexVector<StringPool::Id>;
- 
--  using DataPointer = std::variant<nullptr_t,
-+  using DataPointer = std::variant<std::nullptr_t,
-                                    const uint32_t*,
-                                    const int32_t*,
-                                    const int64_t*,
---- a/third_party/perfetto/src/trace_processor/dataframe/typed_cursor.h
-+++ b/third_party/perfetto/src/trace_processor/dataframe/typed_cursor.h
-@@ -47,7 +47,7 @@
-     static const Type kInt64 = base::variant_index<FilterValue, int64_t>();
-     static const Type kDouble = base::variant_index<FilterValue, double>();
-     static const Type kString = base::variant_index<FilterValue, const char*>();
--    static const Type kNull = base::variant_index<FilterValue, nullptr_t>();
-+    static const Type kNull = base::variant_index<FilterValue, std::nullptr_t>();
-     int64_t GetInt64Value(uint32_t col) const {
-       return base::unchecked_get<int64_t>(filter_values_[col]);
-     }
diff --git a/gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch b/gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch
new file mode 100644
index 00000000000..618750f13f1
--- /dev/null
+++ b/gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch
@@ -0,0 +1,21 @@
+From a665875b4013eed997bd042326a038e24f3296e7 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Thu, 10 Oct 2024 14:36:51 +1000
+Subject: [PATCH] unbundle: add missing icu target
+
+--- a/build/linux/unbundle/icu.gn
++++ b/build/linux/unbundle/icu.gn
+@@ -65,6 +65,10 @@ group("icuuc_public") {
+   public_deps = [ ":icuuc" ]
+ }
+ 
++group("icui18n_hidden_visibility") {
++  public_deps = [ ":icuuc" ]
++}
++
+ shim_headers("icui18n_shim") {
+   root_path = "source/i18n"
+   headers = [
+-- 
+2.46.2
+