3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

98 commits

Author SHA1 Message Date
Herwig Hochleitner 0d20bf0287 chromium: 64.0.3282.140 -> 64.0.3282.167
[806388] High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
2018-02-15 01:22:46 +01:00
Herwig Hochleitner 8c8e8823bb chromium: 64.0.3282.119 -> 64.0.3282.140
[security] https://crbug.com/808163
2018-02-04 17:47:51 +01:00
Herwig Hochleitner 7a2662569d chromium: 63.0.3239.132 -> 64.0.3282.119
CVE-2018-6031
CVE-2018-6032
CVE-2018-6033
CVE-2018-6034
CVE-2018-6035
CVE-2018-6036
CVE-2018-6037
CVE-2018-6038
CVE-2018-6039
CVE-2018-6040
CVE-2018-6041
CVE-2018-6042
CVE-2018-6043
CVE-2018-6045
CVE-2018-6046
CVE-2018-6047
CVE-2018-6048
CVE-2017-15420
CVE-2018-6049
CVE-2018-6050
CVE-2018-6051
CVE-2018-6052
CVE-2018-6053
CVE-2018-6054
2018-01-25 20:34:04 +01:00
Herwig Hochleitner dbb774c5e1 chromium: update 63.0.3239.108 -> 63.0.3239.132
this introduces a standard approach to playing with patches from the
gentoo repository.

the patches for 64 are a first guess during a build in progress

cc @YorikSar @aszlig
2018-01-09 02:20:07 +01:00
Yuriy Taraday 2733530a66 chromium: 63.0.3239.84 -> 63.0.3239.108
New stable release with 2 security fixes [0].

Version 64 has been promoted to Beta, build still doesn't work.

[0] https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
2017-12-15 22:22:55 +04:00
Yuriy Taraday 994a614ca3 chromium: 62.0.3202.94 -> 63.0.3239.84
New stable release with bunch of security fixes and other changes [0]

Also:
* remove patch for dev already landed upstream
* remove patches specific to version 62
* dev is broken again, need to investigate failures

[0] https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
2017-12-09 01:12:32 +01:00
Yuriy Taraday a472c57ffc chromium: 62.0.3202.89 -> 62.0.3202.94
Also bump beta version.
2017-11-15 01:18:01 +01:00
Yuriy Taraday 7105bb68cc chromium: 62.0.3202.75 -> 62.0.3202.89
Includes security fixes for CVE-2017-15398 and CVE-2017-15399.

Also fixes builds for beta and dev branches:
- backport https://webrtc-review.googlesource.com/9384 to fix build for
  new webrtc revision
- for dev branch fix gn bootstrap, see
  https://chromium-review.googlesource.com/758584
- for 63+ manpage now is not generated during ninja build, it is
  processed with sed using packagers tools included in sources
2017-11-10 01:19:23 +01:00
Yuriy Taraday da3c404e58 chromium: 62.0.3202.62 -> 62.0.3202.75
also fix beta/dev build - use harfbuzz from sources

Unfortunatelly after [0] chromium doesn't support using harfbuzz provided by
system while using vendored version of freetype.
Disabling usage of separate harfbuzz for now.

[0] https://chromium-review.googlesource.com/c/chromium/src/+/696241
2017-10-28 11:45:31 +02:00
Yuriy Taraday f0a0f02b22 chromium: 61.0.3163.100 -> 62.0.3202.62
Also updated most of patches according to their state in Gentoo
repository, deleted ones that are not applicable anymore.
2017-10-21 15:55:42 +02:00
Herwig Hochleitner e78bf2d1e9 chromium: 61.0.3163.79 -> 61.0.3163.100 2017-09-28 19:53:20 +02:00
Herwig Hochleitner 2773508b5d chromium: 60.0.3112.113 -> 61.0.3163.79
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
2017-09-14 20:15:57 +02:00
Kirill Boltaev 73af0b1696 chromium: 60.0.3112.90 -> 60.0.3112.113 2017-09-14 00:40:57 +02:00
Herwig Hochleitner e8f1ddcbd1 chromium: 60.0.3112.78 -> 60.0.3112.90 2017-08-11 11:17:14 +02:00
Herwig Hochleitner 8dc869e340 chromium: 59.0.3071.115 -> 60.0.3112.78
get rid of outdated version branches and patches
take a patch from gentoo, to fix gn bootstrapping
2017-08-11 11:17:14 +02:00
Herwig Hochleitner cc583b75fb chromium: 59.0.3071.109 -> 59.0.3071.115
use several system libraries instead of bundled

