3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

725 commits

Author SHA1 Message Date
Herwig Hochleitner c07c23b914 chromium: 66.0.3359.117 -> 66.0.3359.139 2018-05-02 02:44:15 +02:00
Léo Gaspard 905b03bce2 chromium: fix build on aarch64
chromium build on aarch64 failed with:
```
FAILED: obj/skia/skia/convolver_neon.o
g++ -MMD -MF obj/skia/skia/convolver_neon.o.d -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCXXABI_DISABLE_VISIBILITY_ANNOTATIONS -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_HAS_JPEG_LIBRARY -DSK_SUPPORT_GPU=1 -DSK_FREETYPE_MINIMUM_RUNTIME_VERSION=\(\(\(FREETYPE_MAJOR\)\ \*\ 0x01000000\)\ \|\ \(\(FREETYPE_MINOR\)\ \*\ 0x00010000\)\ \|\ \(\(FREETYPE_PATCH\)\ \*\ 0x00000100\)\) -DSK_GAMMA_EXPONENT=1.2 -DSK_GAMMA_CONTRAST=0.2 -DSK_DEFAULT_FONT_CACHE_LIMIT=20971520 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DFT_CONFIG_CONFIG_H=\"freetype-custom-config/ftconfig.h\" -DFT_CONFIG_MODULES_H=\"freetype-custom-config/ftmodule.h\" -DFT_CONFIG_OPTIONS_H=\"freetype-custom-config/ftoption.h\" -DPDFIUM_REQUIRED_MODULES -DCHROMIUM_RESTRICT_VISIBILITY -DUSE_LIBJPEG_TURBO=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -DUCHAR_TYPE=uint16_t -DUSE_SYSTEM_ZLIB=1 -I../.. -Igen -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/encode -I../../third_party/skia/include/gpu -I../../third_party/skia/include/images -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl -I../../third_party/skia/include/codec -I../../third_party/skia/include/private -I../../third_party/skia/include/client/android -I../../third_party/skia/src/codec -I../../third_party/skia/src/core -I../../third_party/skia/src/image -I../../third_party/skia/src/images -I../../third_party/skia/src/opts -I../../third_party/skia/src/pdf -I../../third_party/skia/src/ports -I../../third_party/skia/src/shaders -I../../third_party/skia/src/shaders/gradients -I../../third_party/skia/src/sfnt -I../../third_party/skia/src/utils -I../../third_party/skia/src/lazy -I../../third_party/skia/third_party/gif -I../../third_party/skia/src/effects/gradients -Igen/shim_headers/libpng_shim -Igen/shim_headers/zlib_shim -I../../third_party/freetype/include -I../../third_party/freetype/src/include -I../../third_party/harfbuzz-ng/src -I../../third_party/libjpeg_turbo -I../../third_party/fontconfig/src -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -I../../third_party/sfntly/src/cpp/src -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread -fno-omit-frame-pointer -g0 -fno-builtin-abs -fvisibility=hidden -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -fno-delete-null-pointer-checks -Wno-missing-field-initializers -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -isystem/nix/store/smmxgfkqaqqh43d5gmv5p3abcq19hkzy-glib-2.56.0-dev/include/glib-2.0 -isystem/nix/store/yn3bbw1sxg19h07wzn16k0ja58wr9yiz-glib-2.56.0/lib/glib-2.0/include -isystem/nix/store/f82jgynysk9mvhyfavfzims41zkskb3c-libpng-apng-1.6.34-dev/include/libpng16 -isystem/nix/store/56i89kfi2nmjrv8hifsz6zikr6pq1avw-zlib-1.2.11-dev/include -std=gnu++14 -fno-exceptions -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include -fvisibility-inlines-hidden -Wno-narrowing -c ../../skia/ext/convolver_neon.cc -o obj/skia/skia/convolver_neon.o
../../skia/ext/convolver_neon.cc: In function 'int32x4_t skia::AccumRemainder(const unsigned char*, const Fixed*, int)':
../../skia/ext/convolver_neon.cc:26:65: error: cannot convert '<brace-enclosed initializer list>' to 'int32x4_t {aka __vector(4) int}' in return
   return {remainder[0], remainder[1], remainder[2], remainder[3]};
                                                                 ^
```

The following patch appears to fix this build issue.

Source: b84682f31d%5E%21/#F0
Suggested-by: @dezgeg
2018-04-29 18:38:38 +03:00
Léo Gaspard a07881c8b8 chromium: skia patch appears to be still needed with 66 on aarch64
Cc @chaoflow @bendlas
Replaces 
2018-04-29 18:38:38 +03:00
Sarah Brofeldt 2248f98dea
Merge pull request from srhb/chromium-24h-timeout
chromium: See if Hydra obeys a 24h meta.timeout
2018-04-26 22:12:16 +02:00
Sarah Brofeldt 537d14f4e2 chromium: See if Hydra obeys a 24h meta.timeout 2018-04-26 21:59:33 +02:00
Herwig Hochleitner 2b29e40153 chromium: 65.0.3325.181 -> 66.0.3359.117
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
2018-04-21 14:57:45 +02:00
taku0 f92dc58c71 flashplayer: 29.0.0.113 -> 29.0.0.140 2018-04-10 21:14:20 +09:00
Herwig Hochleitner 8cbf295b6c chromium: 65.0.3325.162 -> 65.0.3325.181
dev: 66 -> 67

cc @YorikSar @aszlig
2018-03-26 01:52:11 +02:00
Andrew Childs 3928fd9081 Chromium: fix skia build on aarch64
Patch imported from Arch Linux ARM
2018-03-20 00:20:42 +02:00
Yuriy Taraday 6b0732a956 chromium: 65.0.3325.146 -> 65.0.3325.162
Also bump dev branch to ensure that next beta will work.
2018-03-18 19:15:32 +02:00
taku0 864f4ceba4 flashplayer: 28.0.0.161 -> 29.0.0.113 2018-03-14 20:54:46 +09:00
Yuriy Taraday ebce42146f chromium: fix GCC 7 related build issues
Also clean up unused patches.
2018-03-10 03:31:55 +04:00
Herwig Hochleitner 9b4ffd98a4 chromium: 64.0.3282.186 -> 65.0.3325.146
see https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

cc @aszlig @YorikSar

CVE-2017-11215
CVE-2017-11225
CVE-2018-6060
CVE-2018-6061
CVE-2018-6062
CVE-2018-6057
CVE-2018-6063
CVE-2018-6064
CVE-2018-6065
CVE-2018-6066
CVE-2018-6067
CVE-2018-6068
CVE-2018-6069
CVE-2018-6070
CVE-2018-6071
CVE-2018-6072
CVE-2018-6073
CVE-2018-6074
CVE-2018-6075
CVE-2018-6076
CVE-2018-6077
CVE-2018-6078
CVE-2018-6079
CVE-2018-6080
CVE-2018-6081
CVE-2018-6082
CVE-2018-6083
2018-03-09 03:02:49 +01:00
volth 96ebf614ad chromium, google-chrome: fix escaping of commandLineArgs 2018-03-06 14:56:07 +00:00
Vladimír Čunát 565bd805e6
Merge branch 'master' 2018-03-05 14:53:27 +01:00
Herwig Hochleitner c2339ed75a chromium: replace ninja workaround with upstream patch
https://github.com/NixOS/nixpkgs/issues/35296

