1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 16:42:09 +00:00
Commit graph

1414 commits

Author SHA1 Message Date
Nikolay Amiantov d45ac41e87 flashplayer: cleanup, add comment to maintainers 2016-04-08 17:18:54 +03:00
taku0 28232c3746 flashplayer: fix build on 32-bit platform 2016-04-08 16:55:51 +03:00
taku0 03e74fb117 flashplayer: 11.2.202.577 -> 11.2.202.616 2016-04-08 22:11:29 +09:00
Gabriel Ebner ab58c22d6a Merge pull request #14528 from kragniz/qutebrowser-0.6.0
qutebrowser: 0.5.1 -> 0.6.0
2016-04-08 07:09:10 +02:00
Louis Taylor 21c78411da qutebrowser: 0.5.1 -> 0.6.0 2016-04-08 05:59:05 +01:00
Markus Wotringer 90624dcf89 conkeror: 1.0pre-20150730 -> 1.0pre-20160130 2016-04-05 14:34:42 +02:00
Eelco Dolstra 2f0195003e firefox-esr: Fix name
The Firefox wrapped called itself "firefox" rather than "firefox-esr".

Also eliminate a use of splitString which is evil and should never be
used.
2016-04-01 13:51:24 +02:00
aszlig ef753d210e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 49.0.2623.87 -> 49.0.2623.110
beta:   50.0.2661.26 -> 50.0.2661.49
dev:    50.0.2661.18 -> 51.0.2693.2

Most notably, this includes a series of urgent security fixes:

 * CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
                  Tencent KeenLab.
 * CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
 * CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
 * CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
                  working with HP's Zero Day Initiative / Pwn2Own.
 * CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction

The official release announcement with details about these fixes can be
found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.

As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:

 * libexif got removed, so let's do that on our end as well.
   See https://codereview.chromium.org/1803883002 for details.
 * Chromium doesn't seem to compile with our version of libpng, so let's
   resort to the bundled libpng for now.
 * site_engagement_ui.cc uses isnan outside of std namespace, so
   we're fixing that in postPatch using sed.

I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.

Test reports can be found at the following evaluation of my Hydra:

https://headcounter.org/hydra/eval/314584

Thanks to @grahamc for reporting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: #14299
2016-03-30 15:24:39 +02:00
aszlig f9fff51c2a
chromium: Link using gold linker flags
I originally wanted to do this a long time (a31301d) but IIRC back then
it didn't compile. Nowadays with the splitup of the gold linking flags
and the binutils integration, it's merely just a switch to flip, so
let's do that.

Only tested it by building against the current Chromium stable version
on 64bit, because right now builds on Hydra seem to time out (because of
this?) anyway so we have nothing to lose here.

The linking time was hereby reduced from >30 minutes (I didn't measure
it exactly but looked half an hour later to the build progress and it
was *still* linking) to about a few seconds, which I guess is even
though the measurement is quite bogus a tremendous improvement
nonetheless.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-28 11:41:13 +02:00
Michael Raskin 891fa19e29 Fix Midori build 2016-03-28 00:02:10 +02:00
Vladimír Čunát ec4685cf70 firefox-esr: fix build after 574a6d34d2
We're now using only newer versions that have ./configure in the root.
${pname} isn't the correct directory name for esr versions.
2016-03-26 09:13:58 +01:00
Eelco Dolstra 574a6d34d2 firefox-esr: 38.6.1 -> 45.0.1 2016-03-25 15:03:31 +01:00
Eelco Dolstra 79d6dc91fe firefox: 45.0 -> 45.0.1 2016-03-25 15:00:50 +01:00
aszlig 4d305102e0
google-chrome: Fix fetching upstream binary
Commit aa097946d2 only fixed evaluation.

Ssince 37dbd62 however, the fetchurl call is already implied so just
changing the path will still result in fetchurl (fetchurl ...), so let's
drop the outer fetchurl.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @msteen, @benley
2016-03-21 16:15:18 +01:00
Vladimír Čunát aa097946d2 chrome: fix evaluation after 6041cfe2af 2016-03-21 12:04:33 +01:00
aszlig 5ebd629c6f
chromium: Fix comment of upstream-info.nix
As of 6041cfe, the upstream-info.nix (back then it was called
sources.nix) is no longer in the source/ subdirectory, so we need to fix
that comment to say that the file is autogenerated from update.sh in the
*same* directory.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 23:10:13 +01:00
aszlig fb65a0048a
chromium: Revert working around --sysroot filter
This reverts commit 5979946c41.