see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html
2017-07-15 13:14:37 +02:00
Nicolas Truessel 813feae594 chromium: 59.0.3071.86 -> 59.0.3071.109 2017-06-26 09:24:56 +02:00
Nicolas Truessel 74fd4de956 chromium: 58.0.3029.110 -> 59.0.3071.86 2017-06-11 13:26:03 +02:00
Herwig Hochleitner 232507a73c chromium: 58.0.3029.96 -> 58.0.3029.110 2017-05-20 16:02:58 +02:00
Herwig Hochleitner ab65bf9dbd chromium: 57.0.2987.133 -> 58.0.3029.96 2017-05-20 16:02:54 +02:00
Joachim Fasting c1aa7b2051
Revert "google-chrome: 57.0.2987.133 -> 58.0.3029.96"
This reverts commit 4a593e4285.

Fails to build on hydra, despite building for the submitter ...
2017-05-07 11:42:06 +02:00
Benjamin Staffin 4a593e4285
google-chrome: 57.0.2987.133 -> 58.0.3029.96
stable: 57.0.2987.133 -> 58.0.3029.96
beta: 58.0.3029.68 -> 59.0.3071.36
dev: 59.0.3067.0 -> 60.0.3088.3
2017-05-04 16:31:38 -04:00
Benjamin Staffin 552efadbef
chromium: 57.0.2987.110 -> 57.0.2987.133 [security]
CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
CVE-2017-5056: Use after free in Blink. Credit to anonymous
CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
2017-04-13 18:59:33 -04:00
Herwig Hochleitner 92985364e1 chromium: 57.0.2987.98 -> 57.0.2987.110 2017-03-22 01:17:17 +01:00
Herwig Hochleitner 49207a62f3 chromium: 56.0.2924.87 -> 57.0.2987.98 [Security] 2017-03-11 02:01:16 +01:00
Nikolay Amiantov 748e7b287b chromium: update dev and beta
chromiumBeta: 56.0.2924.76 -> 57.0.2987.21
chromiumDev: 57.0.2987.19 -> 58.0.3000.4
2017-02-08 22:52:40 +03:00
Herwig Hochleitner 4a9efe9acf chromium: 56.0.2924.76 -> 56.0.2924.87 2017-02-06 04:36:11 +01:00
Matthew Maurer b3e6bdbae5 chromium: 55.0.2883.87 -> 56.0.2924.76 2017-02-02 11:26:25 +01:00
Herwig Hochleitner 08121638f8 chromium: 55.0.2883.75 -> 55.0.2883.87 2017-01-02 14:00:10 +01:00
Graham Christensen d71dbd733c
chromium: 54.0.2840.100 -> 55.0.2883.75 2016-12-07 20:26:47 -05:00
Herwig Hochleitner 663007d607 chromium: 54.0.2840.90 -> 54.0.2840.100
fixes CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202
2016-11-10 23:45:29 +01:00
aszlig 66ce15a3b1
chromium: Update all channels to latest versions
Overview of updated versions:

stable: 54.0.2840.71 -> 54.0.2840.90
beta:   55.0.2883.21 -> 55.0.2883.35
dev:    56.0.2897.0  -> 56.0.2906.0

This is to get our Chromium versions in par with the latest upstream
ones before merging in the GN migration changes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:24 +01:00
Herwig Hochleitner 872b4782e9
chromium: 53 -> 54 2016-11-08 20:11:59 +01:00
aszlig bc6caeabcc
chromium: Fix wrong hash for beta channel
It seems that upstream has re-uploaded the tarball again (see
0c2683cc11).

I've verified the new hash from two different hosts.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-10-09 13:43:04 +02:00
Graham Christensen 66d622fbd0
chromium: 53.0.2785.116 -> 53.0.2785.143 for CVEs
https://lwn.net/Alerts/702456/
2016-10-05 21:11:59 -04:00
aszlig 0c2683cc11
chromium: Fix wrong/missing hash for beta channel
The hash provided in commit 072917ea5d is
faulty, either because the upstream tarball has changed or because it
was wrong in the first place, no matter what happened we can't really
verify if we don't have the tarball with the old hash.