This reverts workaround commit e3cb6e7772.
2018-02-27 00:08:38 +01:00
Herwig Hochleitner 3bae30289c chromium: 64.0.3282.167 -> 64.0.3282.186 2018-02-25 23:56:58 +01:00
Herwig Hochleitner e3cb6e7772 chromium: build mojo_platform_bindings before chrome
this is an attempt to prevent spurious errors due to parallel make

see https://github.com/NixOS/nixpkgs/issues/35296
2018-02-25 23:56:58 +01:00
Jan Tojnar a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Alexander V. Nikolaev 0acec7e984 treewide: transition mesa to libGLU_combined 2018-02-24 17:06:49 +02:00
Herwig Hochleitner 0d20bf0287 chromium: 64.0.3282.140 -> 64.0.3282.167
[806388] High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
2018-02-15 01:22:46 +01:00
taku0 0ff2f9be67 flashplayer: 28.0.0.137 -> 28.0.0.161 2018-02-08 20:51:32 +09:00
Herwig Hochleitner 8c8e8823bb chromium: 64.0.3282.119 -> 64.0.3282.140
[security] https://crbug.com/808163
2018-02-04 17:47:51 +01:00
Herwig Hochleitner 7a2662569d chromium: 63.0.3239.132 -> 64.0.3282.119
CVE-2018-6031
CVE-2018-6032
CVE-2018-6033
CVE-2018-6034
CVE-2018-6035
CVE-2018-6036
CVE-2018-6037
CVE-2018-6038
CVE-2018-6039
CVE-2018-6040
CVE-2018-6041
CVE-2018-6042
CVE-2018-6043
CVE-2018-6045
CVE-2018-6046
CVE-2018-6047
CVE-2018-6048
CVE-2017-15420
CVE-2018-6049
CVE-2018-6050
CVE-2018-6051
CVE-2018-6052
CVE-2018-6053
CVE-2018-6054
2018-01-25 20:34:04 +01:00
Herwig Hochleitner d585a3207b chromium: fix rpath-overwriting in WideVine plugin 2018-01-22 02:20:09 +01:00
Herwig Hochleitner 6b77189b80 chromium: hide enableWideVine behind a broken flag
ref https://github.com/NixOS/nixpkgs/issues/22333
ref https://github.com/NixOS/nixpkgs/pull/29640

cc @aszlig
2018-01-22 02:20:07 +01:00
Michal Rus 7b062dc57a chromium: Use patchelfUnstable for WideVine plugin
ref 
2018-01-22 02:20:03 +01:00
Tuomas Tynkkynen a8d0b805b1 chromium: Attempt building on aarch64
This will probably go over the 10 hour limit, but we'll see.
2018-01-22 00:42:59 +02:00
Andrew Childs e8926be6bf chromium: Configure aarch64 toolchain 2018-01-22 00:41:03 +02:00
John Ericson e017a027d5
Merge pull request from obsidiansystems/fixed-output-deps
Fixed output deps
2018-01-10 14:28:10 -05:00
John Ericson 888404f11b treewide: Fix deps in a few other fixed output derivations 2018-01-10 11:18:44 -05:00
taku0 4780cc70bd flashplayer: 28.0.0.126 -> 28.0.0.137 2018-01-09 15:15:11 +09:00
Herwig Hochleitner dbb774c5e1 chromium: update 63.0.3239.108 -> 63.0.3239.132
this introduces a standard approach to playing with patches from the
gentoo repository.

the patches for 64 are a first guess during a build in progress

cc @YorikSar @aszlig
2018-01-09 02:20:07 +01:00
Vladimír Čunát 0c5f5ba61d
Merge : chromium: 63.0.3239.84 -> 63.0.3239.108 2017-12-16 09:04:21 +01:00
Yuriy Taraday 2733530a66 chromium: 63.0.3239.84 -> 63.0.3239.108
New stable release with 2 security fixes [0].

Version 64 has been promoted to Beta, build still doesn't work.

[0] https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
2017-12-15 22:22:55 +04:00
taku0 774786b54d flashplayer: 27.0.0.187 -> 28.0.0.126 2017-12-13 20:08:07 +09:00
Yuriy Taraday 994a614ca3 chromium: 62.0.3202.94 -> 63.0.3239.84
New stable release with bunch of security fixes and other changes [0]

Also:
* remove patch for dev already landed upstream
* remove patches specific to version 62
* dev is broken again, need to investigate failures

[0] https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
2017-12-09 01:12:32 +01:00
Samuel Leathers 8f75c783cd
Merge pull request from taku0/flashplayer-27.0.0.187
flashplayer: 27.0.0.183 -> 27.0.0.187
2017-11-15 08:27:39 -05:00
Yuriy Taraday a472c57ffc chromium: 62.0.3202.89 -> 62.0.3202.94
Also bump beta version.
2017-11-15 01:18:01 +01:00
taku0 dd3d1cf6e1 flashplayer: 27.0.0.183 -> 27.0.0.187 2017-11-14 15:15:25 +09:00
Guillaume Maudoux 84fb41dd26 chromium: hardcode xdg_utils path in system calls
ref 
2017-11-10 01:26:35 +01:00
Guillaume Maudoux c7f00e361e chromium: fix .desktop file name
The desktop file must be name "chromium-browser.desktop" because it is
used as-is when setting chromium as the default browser.

See https://cs.chromium.org/chromium/src/chrome/browser/shell_integration_linux.cc?l=657&rcl=34b92857a547538555be6a38e95f7e95ab9b6842

fixes 
2017-11-10 01:25:31 +01:00
Yuriy Taraday 7105bb68cc chromium: 62.0.3202.75 -> 62.0.3202.89
Includes security fixes for CVE-2017-15398 and CVE-2017-15399.

Also fixes builds for beta and dev branches:
- backport https://webrtc-review.googlesource.com/9384 to fix build for
  new webrtc revision
- for dev branch fix gn bootstrap, see
  https://chromium-review.googlesource.com/758584
- for 63+ manpage now is not generated during ninja build, it is
  processed with sed using packagers tools included in sources
2017-11-10 01:19:23 +01:00
Yuriy Taraday da3c404e58 chromium: 62.0.3202.62 -> 62.0.3202.75
also fix beta/dev build - use harfbuzz from sources

Unfortunatelly after [0] chromium doesn't support using harfbuzz provided by
system while using vendored version of freetype.
Disabling usage of separate harfbuzz for now.

[0] https://chromium-review.googlesource.com/c/chromium/src/+/696241
2017-10-28 11:45:31 +02:00
taku0 9211249031 flashplayer: 27.0.0.170 -> 27.0.0.183 2017-10-25 22:43:23 +09:00
Yuriy Taraday f0a0f02b22 chromium: 61.0.3163.100 -> 62.0.3202.62
Also updated most of patches according to their state in Gentoo
repository, deleted ones that are not applicable anymore.
2017-10-21 15:55:42 +02:00
taku0 a060b850f6 flashplayer: 27.0.0.159 -> 27.0.0.170 2017-10-17 13:59:54 +02:00
Herwig Hochleitner 30b3b5d85f announce myself as a maintainer
added maintainer entries for `cdemu` (which i've created), as well as
`wine` and `chromium` (which I regularly contribute to)
2017-10-14 11:11:49 +02:00
taku0 628c039326 flashplayer: 27.0.0.130 -> 27.0.0.159 2017-10-10 23:28:28 +09:00
Robin Gloster c8a2265513
Revert "chromium: take into account new nss header layout"
This reverts commit df41edfe1c.
2017-10-09 20:50:02 +02:00
Michael Raskin df41edfe1c chromium: take into account new nss header layout 2017-10-09 18:15:30 +02:00
Herwig Hochleitner e78bf2d1e9 chromium: 61.0.3163.79 -> 61.0.3163.100 2017-09-28 19:53:20 +02:00
Herwig Hochleitner 93aaeaccc2 chromium: separate patches for beta and dev builds
fixes beta and dev builds
2017-09-28 19:53:20 +02:00
Herwig Hochleitner 6141d8e6fd chromium: shorten mkdir -p 2017-09-15 21:33:37 +02:00
Herwig Hochleitner 7b866fdff9 chromium: create libexec output dir in installphase 2017-09-15 17:50:18 +02:00
Herwig Hochleitner 209b9e88df chromium: remove swiftshader install dir 2017-09-15 08:59:14 +02:00
Herwig Hochleitner 2773508b5d chromium: 60.0.3112.113 -> 61.0.3163.79
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
2017-09-14 20:15:57 +02:00
Kirill Boltaev 73af0b1696 chromium: 60.0.3112.90 -> 60.0.3112.113 2017-09-14 00:40:57 +02:00
taku0 c2e7d1f1f2 flashplayer: 26.0.0.151 -> 27.0.0.130 2017-09-13 20:45:30 +09:00
Vladimír Čunát 017561209e
chromium: try to hack around Hydra problems
Discussion: https://github.com/NixOS/nixpkgs/commit/e8f1ddcbd1d
2017-09-01 12:24:47 +02:00
Herwig Hochleitner e8f1ddcbd1 chromium: 60.0.3112.78 -> 60.0.3112.90 2017-08-11 11:17:14 +02:00
Herwig Hochleitner bb397093b5 chromium: add build flags and system libs
This is lifted from the Arch build recipe:
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/chromium

using system libjpeg still doesn't work for some reason, otherwise the
build runs fine
2017-08-11 11:17:14 +02:00
Herwig Hochleitner 8dc869e340 chromium: 59.0.3071.115 -> 60.0.3112.78
get rid of outdated version branches and patches
take a patch from gentoo, to fix gn bootstrapping
2017-08-11 11:17:14 +02:00
taku0 668007f034 flashplayer: 26.0.0.137 -> 26.0.0.151 2017-08-08 21:35:32 +09:00
Herwig Hochleitner cc583b75fb chromium: 59.0.3071.109 -> 59.0.3071.115
use several system libraries instead of bundled

see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html
2017-07-15 13:14:37 +02:00
taku0 eca15bd0c2 flashplayer: 26.0.0.131 -> 26.0.0.137 2017-07-12 07:39:47 +09:00
Nicolas Truessel 813feae594 chromium: 59.0.3071.86 -> 59.0.3071.109 2017-06-26 09:24:56 +02:00
aszlig bd63daae03
chromium: Add installation of libGLESv2.so
The following errors occur when you start Chromium prior to this commit:

[2534:2534:0625/202928.673160:ERROR:gl_implementation.cc(246)] Failed to
load .../libexec/chromium/swiftshader/libGLESv2.so:
../libexec/chromium/swiftshader/libGLESv2.so: cannot open shared object
file: No such file or directory
[2534:2534:0625/202928.674434:ERROR:gpu_child_thread.cc(174)] Exiting
GPU process due to errors during initialization

While in theory we do not strictly need libGLESv2.so, in practice this
means that the GPU process isn't starting up at all which in turn leads
to crawling rendering performance on some sites.