I have tested this by building against the stable version of Chromium
and it seems to compile just fine, so it doesn't seem to be needed
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 21:05:49 +01:00
aszlig 1f497204f7
chromium: Show status about precompiling .py files
Only a aesthetics thingy, but also corrects the comment, because we're
essentially precompiling .py files, NOT the .pyc files (the latter are
the results).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 18:44:56 +01:00
aszlig 4f981b4f84
chromium: Move source/default.nix into common.nix
This addresses #12794 so that we now have only a single tarball where we
base our build on instead of splitting the source into different outputs
first and then reference the outputs.

The reason I did this in the first place is that we previously built the
sandbox as a different derivation and unpacking the whole source tree
just for building the sandbox was a bit too much.

As we now have namespaces sandbox built in by default we no longer have
that derivation anymore. It still might come up however if we want to
build NaCl as a separate derivation (see #8560), but splitting the
source code into things only NaCl might require is already too much work
and doesn't weight out the benefits.

Another issue with the source splitup is that Hydra now has an output
limit for non-fixed-output derivations which we're already hitting.

Tested the build against the stable channel and it went well, but I
haven't tested running the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:50:17 +01:00
aszlig 37dbd62a83
chromium: Move fetchurl calls to getChannel
We always do something like "fetchurl channelProduct", so let's move it
to getChannel directly so we can avoid those fetchurl calls all over the
place.

Also, we can still access subattributes from the fetchurl call if we
need to, so there really is no need to expose the product's attributes
directly.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:13:44 +01:00
aszlig 4984a2bf76
chromium/plugins: Break long line
Yes, I know I'm a bit nitpicky, but lines >80 chars are very ugly if you
have two windows side-by-side.

Thus no feature changes here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:07:28 +01:00
aszlig 985df3900d
chromium/common.nix: Remove unreferenced attrs
We're going to refactor things anyway, so let's first get rid of
everything that's not used anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:01:58 +01:00
aszlig 6041cfe2af
chromium/source: Move update.nix to parent dir
We now should have only the default.nix left in the source directory and
we can start to factor out the pieces into the Chromium main derivation
attributes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:53:08 +01:00
aszlig 2d9a604907
chromium: Rename sources.nix to upstream-info.nix
The "sources.nix" also contains information about where to get binary
packages, so calling it "upstream-info.nix" fits better in terms of
naming.

Also, we're moving it away from the sources dir, because the latter will
soon vanish.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:48:54 +01:00
aszlig d6b11ed722
chromium/source: Move patches into its own subdir
We're going to reference the patches in the Chromium main build rather
than applying it to the sources. So as a first step, this should keep
the patches away from the "source" subdirectory so we can make it flat.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:44:34 +01:00
taku0 9aa6ca99e4 firefox-bin: 45.0 -> 45.0.1 2016-03-19 14:28:10 +09:00
Tobias Geerinckx-Rice 87ca9b9629 lynx: use full version, ‘official’ URI & lib.optionals 2016-03-18 08:03:48 +01:00
Vladimír Čunát 9be0c7d463 firefox: disable optimization hack (i686-linux)
It seems to build fine even without it, so the original reason doesn't
hold anymore:
https://github.com/NixOS/nixpkgs/commit/f4b5671b0d9e8904a4ad6b3fd85268
2016-03-16 10:05:09 +01:00
宋文武 93feb5d115 drop my maintainership (close #13881) 2016-03-13 18:39:01 +01:00
aszlig c6834ab527
Merge pull request #13821 (update chromium)
This is just a minor upgrade, even though the commit message says it's
to major version 50. However, the CVEs listed there are for real, see
the following announcement:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html

The summary of updated packages:

stable: 49.0.2623.75 -> 49.0.2623.87
beta:   49.0.2623.75 -> 50.0.2661.26
dev:    50.0.2661.11 -> 50.0.2661.18

I've also added two commits, fixing the chdir() in the updater and
shutting up Python precompilation errors during the preBuild phase.