To double-check I've verified the hash against the one from Gentoo[1],
which has the following SHA256:

b46c26a9e773b2c620acd2f96d69408f14a279aefaedfefed002ecf898a1ecf2

After being converted into base 32 the hash does match with ours.

Note that I haven't tested building all Chromium channels (yet), but we
can fix upcoming issues later because right now it doesn't build anyway
because of the failing hash check.

[1]: https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/Manifest?id=2de0f5e4ffeb46a478c589b21d5bbcfd5736e57b

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-25 20:58:03 +02:00
Franz Pletz 072917ea5d
chromium: update to latest channel releases (security)
Fixes at least:

  - CVE-2016-1667
  - CVE-2016-1668
  - CVE-2016-1669
  - CVE-2016-1670
  - CVE-2016-5170
  - CVE-2016-5171
  - CVE-2016-5172
  - CVE-2016-5173
  - CVE-2016-5174
  - CVE-2016-5175
  - CVE-2016-7395

cc #18856
2016-09-24 21:55:24 +02:00
Franz Pletz 7949e69382
chromium: update to latest channel releases (security)
Fixes the following security problems:

- CVE-2016-5147: Universal XSS in Blink
- CVE-2016-5148: Universal XSS in Blink
- CVE-2016-5149: Script injection in extensions
- CVE-2016-5150: Use after free in Blink
- CVE-2016-5151: Use after free in PDFium
- CVE-2016-5152: Heap overflow in PDFium
- CVE-2016-5153: Use after destruction in Blink
- CVE-2016-5154: Heap overflow in PDFium
- CVE-2016-5155: Address bar spoofing
- CVE-2016-5156: Use after free in event bindings
- CVE-2016-5157: Heap overflow in PDFium
- CVE-2016-5158: Heap overflow in PDFium
- CVE-2016-5159: Heap overflow in PDFium
- CVE-2016-5160: Extensions web accessible resources bypass
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass
- CVE-2016-5163: Address bar spoofing
- CVE-2016-5164: Universal XSS using DevTools
- CVE-2016-5165: Script injection in DevTools
- CVE-2016-5166: SMB Relay Attack via Save Page As
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives
2016-09-07 04:49:56 +02:00
Benjamin Staffin 78e5e61bbe Update google-chrome versions
The previous download links were all broken.

Stable: 51.0.2704.103 -> 52.0.2743.116
Beta:   52.0.2743.41  -> 53.0.2785.34
Dev:    53.0.2767.4   -> 54.0.2816.0
2016-08-04 00:22:58 -04:00
Scott R. Parish 1f1f0f049b chromium: Update to latest stable, beta, and dev channels
stable 51.0.2704.63 => 51.0.2704.103
beta   51.0.2704.63 => 52.0.2743.41
dev    52.0.2743.10 => 53.0.2767.4

This addresses 15 security fixes, including:

 * High   CVE-2015-1696: Cross-origin bypass in Extension bindings. Credit to
                         anonymous.
 * High   CVE-2015-1697: Cross-origin bypass in Blink. Credit to Mariusz
                         Mlynski.
 * Medium CVE-2016-1698: Information leak in Extension bindings. Credit to
                         Rob Wu.
 * Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit
                         to Gregory Panakkal.
 * Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
 * Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
 * Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.

See: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
2016-06-19 19:50:45 -07:00
aszlig 79d18eb604
chromium: Update dev channel to v52.0.2743.10
With this update we need to rebase the nix_plugin_paths patch, which was
done by @srp and I took it from his comment at:

https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677

Other than that, using libjpeg from nixpkgs fails to link:

https://headcounter.org/hydra/build/1114273

Rather than just using versionAtLeast to check for >= version 52, we're
matching on the explicit version number. That way we can make sure that
we (try to) build with system libjpeg again so we can keep it out of the
overall Chromium build time.