So let's install all shared libraries in swiftshader.

I've tested this with the chromium.stable NixOS VM test and also locally
on my machine and the errors as well as the performance issues are gone.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-25 22:43:25 +02:00
aszlig 7e10ecb763
chromium: Allow to put extensions in system path
This should allow us to easily add system-wide Chromium extensions via a
NixOS configuration similar to this:

{ pkgs, ... }: {
  environment.pathsToLink = [ "/share/chromium/extensions" ];
  environment.systemPackages = [ pkgs.my-shiny-extension ];
}

For more details about what Chromium expects within that directory, see:

https://developer.chrome.com/extensions/external_extensions

I've introduced this because of a personal desire to gain more control
about which extensions are installed and what they are able to do. All
of the extensions I use are free software, but despite that it's useful
to either easily patch them and also prevent unwanted automatic updates.

Tested this using the NixOS "chromium.stable" test on x86_64-linux.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @offlinehacker because of 
2017-06-18 06:19:30 +02:00
Domen Kožar af4056f22b
chromium: apply patch to fix chromecast 2017-06-17 17:23:02 +02:00
Charles Strahan dda6daa4ff flash: 26.0.0.126 -> 26.0.0.131
The previous releases were 404ing.
2017-06-16 14:42:45 -04:00
Charles Strahan 39fd944402 chrome: fix fallout from
Fixes broken save dialogue (causes chrome to crash) and missing icons.
2017-06-16 14:40:28 -04:00
taku0 264ec9242f flashplayer: 25.0.0.171 -> 26.0.0.126 2017-06-14 20:56:19 +09:00
Nicolas Truessel 74fd4de956 chromium: 58.0.3029.110 -> 59.0.3071.86 2017-06-11 13:26:03 +02:00
Herwig Hochleitner 1fe7bd9ed6 chromium: softlink system nodejs into third_party
somehow, the build seems to have changed with chromium 58, to not auto
download the node binary. It is needed to generate webui files and we
can substitute our own.
2017-05-20 16:03:05 +02:00
Herwig Hochleitner bafcf4226e chromium: add bootstrap gn patch 2017-05-20 16:03:01 +02:00
Herwig Hochleitner 232507a73c chromium: 58.0.3029.96 -> 58.0.3029.110 2017-05-20 16:02:58 +02:00
Herwig Hochleitner ab65bf9dbd chromium: 57.0.2987.133 -> 58.0.3029.96 2017-05-20 16:02:54 +02:00
taku0 3d3e4cdd7d flashplayer-ppapi: 25.0.0.148 -> 25.0.0.171 2017-05-09 21:53:11 +09:00
Joachim Fasting c1aa7b2051
Revert "google-chrome: 57.0.2987.133 -> 58.0.3029.96"
This reverts commit 4a593e4285.

Fails to build on hydra, despite building for the submitter ...
2017-05-07 11:42:06 +02:00
Benjamin Staffin 4a593e4285
google-chrome: 57.0.2987.133 -> 58.0.3029.96
stable: 57.0.2987.133 -> 58.0.3029.96
beta: 58.0.3029.68 -> 59.0.3071.36
dev: 59.0.3067.0 -> 60.0.3088.3
2017-05-04 16:31:38 -04:00
Benjamin Staffin 552efadbef
chromium: 57.0.2987.110 -> 57.0.2987.133 [security]
CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
CVE-2017-5056: Use after free in Blink. Credit to anonymous
CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
2017-04-13 18:59:33 -04:00
Lengyel Balázs f08e89d256 chromium: flashplayer: 25.0.0.127 -> 25.0.0.148 2017-04-12 16:10:46 +02:00
Herwig Hochleitner 92985364e1 chromium: 57.0.2987.98 -> 57.0.2987.110 2017-03-22 01:17:17 +01:00
Kamil Chmielewski df3044cb2e chromium: flashplayer: 24.0.0.221 -> 25.0.0.127
[Critical security fix]
https://github.com/NixOS/nixpkgs/pull/23889
2017-03-16 12:00:17 +01:00
Herwig Hochleitner 49207a62f3 chromium: 56.0.2924.87 -> 57.0.2987.98 [Security] 2017-03-11 02:01:16 +01:00
Nikolay Amiantov ec2c9d57b5 Merge pull request from abbradar/chromium-updates
Chromium updates
2017-02-20 15:49:04 +03:00
Kamil Chmielewski 1a77e4141d chromium: flashplayer: 24.0.0.194 -> 24.0.0.221
[Critical security fix] - see 
2017-02-15 09:51:55 +01:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Nikolay Amiantov 748e7b287b chromium: update dev and beta
chromiumBeta: 56.0.2924.76 -> 57.0.2987.21
chromiumDev: 57.0.2987.19 -> 58.0.3000.4
2017-02-08 22:52:40 +03:00
Nikolay Amiantov c5b07975d8 chromium.mkDerivation: update flags
* Remove libselinux flag: it's no longer supported;
* Use new gold flags.
2017-02-08 22:52:40 +03:00
Nikolay Amiantov 003fa8fed5 gn: remove
Chromium depends on bundled versioon of gn. It's also chromium-specific build
tool, so it's not feasible to package.
2017-02-08 22:52:40 +03:00
Nikolay Amiantov b2eb9f4a96 chromium.mkDerivation: run {pre,post}Configure
This allows us to add custom steps.
2017-02-08 22:52:37 +03:00
Nikolay Amiantov 3effe0b9b5 chromium: export version 2017-02-08 22:50:13 +03:00
Nikolay Amiantov 781022de46 chromium.mkDerivation: use ninja from nativeBuildInputs
Also move Python packages there.
2017-02-08 22:47:13 +03:00
Herwig Hochleitner 4a9efe9acf chromium: 56.0.2924.76 -> 56.0.2924.87 2017-02-06 04:36:11 +01:00
Matthew Maurer b3e6bdbae5 chromium: 55.0.2883.87 -> 56.0.2924.76 2017-02-02 11:26:25 +01:00
Parnell Springmeyer 4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer 025555d7f1
More fixes and improvements 2017-01-26 00:05:40 -08:00
volth a3778f6e87 flashplayer: 24.0.0.186 -> 24.0.0.194 2017-01-11 18:06:55 +00:00
volth 1181bdd717 chromium, google-chrome: add commandLineArgs 2017-01-05 18:19:44 +00:00
Eelco Dolstra b4f401104d
Fix big-parallel usage
requiredSystemFeatures is not a meta attribute but a derivation
attribute. So "big-parallel" was being ignored on e.g. chromium,
causing it to be built (and timing out) on slow machines.

http://hydra.nixos.org/build/45819778#tabs-buildsteps
2017-01-03 13:55:26 +01:00
Herwig Hochleitner 08121638f8 chromium: 55.0.2883.75 -> 55.0.2883.87 2017-01-02 14:00:10 +01:00
Joachim Fasting 6dbdbdec69
chromium pepper flash plugin: 23.0.0.207 -> 24.0.0.186
Fixes https://github.com/NixOS/nixpkgs/issues/21119,
fixes https://github.com/NixOS/nixpkgs/issues/21169
2016-12-15 16:06:56 +01:00
Graham Christensen d71dbd733c
chromium: 54.0.2840.100 -> 55.0.2883.75 2016-12-07 20:26:47 -05:00
Frederik Rietdijk b28689f453 chromium: use python2 2016-11-24 22:28:04 +01:00
Ricardo M. Correia 6dfd4f5b08 pepperflash: 23.0.0.205 -> 23.0.0.207 2016-11-18 00:33:11 +01:00
Herwig Hochleitner 663007d607 chromium: 54.0.2840.90 -> 54.0.2840.100
fixes CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202
2016-11-10 23:45:29 +01:00
Herwig Hochleitner d48846756f chromium: fix nix syntax highlighting for emacs 2016-11-10 16:30:56 +01:00
aszlig 6f8a72bbff
chromium: Add Gtk 3 for versions >= 56
Versions before 56 already had experimental support for Gtk 3 and since
version 56, Gtk 3 _seemed_ to become the default. Although it's now
requiring *both* Gtk 2 and Gtk3, so let's supply the dependency for now
to get it to build.