Tested on my Hydra at:

https://headcounter.org/hydra/eval/312166
2016-03-13 12:23:22 +01:00
aszlig a62f100ec3
chromium/update.sh: Allow to be called out-of-tree
Changing the working directory to
pkgs/applications/networking/browsers/chromium is a bit annoying, so
let's make sure the script can be called from anywhere.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
aszlig f7e2171937
chromium/common: Shut up about precompiling .pyc's
The errors are completely non-fatal and only cause a particular file to
be not precompiled. Unfortunately this can lead to confusion to whether
these errors are real errors or not, so let's shut it up completely
because they're *not* real errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
Eelco Dolstra 0d6d91739f firefox: 44.0.2 -> 45.0 2016-03-11 15:10:05 +01:00
taku0 218901bdb6 flashplayer: 11.2.202.559 -> 11.2.202.577 2016-03-11 10:11:08 +09:00
Graham Christensen e54434751a chromium: 49.0.2626.75 -> 50.0.2661.26 for CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 2016-03-10 14:57:29 -06:00
taku0 153468aa5e firefox-bin: 44.0.2 -> 45.0 2016-03-09 09:06:42 +09:00
aszlig 8b97ca270e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 48.0.2564.116 -> 49.0.2623.75
beta:   49.0.2623.63  -> 49.0.2623.75
dev:    50.0.2657.0   -> 50.0.2661.11

Stable and beta are now in par because of the release of a major stable
update.

The release addresses 26 security vulnerabilities, the following with an
assigned CVE:

 * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
 * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
 * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and
                  Bryant Zadegan.
 * CVE-2015-8126: Out-of-bounds access in libpng. Credit to
                  joerg.bornemann.
 * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
 * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
 * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
 * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan
                  Herrera.
 * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of
                  OUSPG.

The full announcement which also includes the link to the bug tracker
can be found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html

Also, the 32bit Chrome package needed for the Flash and Widevine plugins
doesn't exist anymore, because Google has dropped support for 32bit
distros, see here for the announcement:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU

On our end, we need to fix the patch for the plugin paths to work for
the latest dev channel. The change is very minor, because the
nix_plugin_paths_46.patch only doesn't apply because of an iOS-related
ifdef.

Built and tested on my Hydra at:

https://headcounter.org/hydra/eval/311511

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #13665
2016-03-05 22:53:13 +01:00
aszlig c3d82f0fbf
chromium/updater: Fix eval error on stdenv.is32bit
There is no stdenv.is32bit, so let's just use !stdenv.is64bit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 03:16:26 +01:00
aszlig 8d5accb691
chromium/updater: Fix getting latest versions
Comparing the current version with the version in sources list and
accidentally swapping the version arguments isn't going to get very far
because every new version that will come up will then be treated as "we
already have that version".

So we're now using versionOlder and also a check whether the version is
the *same* as the one in sources.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 02:55:00 +01:00
Derek Gonyeo f681ceb593 uzbl: version 20120514 -> v0.9.0 2016-03-01 23:15:26 -05:00
Luca Bruno 5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
aszlig 54b4912566
chromium: Regenerate sources.nix with new updater
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig 28b289efa6
chromium: Refactor updater entirely in Nix
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.

Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.

The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.

This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig 716b79d3a5
chromium: Provide SHA256s for beta/dev plugins
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
aszlig 459642b8de
chromium/updater: Allow a single plugin arch
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.

Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.

This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
zimbatm 30891166be Merge pull request #11997 from benley/google-chrome-variants
google-chrome: add -beta and -unstable variants
2016-02-26 00:13:00 +00:00
Graham Christensen 712d59225e chromium{,Beta,Dev}: 48.0.2564.97 -> 48.0.2564.116
From the debian security mailing list:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.

CVE-2016-1623

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

    lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.

CVE-2016-1626

    An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

    It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

    An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.
2016-02-25 12:00:12 -06:00
zimbatm 7848d215f4 Merge pull request #13094 from nathan7/chromium-flash-version-jq
chromium/plugins: use jq for extracting the Flash version
2016-02-23 22:45:42 +00:00
Frederik Rietdijk 4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Nathan Zadoks 2610986991 chromium/plugins: use jshon for extracting the Flash version from JSON 2016-02-19 12:31:08 +01:00