Built and tested using the VM tests on my Hydra at:

https://headcounter.org/hydra/eval/322006

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 19:15:39 +02:00
aszlig 0f4095ec50
chromium: Fix hash for beta Debian package
I'm not sure how the wrong hash ended up being there, but I've checked
the hash from three different machines (and networks) just to be sure I
didn't make a mistake.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 18:57:15 +02:00
Scott R. Parish e2d067d760
chromium: Update to latest stable and beta channel
Overview of updated versions:

stable: 50.0.2661.102 -> 51.0.2704.63
beta: 51.0.2704.47 -> 51.0.2704.63

I tried to update dev, but couldn't get it to compile, it was failing
with a "'isnan' was not declared in this scope.

As far as I can tell, at the moment the beta and stable channels are
on the same version.

The stable update addresses the following security issues:

  * High   CVE-2016-1672: Cross-origin bypass in extension bindings. Credit
                          to Mariusz Mlynski.
  * High   CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1676: Cross-origin bypass in extension bindings. Credit
                          to Rob Wu.
  * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of
                        Qihoo 360.
  * High   CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  * High   CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  * High   CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * High   CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic
                          of Cisco Talos.
  * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to
                          KingstonTime.
  * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte
                          Kettunen of OUSPG.
  * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  * Low    CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * Low    CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit
                          to Til Jasper Ullrich.
  * Low    CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to
                          Khalil Zhani.
  * Low    CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan
                          Lester and Bryant Zadegan.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
2016-05-28 18:12:39 +02:00
aszlig ad2c8d3510
chromium: Update to latest beta and dev channels
Overview of the updated versions:

beta: 50.0.2661.49 -> 51.0.2704.47
dev:  51.0.2693.2  -> 52.0.2729.3

It has been a while since we had a major Chromium update that compiled
and worked without troubles, but version 52 builds and the VM tests are
successful as well:

https://headcounter.org/hydra/eval/320335

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-15 05:17:51 +02:00
Scott R. Parish 5ebf20db0f
chromium: Update stable to 50.0.2661.102 for multiple security fixes
This addresses the following security fixes:

 * High   CVE-2016-1667: Same origin bypass in DOM. Credit to
                         Mariusz Mlynski.
 * High   CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit
                         to Mariusz Mlynski.
 * High   CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
 * Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
 * Medium CVE-2016-1671: Directory traversal using the file scheme on
                         Android. Credit to Jann Horn.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

Signed-off-by: Scott R. Parish <srparish@gmail.com>
Tested-by: aszlig <aszlig@redmoonstudios.org>
Closes: #15446
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-14 22:04:56 +02:00
aszlig ef753d210e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 49.0.2623.87 -> 49.0.2623.110
beta:   50.0.2661.26 -> 50.0.2661.49
dev:    50.0.2661.18 -> 51.0.2693.2

Most notably, this includes a series of urgent security fixes:

 * CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
                  Tencent KeenLab.
 * CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
 * CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
 * CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
                  working with HP's Zero Day Initiative / Pwn2Own.
 * CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction

The official release announcement with details about these fixes can be
found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.

As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:

 * libexif got removed, so let's do that on our end as well.
   See https://codereview.chromium.org/1803883002 for details.
 * Chromium doesn't seem to compile with our version of libpng, so let's
   resort to the bundled libpng for now.
 * site_engagement_ui.cc uses isnan outside of std namespace, so
   we're fixing that in postPatch using sed.

I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.

Test reports can be found at the following evaluation of my Hydra:

https://headcounter.org/hydra/eval/314584

Thanks to @grahamc for reporting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: #14299
2016-03-30 15:24:39 +02:00
aszlig 5ebd629c6f
chromium: Fix comment of upstream-info.nix
As of 6041cfe, the upstream-info.nix (back then it was called
sources.nix) is no longer in the source/ subdirectory, so we need to fix
that comment to say that the file is autogenerated from update.sh in the
*same* directory.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 23:10:13 +01:00
aszlig 2d9a604907
chromium: Rename sources.nix to upstream-info.nix
The "sources.nix" also contains information about where to get binary
packages, so calling it "upstream-info.nix" fits better in terms of
naming.

Also, we're moving it away from the sources dir, because the latter will
soon vanish.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:48:54 +01:00
Renamed from pkgs/applications/networking/browsers/chromium/source/sources.nix (Browse further)