In the future however we might want to add use_gtk3 to the GN flags and
get rid of Gtk 2 completely.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-09 00:58:33 +01:00
aszlig d2e60d1f93
chromium: Fix building with WineVine components
Before version 54, the WideVine CDM plugin was built unconditionally and
it seems since version 54 this now is dependent upon a GYP/GN flag on
whether to include the CDM shared library or not.

Also, we now use a patch from Gentoo which should hopefully get the CDM
plugin to work properly, at least according to their bugtracker:

https://bugs.gentoo.org/show_bug.cgi?id=547630

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-09 00:58:29 +01:00
aszlig 66ce15a3b1
chromium: Update all channels to latest versions
Overview of updated versions:

stable: 54.0.2840.71 -> 54.0.2840.90
beta:   55.0.2883.21 -> 55.0.2883.35
dev:    56.0.2897.0  -> 56.0.2906.0

This is to get our Chromium versions in par with the latest upstream
ones before merging in the GN migration changes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:24 +01:00
aszlig b84e3379fe
chromium: Bring back pepper flash from Adobe
So far we had the bundled Flash player plugin that came with Chrome, but
since version 54 the Chrome package doesn't include PPAPI Flash anymore.

Instead we're going to download the PPAPI Flash plugin directly from
Adobe and try to use them for all release channels of Chromium.

Of course it would be nice if we'd have an updater for it but for now
it's important that we don't break things for people who are currently
forced to use Flash.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:20 +01:00
aszlig 5f53fddf1e
chromium: Remove some libs from system depenencies
Seems that these libraries aren't the ones Chromium is expecting to be,
so let's switch to use the bundled version of these libraries instead.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:14 +01:00
aszlig 8391241e0c
chromium: Build with GN unconditionally
Previously I've added the extra file common-gn.nix in addition to
common.nix, so we can possibly have a smooth transition from current
stable to the new version 54.

Unfortunately, version 53 is already EOL and we have to move to version
54 as soon as possible so we can only use GN and thus it doesn't make
sense to provide expressions for GYP anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:11 +01:00
aszlig 5f18ccb001
chromium: Remove flag for hiDPISupport
This should now be the upstream default and there also is no more flag
for GN to set it, so we'll no longer need it on our side as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:12:07 +01:00
Herwig Hochleitner b43142c958
chromium: remove pepperflash
fixes NixOS#19565
2016-11-08 20:12:03 +01:00
Herwig Hochleitner 872b4782e9
chromium: 53 -> 54 2016-11-08 20:11:59 +01:00
aszlig 7a3a16dd80
chromium: Remove plugin paths patch for version 50
The oldest version we build is version 53, so we no longer need this
patch.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:11:56 +01:00
aszlig d0e8f3c503
chromium: Add preliminary support for GN
This only uses the most basic GN flags which should represent the GYP
flags we had before. In order to get rid most of the GYP cruft, we now
have common.nix and common-gn.nix which are mostly the same, just that
the latter is only for GN builds.

The GN implementation is far from complete and currently not even
builds, so we need more work to get the beta and dev channels building.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-08 20:11:52 +01:00
Frederik Rietdijk f64b574e1d chromium: use python2
gyp still depends on python 2 although that might change soon
https://codereview.chromium.org/1454433002/
2016-10-22 16:47:21 +02:00
aszlig bc6caeabcc
chromium: Fix wrong hash for beta channel
It seems that upstream has re-uploaded the tarball again (see
0c2683cc11).

I've verified the new hash from two different hosts.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-10-09 13:43:04 +02:00
Graham Christensen 66d622fbd0
chromium: 53.0.2785.116 -> 53.0.2785.143 for CVEs
https://lwn.net/Alerts/702456/
2016-10-05 21:11:59 -04:00
aszlig 0c2683cc11
chromium: Fix wrong/missing hash for beta channel
The hash provided in commit 072917ea5d is
faulty, either because the upstream tarball has changed or because it
was wrong in the first place, no matter what happened we can't really
verify if we don't have the tarball with the old hash.

To double-check I've verified the hash against the one from Gentoo[1],
which has the following SHA256:

b46c26a9e773b2c620acd2f96d69408f14a279aefaedfefed002ecf898a1ecf2

After being converted into base 32 the hash does match with ours.

Note that I haven't tested building all Chromium channels (yet), but we
can fix upcoming issues later because right now it doesn't build anyway
because of the failing hash check.

[1]: https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/Manifest?id=2de0f5e4ffeb46a478c589b21d5bbcfd5736e57b

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-25 20:58:03 +02:00
Franz Pletz 072917ea5d
chromium: update to latest channel releases (security)
Fixes at least:

  - CVE-2016-1667
  - CVE-2016-1668
  - CVE-2016-1669
  - CVE-2016-1670
  - CVE-2016-5170
  - CVE-2016-5171
  - CVE-2016-5172
  - CVE-2016-5173
  - CVE-2016-5174
  - CVE-2016-5175
  - CVE-2016-7395

cc 
2016-09-24 21:55:24 +02:00
Profpatsch 61462c94e6 lib/fetchers.nix: factor out impure proxy vars ()
Apparently everyone just copied those variables, instead of creating a
library constant for them. Some even removed the comment. -.-
2016-09-17 21:50:01 +02:00
Kirill Boltaev 0f37287df5 treewide: explicitly specify gtk version 2016-09-13 21:09:24 +03:00
Kirill Boltaev bccd75094f treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
Tuomas Tynkkynen 290db94f04 Merge remote-tracking branch 'upstream/master' into staging 2016-09-09 02:40:47 +03:00
Franz Pletz 7949e69382
chromium: update to latest channel releases (security)
Fixes the following security problems:

- CVE-2016-5147: Universal XSS in Blink
- CVE-2016-5148: Universal XSS in Blink
- CVE-2016-5149: Script injection in extensions
- CVE-2016-5150: Use after free in Blink
- CVE-2016-5151: Use after free in PDFium
- CVE-2016-5152: Heap overflow in PDFium
- CVE-2016-5153: Use after destruction in Blink
- CVE-2016-5154: Heap overflow in PDFium
- CVE-2016-5155: Address bar spoofing
- CVE-2016-5156: Use after free in event bindings
- CVE-2016-5157: Heap overflow in PDFium
- CVE-2016-5158: Heap overflow in PDFium
- CVE-2016-5159: Heap overflow in PDFium
- CVE-2016-5160: Extensions web accessible resources bypass
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass
- CVE-2016-5163: Address bar spoofing
- CVE-2016-5164: Universal XSS using DevTools
- CVE-2016-5165: Script injection in DevTools
- CVE-2016-5166: SMB Relay Attack via Save Page As
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives
2016-09-07 04:49:56 +02:00
Eelco Dolstra 78178d5854 systemd: Separate lib output
This moves libsystemd.so and libudev.so into systemd.lib, and gets rid
of libudev (which just contained a copy of libudev.so and the udev
headers). It thus reduces the closure size of all packages that
(indirectly) depend on libsystemd, of which there are quite a few (for
instance, PulseAudio and dbus). For example, it reduces the closure of
Blender from 430.8 to 400.8 MiB.
2016-09-05 19:17:14 +02:00
Vladimír Čunát f86392bfbe chromium: fixup share/share
Reported on https://github.com/NixOS/nixpkgs/issues/11501#issuecomment-164383204
2016-08-27 17:38:25 +02:00
obadz cd063d774e chromium: fix "Aw, snap!" after glibc 2.24 upgrade
See https://bugzilla.redhat.com/show_bug.cgi?id=1361157#c8
cc @domenkozar @aszlig
2016-08-23 11:56:11 +01:00
obadz 4574f22841 chromium: remove one layer of wrapper by using ed 2016-08-19 19:18:23 +01:00
obadz 3822c56e1e chromium: minor fixups
cc @aszlig
2016-08-10 02:35:59 +01:00
obadz 20f009d56d chromium: split the sandbox into a seperate output (take 2)
Fixup of 231ed9e
2016-08-06 14:42:13 +01:00
obadz 231ed9edd9 chromium: split the sandbox into a separate output
Related to  and 66d5edf
Triggers a rebuild of Chromium
2016-08-06 10:29:56 +01:00
obadz 66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes 

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
obadz d6528a1b7f chromium: fixup commit 33557ac
Helps with 

@cleverca22 saw calls to SetuidSandboxHost::GetSandboxBinaryPath so we
patch this function instead.

cc @joachifm
2016-08-05 10:55:48 +01:00
obadz 33557acb36 chromium: add ability to control which sandbox is used
First step towards addressing 

In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
2016-08-04 20:37:35 +01:00
Benjamin Staffin 78e5e61bbe Update google-chrome versions
The previous download links were all broken.

Stable: 51.0.2704.103 -> 52.0.2743.116
Beta:   52.0.2743.41  -> 53.0.2785.34
Dev:    53.0.2767.4   -> 54.0.2816.0
2016-08-04 00:22:58 -04:00
Scott R. Parish 1f1f0f049b chromium: Update to latest stable, beta, and dev channels
stable 51.0.2704.63 => 51.0.2704.103
beta   51.0.2704.63 => 52.0.2743.41
dev    52.0.2743.10 => 53.0.2767.4

This addresses 15 security fixes, including:

 * High   CVE-2015-1696: Cross-origin bypass in Extension bindings. Credit to
                         anonymous.
 * High   CVE-2015-1697: Cross-origin bypass in Blink. Credit to Mariusz
                         Mlynski.
 * Medium CVE-2016-1698: Information leak in Extension bindings. Credit to
                         Rob Wu.
 * Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit
                         to Gregory Panakkal.
 * Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
 * Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
 * Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.

See: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
2016-06-19 19:50:45 -07:00
aszlig 79d18eb604
chromium: Update dev channel to v52.0.2743.10
With this update we need to rebase the nix_plugin_paths patch, which was
done by @srp and I took it from his comment at:

https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677

Other than that, using libjpeg from nixpkgs fails to link:

https://headcounter.org/hydra/build/1114273

Rather than just using versionAtLeast to check for >= version 52, we're
matching on the explicit version number. That way we can make sure that
we (try to) build with system libjpeg again so we can keep it out of the
overall Chromium build time.

Built and tested using the VM tests on my Hydra at:

https://headcounter.org/hydra/eval/322006

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 19:15:39 +02:00
aszlig c7a3645e7b
chromium: Remove stuff for versions <= v51
We're already on version 52, so there really is no need to keep all
those conditionals and old patches anymore.

Tested dropping the unconditional build_fixes_46.patch via the Chromium
VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 19:04:22 +02:00
aszlig 0f4095ec50
chromium: Fix hash for beta Debian package
I'm not sure how the wrong hash ended up being there, but I've checked
the hash from three different machines (and networks) just to be sure I
didn't make a mistake.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 18:57:15 +02:00
Scott R. Parish e2d067d760
chromium: Update to latest stable and beta channel
Overview of updated versions:

stable: 50.0.2661.102 -> 51.0.2704.63
beta: 51.0.2704.47 -> 51.0.2704.63

I tried to update dev, but couldn't get it to compile, it was failing
with a "'isnan' was not declared in this scope.

As far as I can tell, at the moment the beta and stable channels are
on the same version.

The stable update addresses the following security issues:

  * High   CVE-2016-1672: Cross-origin bypass in extension bindings. Credit
                          to Mariusz Mlynski.
  * High   CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1676: Cross-origin bypass in extension bindings. Credit
                          to Rob Wu.
  * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of
                        Qihoo 360.
  * High   CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  * High   CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  * High   CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * High   CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic
                          of Cisco Talos.
  * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to
                          KingstonTime.
  * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte
                          Kettunen of OUSPG.
  * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  * Low    CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * Low    CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit
                          to Til Jasper Ullrich.
  * Low    CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to
                          Khalil Zhani.
  * Low    CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan
                          Lester and Bryant Zadegan.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
2016-05-28 18:12:39 +02:00
aszlig ad2c8d3510
chromium: Update to latest beta and dev channels
Overview of the updated versions:

beta: 50.0.2661.49 -> 51.0.2704.47
dev:  51.0.2693.2  -> 52.0.2729.3

It has been a while since we had a major Chromium update that compiled
and worked without troubles, but version 52 builds and the VM tests are
successful as well:

https://headcounter.org/hydra/eval/320335

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-15 05:17:51 +02:00
Scott R. Parish 5ebf20db0f
chromium: Update stable to 50.0.2661.102 for multiple security fixes
This addresses the following security fixes:

 * High   CVE-2016-1667: Same origin bypass in DOM. Credit to
                         Mariusz Mlynski.
 * High   CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit
                         to Mariusz Mlynski.
 * High   CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
 * Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
 * Medium CVE-2016-1671: Directory traversal using the file scheme on
                         Android. Credit to Jann Horn.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

Signed-off-by: Scott R. Parish <srparish@gmail.com>
Tested-by: aszlig <aszlig@redmoonstudios.org>
Closes: 
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-14 22:04:56 +02:00
Vladimír Čunát 1dc36904d8 Merge : windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
aszlig 3f7735fe65
chromium+chrome: Don't import update.nix directly
Regression introduced by f28b71023c.

Let's now expose and use the upstream-info attribute via the main
Chromium derivation, so that other packages like the google-chrome
package doesn't need to rely on internals of the Chromium
implementation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-04 23:12:33 +02:00
aszlig f28b71023c
chromium/updater: Don't import <nixpkgs> again
This effectively resets the attributes given at the point the main
<nixpkgs> is imported and thus for example is also reading in stuff like
~/.nixpkgs/config.nix again, which might lead to unexpected results.

We now only import <nixpkgs> now if the updater is auto-called (like in
update.sh), otherwise the required attributes are passed by callPackage
within the Chromium scope.

I remember noting about this a while ago either on IRC or on GitHub, but
I can't find it right now, so thanks to @obadz for reminding me about
this in .

Tested this by running the updater and also using:

NIXPKGS_CONFIG=$(pwd)/broken.nix nix-instantiate --arg config {} -A chromium

The contents of broken.nix were:

EVALERR{

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: 
2016-05-04 22:35:24 +02:00
Eelco Dolstra 1f84e43239 Do some large, concurrency-capable builds on dedicated machines 2016-05-04 18:16:27 +02:00
Eelco Dolstra f2d24b9840 chromium: Disable Hydra builds of -dev and -beta
It's not the job of Nixpkgs to distribute beta versions of upstream
packages. More importantly, building these delays channel updates by
several hours, which is bad for our security fix turnaround time.
2016-05-04 18:16:27 +02:00
Nikolay Amiantov ab0a0c004e makeSearchPathOutputs: refactor to makeSearchPathOutput 2016-04-25 13:24:39 +03:00
Nikolay Amiantov 8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
aszlig ef753d210e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 49.0.2623.87 -> 49.0.2623.110
beta:   50.0.2661.26 -> 50.0.2661.49
dev:    50.0.2661.18 -> 51.0.2693.2

Most notably, this includes a series of urgent security fixes:

 * CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
                  Tencent KeenLab.
 * CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
 * CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
 * CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
                  working with HP's Zero Day Initiative / Pwn2Own.
 * CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction

The official release announcement with details about these fixes can be
found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.

As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:

 * libexif got removed, so let's do that on our end as well.
   See https://codereview.chromium.org/1803883002 for details.
 * Chromium doesn't seem to compile with our version of libpng, so let's
   resort to the bundled libpng for now.
 * site_engagement_ui.cc uses isnan outside of std namespace, so
   we're fixing that in postPatch using sed.

I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.

Test reports can be found at the following evaluation of my Hydra:

https://headcounter.org/hydra/eval/314584

Thanks to @grahamc for reporting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: 
2016-03-30 15:24:39 +02:00
aszlig f9fff51c2a
chromium: Link using gold linker flags
I originally wanted to do this a long time (a31301d) but IIRC back then
it didn't compile. Nowadays with the splitup of the gold linking flags
and the binutils integration, it's merely just a switch to flip, so
let's do that.

Only tested it by building against the current Chromium stable version
on 64bit, because right now builds on Hydra seem to time out (because of
this?) anyway so we have nothing to lose here.

The linking time was hereby reduced from >30 minutes (I didn't measure
it exactly but looked half an hour later to the build progress and it
was *still* linking) to about a few seconds, which I guess is even
though the measurement is quite bogus a tremendous improvement
nonetheless.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-28 11:41:13 +02:00
aszlig 5ebd629c6f
chromium: Fix comment of upstream-info.nix
As of 6041cfe, the upstream-info.nix (back then it was called
sources.nix) is no longer in the source/ subdirectory, so we need to fix
that comment to say that the file is autogenerated from update.sh in the
*same* directory.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 23:10:13 +01:00
aszlig fb65a0048a
chromium: Revert working around --sysroot filter
This reverts commit 5979946c41.

I have tested this by building against the stable version of Chromium
and it seems to compile just fine, so it doesn't seem to be needed
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 21:05:49 +01:00
aszlig 1f497204f7
chromium: Show status about precompiling .py files
Only a aesthetics thingy, but also corrects the comment, because we're
essentially precompiling .py files, NOT the .pyc files (the latter are
the results).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 18:44:56 +01:00
aszlig 4f981b4f84
chromium: Move source/default.nix into common.nix
This addresses  so that we now have only a single tarball where we
base our build on instead of splitting the source into different outputs
first and then reference the outputs.

The reason I did this in the first place is that we previously built the
sandbox as a different derivation and unpacking the whole source tree
just for building the sandbox was a bit too much.

As we now have namespaces sandbox built in by default we no longer have
that derivation anymore. It still might come up however if we want to
build NaCl as a separate derivation (see ), but splitting the
source code into things only NaCl might require is already too much work
and doesn't weight out the benefits.

Another issue with the source splitup is that Hydra now has an output
limit for non-fixed-output derivations which we're already hitting.

Tested the build against the stable channel and it went well, but I
haven't tested running the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:50:17 +01:00
aszlig 37dbd62a83
chromium: Move fetchurl calls to getChannel
We always do something like "fetchurl channelProduct", so let's move it
to getChannel directly so we can avoid those fetchurl calls all over the
place.

Also, we can still access subattributes from the fetchurl call if we
need to, so there really is no need to expose the product's attributes
directly.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:13:44 +01:00
aszlig 4984a2bf76
chromium/plugins: Break long line
Yes, I know I'm a bit nitpicky, but lines >80 chars are very ugly if you
have two windows side-by-side.

Thus no feature changes here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:07:28 +01:00
aszlig 985df3900d
chromium/common.nix: Remove unreferenced attrs
We're going to refactor things anyway, so let's first get rid of
everything that's not used anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:01:58 +01:00
aszlig 6041cfe2af
chromium/source: Move update.nix to parent dir
We now should have only the default.nix left in the source directory and
we can start to factor out the pieces into the Chromium main derivation
attributes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:53:08 +01:00
aszlig 2d9a604907
chromium: Rename sources.nix to upstream-info.nix
The "sources.nix" also contains information about where to get binary
packages, so calling it "upstream-info.nix" fits better in terms of
naming.

Also, we're moving it away from the sources dir, because the latter will
soon vanish.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:48:54 +01:00
aszlig d6b11ed722
chromium/source: Move patches into its own subdir
We're going to reference the patches in the Chromium main build rather
than applying it to the sources. So as a first step, this should keep
the patches away from the "source" subdirectory so we can make it flat.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:44:34 +01:00
aszlig a62f100ec3
chromium/update.sh: Allow to be called out-of-tree
Changing the working directory to
pkgs/applications/networking/browsers/chromium is a bit annoying, so
let's make sure the script can be called from anywhere.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
aszlig f7e2171937
chromium/common: Shut up about precompiling .pyc's
The errors are completely non-fatal and only cause a particular file to
be not precompiled. Unfortunately this can lead to confusion to whether
these errors are real errors or not, so let's shut it up completely
because they're *not* real errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
Vladimír Čunát 4c0125bc8f chromium: fixup plugins with multiple outputs
Chromium+flash seem to work fine now.
2016-03-11 15:10:51 +01:00
Graham Christensen e54434751a chromium: 49.0.2626.75 -> 50.0.2661.26 for CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 2016-03-10 14:57:29 -06:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
aszlig 8b97ca270e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 48.0.2564.116 -> 49.0.2623.75
beta:   49.0.2623.63  -> 49.0.2623.75
dev:    50.0.2657.0   -> 50.0.2661.11

Stable and beta are now in par because of the release of a major stable
update.

The release addresses 26 security vulnerabilities, the following with an
assigned CVE:

 * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
 * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
 * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and
                  Bryant Zadegan.
 * CVE-2015-8126: Out-of-bounds access in libpng. Credit to
                  joerg.bornemann.
 * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
 * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
 * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
 * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan
                  Herrera.
 * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of
                  OUSPG.

The full announcement which also includes the link to the bug tracker
can be found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html

Also, the 32bit Chrome package needed for the Flash and Widevine plugins
doesn't exist anymore, because Google has dropped support for 32bit
distros, see here for the announcement:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU

On our end, we need to fix the patch for the plugin paths to work for
the latest dev channel. The change is very minor, because the
nix_plugin_paths_46.patch only doesn't apply because of an iOS-related
ifdef.

Built and tested on my Hydra at:

https://headcounter.org/hydra/eval/311511

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: 
2016-03-05 22:53:13 +01:00
aszlig c3d82f0fbf
chromium/updater: Fix eval error on stdenv.is32bit
There is no stdenv.is32bit, so let's just use !stdenv.is64bit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 03:16:26 +01:00
aszlig 8d5accb691
chromium/updater: Fix getting latest versions
Comparing the current version with the version in sources list and
accidentally swapping the version arguments isn't going to get very far
because every new version that will come up will then be treated as "we
already have that version".

So we're now using versionOlder and also a check whether the version is
the *same* as the one in sources.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 02:55:00 +01:00
Luca Bruno 5f8311775c chromium: add StartupWMClass to desktop file. Fixes 2016-02-29 20:42:58 +01:00
aszlig 54b4912566
chromium: Regenerate sources.nix with new updater
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig 28b289efa6
chromium: Refactor updater entirely in Nix
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.

Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.

The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.

This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig 716b79d3a5
chromium: Provide SHA256s for beta/dev plugins
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
aszlig 459642b8de
chromium/updater: Allow a single plugin arch
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.

Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.

This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
Graham Christensen 712d59225e chromium{,Beta,Dev}: 48.0.2564.97 -> 48.0.2564.116
From the debian security mailing list:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.

CVE-2016-1623

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

    lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.

CVE-2016-1626

    An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

    It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

    An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.
2016-02-25 12:00:12 -06:00
Nathan Zadoks 2610986991 chromium/plugins: use jshon for extracting the Flash version from JSON 2016-02-19 12:31:08 +01:00
Cole Mickens a5a5c1d9cd chromium/plugins: Fix widevine substitution
Fixes: 
Related to: 61042a5

61042a5 changes the replaced token from $something to @something@. This
commit repeats that change in one additional location used by the
WideVine plugin
2016-02-15 18:04:16 -08:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
aszlig 61042a5b6a
chromium/plugins: Use @var@ for passing variables
There is already a pull request from @colemickens, who has just reversed
the variable references $flash and $flashVersion but the fix is kinda
fragile as he points out himself in .

The reason the wrong substition was made is that both variables begin
with the same name and we do a simple replace instead of a more
complicated one using builtins.match.

So staying simple but to still not raising issues with other variables
that begin with the same name I'm now using @var@ instead, like we use
in substituteAll and other substituters (like the ones in CMake or
autotools) deal with it.

Note that I'm not using $var$ here to make sure it doesn't get confused
with real shell variables.

So with this fix in place, the wrapper now has the following flags:

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=20.0.0.294

Previously we had ():

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=/nix/store/...-binary-plugins-flashVersion

Thanks to @colemickens for reporting and putting up a pull request.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: 
Fixes: 
2016-02-02 17:39:08 +01:00
aszlig ff90f52375
chromium: Remove import-from-derivation again
This reverts commit f7af2272a2.

We're going to fix  properly by reintroducing 38c77bb and fixing
the shell variable substitution.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-02 17:39:08 +01:00
Tony White 8491d0d1ca chromium: 47.0.2526.106 - > 48.0.2564.97
- Fixes CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615
  CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620.
- Moves chromium stable and beta channels up one version major.
  vcunat made dev channel stay for now, as it wouldn't download otherwise.
  This is most of PR .
2016-02-01 12:12:07 +01:00
Vladimír Čunát f7af2272a2 Revert "chromium: Do not rely on import-from-derivation"
This reverts commit 38c77bb72c.
In this form it causes problems .
2016-01-31 10:03:57 +01:00
Vladimír Čunát 716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
aszlig 85dd89f6eb
chromium: Remove myself from maintainers
Working on Chromium really drives me nuts due to its build time, also I
really don't have quite a lot of time these days to properly maintain it
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:35:28 +01:00
aszlig 38c77bb72c
chromium: Do not rely on import-from-derivation
This has been introduced by me in 690a845 and discovered by @vcunat in
his comment over at:

690a845de9 (commitcomment-14209868)

It's really a bit ugly to have builds running during evaluation, but
back when I made that commit the reason was to avoid having to shell
quote the hell out of it (see the comment in mkPluginInfo for the
reason).

Now we propagate plugin flags and environment variables as a list of
arguments in a plain file that's appended verbatim to makeWrapper, so
it shouldn't do any builds anymore during instantiation.

I have tested this with both just WideVine and just Flash enabled as
well as both in combination and none of the plugins and the output seems
correct. However I didn't test to run Chromium with the new
implementation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Vladimír Čunát <vcunat@gmail.com>
2016-01-18 03:35:28 +01:00
Vladimír Čunát f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Domen Kožar 6da327b433 Chromium updates 2015-12-29 19:32:38 +01:00
Ambroz Bizjak 03cf5e6627 chromium: Updates.
- dev: 48.0.2564.22 -> 49.0.2587.3
- beta: 48.0.2564.23 -> 48.0.2564.41
- stable: 47.0.2526.73 -> 47.0.2526.80
2015-12-13 17:00:13 +01:00
Luca Bruno 5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Ambroz Bizjak b9093f1c64 chromium: Updates, fixes
Built and run Beta and Stable locally. Dev is surrently superseded by Stable so
it doesn't matter much.

- Dev: 47.0.2508.0 -> 48.0.2564.22
- Beta: 46.0.2490.64 -> 48.0.2564.23
- Stable: 45.0.2454.101 -> 47.0.2526.73

Changed the SSL dependencies to the supported configuration on Linux (according
to Torne @Freenode/#chromium-support).

- NSS is a dependency since it is used to access the ceritiface store.
- Dropped system OpenSSL support, the bundled BoringSSL is used.

This probably fixes issue . Note that without this adjustment the build
fails even.

Dropped uneeded old patches.
2015-12-07 14:52:15 +01:00
Vladimír Čunát 333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Domen Kožar 5c37ce8aa7 Merge pull request from obadz/chromium-srtp-crash-fix
Revert "chromium: 45.0.2454.101 -> 46.0.2490.71"
2015-10-29 10:54:26 +01:00
Brian McKenna 492ccdd52d chromium: include WideVine patch to get NetFlix
Close , fixes .
For some reason it's more involved than just setting gyp configuration,
we also have to set some definitions in widevine_cdm_version.h according
to the comments left in the file. Arch Linux does this already and so we
should probably just use the patch they created while getting Netflix to
work:

https://code.google.com/p/chromium/issues/detail?id=429452#c16
2015-10-29 07:30:04 +01:00
Cillian de Róiste 063c27ec77 chromium: remove myself from the maintainers list 2015-10-24 13:11:02 +02:00
obadz 2b7c156079 Revert "chromium: 45.0.2454.101 -> 46.0.2490.71"
This reverts commit 0ad0fbdf8a.

This upgrade causes "Aw, Snap" crashes on websites that use srtp
such as Google Hangouts.

Details: https://github.com/NixOS/nixpkgs/issues/10555
2015-10-23 17:01:37 +01:00
Domen Kožar b7088df010 Merge pull request from obadz/chromium-screensharing-bugfix
chromium: add enable_hangout_services_extension=true
2015-10-21 21:14:56 +02:00
William A. Kennington III 0ad0fbdf8a chromium: 45.0.2454.101 -> 46.0.2490.71 2015-10-15 13:13:56 -07:00
William A. Kennington III fc69fadfe4 chromiumBeta: 46.0.2490.52 -> 46.0.2490.64 2015-10-15 13:13:55 -07:00
obadz d90040afd8 chromium: add enable_hangout_services_extension=true to fix screensharing bug
as suggested in: https://code.google.com/p/chromium/issues/detail?id=416856#c53
2015-10-07 20:39:22 +01:00
Vladimír Čunát b44d846990 udev: complete rework
- systemd puts all into one output now (except for man),
  because I wasn't able to fix all systemd/udev refernces
  for NixOS to work well
- libudev is now by default *copied* into another path,
  which is what most packages will use as build input :-)
- pkgs.udev = [ libudev.out libudev.dev ]; because there are too many
  references that just put `udev` into build inputs (to rewrite them all),
  also this made "${udev}/foo" fail at *evaluation* time
  so it's easier to catch and change to something more specific
2015-10-04 10:03:53 +02:00
William A. Kennington III 759c86c817 chromiumBeta: 46.0.2490.42 -> 46.0.2490.52 2015-10-03 22:22:21 -07:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
William A. Kennington III 383377437e chromium: Updates
Built and run locally

  - Beta: 46.0.2490.33 -> 46.0.2490.42
  - Stable: 45.0.2454.99 -> 45.0.2454.101
2015-09-30 13:22:38 -07:00
Eelco Dolstra 4b664cb922 chromium-dev: Revert to 47.0.2508.0
47.0.2516.0 doesn't build.

http://hydra.nixos.org/build/26422610
http://hydra.nixos.org/build/26422600
2015-09-28 15:40:13 +02:00
William A. Kennington III abb4088c6c chromium: Updates
- stable: 45.0.2454.93 -> 45.0.2454.99
  - dev:    47.0.2508.0  -> 47.0.2516.0
2015-09-23 12:30:00 -07:00
Domen Kožar 94e3e1195e chromium: remove preferLocalBuild
It's another attempt to fix chromium builds.

See http://hydra.nixos.org/build/26086977/nixlog/4/raw

Unpacking sources is actually taking more than 2h so build fails.
Instead, rather build it remotely and then copy over the output as
we don't have limits for download time.

See 089bdce621 for reference

cc @aszlig

(cherry picked from commit cef54e7d67)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-09-20 11:16:42 +02:00
William A. Kennington III fda452c56c chromium: Updates
- dev: 47.0.2503.0 -> 47.0.2508.0
  - beta: 46.0.2490.22 -> 46.0.2490.33
  - stable: 45.0.2454.85 -> 45.0.2454.93
2015-09-17 15:51:32 -07:00
William A. Kennington III 27f0664960 chromiumBeta: Update 2015-09-13 20:23:21 -07:00
William A. Kennington III 71ec4dbd45 chromium: Dev / Beta Updates 2015-09-08 15:19:48 -07:00
William A. Kennington III b55a4df70f chromium: Updates
This bumps the stable and dev track forward a version
2015-09-01 21:22:34 -07:00
William A. Kennington III 8712a2d8d1 chromium: Updates 2015-08-21 11:05:11 -07:00
aszlig e4c2f97a27
Merge pull request from @jraygauthier.
Although I couldn't test this because I'm not using a DE, nobody else
than the one submitting the pull request has commented on this. So if it
should break the icon for other people, nobody would probably start an
assassination because of this and the commit can be easily reverted if
it should break the icon.
2015-08-20 13:02:55 +02:00
Raymond Gauthier cff84b2a71 chromium: improvement.
Fixed `*.desktop` refering to nix store for its icon.
2015-08-15 18:32:30 -04:00
William A. Kennington III 4ed131efb3 chromiumBeta: 45.0.2454.26 -> 45.0.2454.37 2015-08-14 13:46:37 -07:00
William A. Kennington III 6a3b25dbd3 chromium: Updates 2015-08-11 16:08:34 -07:00
aszlig 471cdd15e2
chromium: Update beta and dev channels.
Overview of the updated versions:

beta: 45.0.2454.15 -> 45.0.2454.26
dev:  45.0.2454.15 -> 46.0.2471.2

Changes for getting beta and dev channel to build:

 * The reference for chrome::FILE_FLASH_PLUGIN doesn't exist anymore in
   version 46, because it has been dropped upstream, see the following
   review URL:

   https://codereview.chromium.org/1255943002

   We set the PPAPI Flash path using a command line flag anyway, so it
   doesn't hurt us if we don't patch that path (which was an old
   artifact from the NSAPI->PPAPI conversion anyway).

Changes for the dev channel only:

 * It seems that in the SCM, chrome/test/data/webui/ contains a lot of
   files, however they are missing in the tarball.

   This has been reported upstream at: https://crbug.com/515917

   Our fix is to just not include webui/i18n_process_css_test.html at
   all, to avoid the configure (gyp) phase to fail, because we're not
   building tests anyway.

All channels built and tested by my Hydra instance at:

https://headcounter.org/hydra/eval/218978

Test reports:

x86:    https://headcounter.org/hydra/build/723341/download/1/log.html
x86_64: https://headcounter.org/hydra/build/723342/download/1/log.html

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-08-11 12:17:38 +02:00
William A. Kennington III 5c6aa391fc chromium: Cleanup old patch and update stable 2015-08-05 19:27:29 -07:00
William A. Kennington III 370add9d80 chromium: update.sh Shouldn't use cached hashes as they often change upstream for the same version 2015-08-05 19:25:56 -07:00
Benjamin Staffin 501f667958 chromium: fix opening URLs from associated mime types
It helps to actually pass the URL to chromium :)

Related to 
2015-08-04 14:39:17 -07:00
Benjamin Staffin f098967293 chromium: Fix widevine ppapi plugin loading
See "Running a plugin in Chrome" section at:
https://www.chromium.org/developers/design-documents/pepper-plugin-implementation

The colon between the plugin's description and its mime type is indeed
supposed to be a semicolon, according to that design doc.
2015-08-03 20:37:35 -07:00
William A. Kennington III 85134cc386 chromium: Updates 2015-07-30 12:12:08 -07:00
aszlig 8d34b4a46a
chromium: Add another mirror for Chrome deb.
The only mirror left which still has the .deb for 44.0.2403.89 is
http://mirror.pcbeta.com/, but that one doesn't seem to be reachable
from certain contries.

And according to @CestDiego, it doesn't seem to be reachable from within
the US.

Closes , thanks to @CestDiego for reporting.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Diego Berrocal <cestdiego@gmail.com>
Tested-by: Diego Berrocal <cestdiego@gmail.com>
2015-07-30 19:57:38 +02:00
William A. Kennington III 6cb708c3b3 chromium: Bump 2015-07-26 12:38:34 -07:00
William A. Kennington III 551a26dad1 chromium: Update stable 43 -> 44 2015-07-21 21:59:28 -07:00
William A. Kennington III 35f8386e78 chromium-dev: Update 2015-07-20 18:08:29 -07:00
William A. Kennington III ec5f94fbcc chromium: Minor updates
Notably a version bump for
 Flash Player to 18.0.0.209-r1
2015-07-15 17:55:11 -07:00
aszlig bc5ce1f1b0
chromium: Update stable and beta channels.
Overview of the updated versions:

stable: 43.0.2357.125 -> 43.0.2357.130
beta:   44.0.2403.52  -> 44.0.2403.61

For the beta channel the following changes were necessary:

 * Drop all patches which were added in c290595 because they apply to
   44.0.2403.52 only. The shipped version of Blink was older than the
   one used for Chromium itself and thus contained just the
   cherry-picked patches from upstream Blink.

 * The ffmpegsumo library is now statically linked the same way as in
   the dev version, so let's not try to put it into the output store
   path.

All channels were built successfully on my Hydra at:

https://headcounter.org/hydra/eval/187176

VM tests did also pass and can be found at:

x86:    https://headcounter.org/hydra/build/707636
x86_64: https://headcounter.org/hydra/build/707637

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-04 02:31:45 +02:00
aszlig 7e6d6e034d
chromium: Disable setuid sandbox without errors.
Just silencing the error will not prevent Chromium from trying to start
up the SUID sandbox anyway, thus flooding stderr with:

LaunchProcess: failed to execvp:

After digging a bit in the source code I found out that the SUID sandbox
binary is indeed used, but only for setting oom_score_adj within the
user namespace (as "root"). So let's build the sandbox binary and of
course don't set setuid bit.

These annoying error messages were originally introduced by 0aad4b7 and
I'm deeply sorry for annoying you guys out there with them.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-04 02:31:45 +02:00
aszlig a80437e236
chromium: Remove out-of-tree sandbox derivation.
Since 0aad4b7, we no longer need to have an external sandbox binary,
because the upstream implementation of the user namespace sandbox no
longer needs an external sandbox binary.

In our implementation of the user namespace sandbox, we (ab)used the
setuid sandbox to run non-setuid and set up user namespaces instead.

Because our implementation is no longer needed, we can safely drop the
external binary entirely.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-04 02:31:44 +02:00
aszlig 97ddd04ca9
chromium: Remove obsolete sandbox_userns_36.patch.
The file is no longer referenced since 6a8afa4 and thus can be safely
dropped.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-04 02:31:44 +02:00
aszlig 7143f34970
chromium: Drop references to version 42 and below.
Since 7d217e3 the lowest version number is 43, so all those conditionals
are no longer needed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-23 03:35:30 +02:00
aszlig cadd675e7a
chromium: Disable "hotwording" by default.
There has been some recent news about that component extension on hacker
news:

https://news.ycombinator.com/item?id=9724409

Even though on our side it won't work, because we don't have NaCl
enabled by default or even working (I honestly haven't tested if it even
builds if enabled), we might get to the point where we can build with
NaCl enabled.

But until and even after that day, we want to have explicit control on
whether this extension is enabled.

Please also have a look at these two issues explaining the details
(about component extensions and the hotwording extension in particular):

https://crbug.com/491435
https://crbug.com/500922

Fixes issue .

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-23 03:35:30 +02:00
aszlig c290595e5b
chromium: Update all channels to latest versions.
Overview of the updated versions:

stable: 43.0.2357.124 -> 43.0.2357.125
beta:   44.0.2403.39  -> 44.0.2403.52  [1]
dev:    45.0.2421.0   -> 45.0.2431.0   [2]

[1] Beta channel fixes:

    I had to fetch a patch from a newer revision of Blink (r195908), see
    https://codereview.chromium.org/1157943002/ for more information
    about the patch.

    Here is the failing build log:

    https://headcounter.org/hydra/build/704037/nixlog/2

    Another fix for Blink, was needed in order to get it to build,
    see: https://codereview.chromium.org/1156113007/

    Also I needed to revert https://codereview.chromium.org/1150543002/
    using another patch, because the build won't succeed and bail out
    with WEBRTC_VIDEO_CODEC_FALLBACK_SOFTWARE not being found (it's only
    used once in the source, but isn't defined anywhere). Here are the
    trybot results:

    https://chromium-cq-status.appspot.com/patch-status/1150543002/20001

[2] Dev channel fixes:

    The "ffmpegsumo" shared library is now no longer built, because it
    is now statically linked against Chromium, for details see:

    https://codereview.chromium.org/1141703002

All channels built and tested on my Hydra at:

https://headcounter.org/hydra/eval/178458

Test reports:

x86:    https://headcounter.org/hydra/build/704908/download/1/log.html
x86_64: https://headcounter.org/hydra/build/704914/download/1/log.html

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-23 03:35:30 +02:00
aszlig af54ddf8b6
chromium: Drop plugin_paths patch for old versions.
The patch was for versions prior to version 22, so we no longer need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-11 19:54:11 +02:00
aszlig 6a8afa4bb3
chromium: Fix plugin_paths patch for version 44.
The pepper effects plugin has been removed and migrated to NaCl, so I'm
just dropping the hunk of that patch.

Upstream reviow URL: https://codereview.chromium.org/1085393003

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-11 19:54:11 +02:00
Ambroz Bizjak 58fd4f672f Chromium: Update and build fixes.
Changes included:
- Update versions.
- Use gyp package not gyp_svn1977.
- Remove icu from buildInputs, since this causes a build error due to inferference with use_system_icu=false.
- Remove the hack that inserts the absolute path into gyp files, and pass `--depth .` to gyp. This resolves the `third_party/angle` gyp error.
- Do a normal copy of the source code not a symlink copy. This resolves some link error where the symlinks interfere with relative paths (seems like because gyp resolves symlinks first). Note, this used to be worked around with the absolute path insertion hack.
- Change the bucketURL in update.nix to https (for more secure updates).
2015-06-11 18:23:58 +02:00
William A. Kennington III b07929b0a3 Use libpulseaudio instead of pulseaudio 2015-05-29 14:32:56 -07:00
aszlig b26de39252
gyp: Revive old SVN version to build Chromium.
Works around regression from a305e6855d.

We're also marking it lowPrio to make sure nobody will accidentally
reference it using nix-env -i.

Until we have fixed , we're going to build with the old gyp version
to prevent being affected by https://crbug.com/462153.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-22 11:37:40 +02:00
Vladimír Čunát b7c3c25218 fix ${udev} references (and a few others) 2015-05-05 11:52:08 +02:00
aszlig 310da1b4da
chromium/update: Remove reference to <nixpkgs>.
We shouldn't make assumptions on what is set by NIX_PATH in order to
make it easier to rename that Nix path reference.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-29 08:22:48 +02:00