1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-24 19:08:30 +00:00
Commit graph

128 commits

Author SHA1 Message Date
Jörg Thalheim 1b146a8c6f
treewide: remove paxutils from stdenv
More then one year ago we removed grsecurity kernels from nixpkgs:
https://github.com/NixOS/nixpkgs/pull/25277

This removes now also paxutils from stdenv.
2018-12-22 12:55:05 +01:00
Herwig Hochleitner ccb93eb6b0 chromium: update conditionals and gcc patches for min version 71
(cherry picked from commit 604579e45f10ce5ccadd76c71f1bac648bd0971d)
2018-12-09 04:11:27 +01:00
Herwig Hochleitner bac76e8a9e chromium: add jdk.jre to build dependencies for versions >= 72
thanks for finding out @volth
see 6fba9250aa
2018-11-20 01:01:51 +01:00
Domen Kožar 89ede978a0
chromium: use jumbo builds to speedup compilation
On Hetzner machine with 1 core: 4h40m
On Hetzner machine with 8 cores: 1h20m
2018-11-01 17:51:51 +00:00
Herwig Hochleitner ed91407784 Revert "chromium: make gcc8 build available via buildWithGcc flag"
This partially reverts commit
b70ab5c405 (except for depending gnome2)

see #48922
2018-10-28 17:10:53 +01:00
Herwig Hochleitner b70ab5c405 chromium: make gcc8 build available via buildWithGcc flag 2018-10-28 16:00:46 +01:00
volth d2daf0dd6f chromium: build with clang 2018-10-28 16:00:45 +01:00
Herwig Hochleitner bb03fbc2c8 chromium: 69.0.3497.100 -> 70.0.3538.67 2018-10-24 19:38:51 +02:00
volth d767ba9996 chromium 71+: there is no more option 'use_gtk3' (#48595) 2018-10-17 23:04:15 +02:00
volth d039722d0e chromium 71+: add at-spi2-core dependency (#48594) 2018-10-17 23:03:43 +02:00
volth 0c8cdb53f6 chromium: fix aarch64 build (#48586)
* chromium: fix aarch64 build

* chromium: use more stable urls
2018-10-17 01:21:29 +02:00
Yuriy Taraday c098f143b4 chromium: 68.0.3440.106 -> 69.0.3497.81
Also update to build with external gn.
2018-09-07 23:34:47 +04:00
Daiderd Jordan 80aca28e34
harfbuzz: add harfbuzzFull and remove other variants 2018-08-21 21:04:15 +02:00
Yuriy Taraday cd3283f921 chromium: 67.0.3396.99 -> 68.0.3440.75 2018-07-27 14:38:23 +02:00
volth 52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
volth 87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Yuriy Taraday 06ec2a9f19 chromium: fix 68 (beta) build
Also replace openh264 patch with one landed in upstream.
2018-07-14 23:07:46 +04:00
Niklas Hambüchen 95358db956 chromium: Abort build on gn warnings. Fixes #42189.
Also fix such obsolete flags:

* `use_gconf` was already known to become obsolete with Chromium 65
* `enable_hotwording` has been removed in upstream commit d693f0c7ab
2018-06-19 02:56:27 +02:00
Yuriy Taraday d23da8229b chromium: 67.0.3396.62 -> 67.0.3396.87
Contains fixes for CVE-2018-6148 [0] and CVE-2018-6149 [1].

Also add a patch to fix one problem with 68 (Beta) build. I'm still
working on fixing Beta.

[0] https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html
[1] https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_12.html
2018-06-13 16:28:18 +04:00
Yuriy Taraday e4810965c0 chromium: fix build for 67 2018-05-31 00:33:42 +04:00
Yuriy Taraday 88007f819d chromium: remove outdated patches 2018-05-31 00:28:51 +04:00
Yuriy Taraday 72d7b5ddb1 chromium: fix nix_plugin_paths for 68+ 2018-05-31 00:27:14 +04:00
Yuriy Taraday 584006a85e chromium: fix crashpad build 2018-05-31 00:27:14 +04:00
Herwig Hochleitner c07c23b914 chromium: 66.0.3359.117 -> 66.0.3359.139 2018-05-02 02:44:15 +02:00
Léo Gaspard 905b03bce2 chromium: fix build on aarch64
chromium build on aarch64 failed with:
```
FAILED: obj/skia/skia/convolver_neon.o
g++ -MMD -MF obj/skia/skia/convolver_neon.o.d -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCXXABI_DISABLE_VISIBILITY_ANNOTATIONS -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_HAS_JPEG_LIBRARY -DSK_SUPPORT_GPU=1 -DSK_FREETYPE_MINIMUM_RUNTIME_VERSION=\(\(\(FREETYPE_MAJOR\)\ \*\ 0x01000000\)\ \|\ \(\(FREETYPE_MINOR\)\ \*\ 0x00010000\)\ \|\ \(\(FREETYPE_PATCH\)\ \*\ 0x00000100\)\) -DSK_GAMMA_EXPONENT=1.2 -DSK_GAMMA_CONTRAST=0.2 -DSK_DEFAULT_FONT_CACHE_LIMIT=20971520 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DFT_CONFIG_CONFIG_H=\"freetype-custom-config/ftconfig.h\" -DFT_CONFIG_MODULES_H=\"freetype-custom-config/ftmodule.h\" -DFT_CONFIG_OPTIONS_H=\"freetype-custom-config/ftoption.h\" -DPDFIUM_REQUIRED_MODULES -DCHROMIUM_RESTRICT_VISIBILITY -DUSE_LIBJPEG_TURBO=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -DUCHAR_TYPE=uint16_t -DUSE_SYSTEM_ZLIB=1 -I../.. -Igen -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/encode -I../../third_party/skia/include/gpu -I../../third_party/skia/include/images -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl -I../../third_party/skia/include/codec -I../../third_party/skia/include/private -I../../third_party/skia/include/client/android -I../../third_party/skia/src/codec -I../../third_party/skia/src/core -I../../third_party/skia/src/image -I../../third_party/skia/src/images -I../../third_party/skia/src/opts -I../../third_party/skia/src/pdf -I../../third_party/skia/src/ports -I../../third_party/skia/src/shaders -I../../third_party/skia/src/shaders/gradients -I../../third_party/skia/src/sfnt -I../../third_party/skia/src/utils -I../../third_party/skia/src/lazy -I../../third_party/skia/third_party/gif -I../../third_party/skia/src/effects/gradients -Igen/shim_headers/libpng_shim -Igen/shim_headers/zlib_shim -I../../third_party/freetype/include -I../../third_party/freetype/src/include -I../../third_party/harfbuzz-ng/src -I../../third_party/libjpeg_turbo -I../../third_party/fontconfig/src -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -I../../third_party/sfntly/src/cpp/src -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread -fno-omit-frame-pointer -g0 -fno-builtin-abs -fvisibility=hidden -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -fno-delete-null-pointer-checks -Wno-missing-field-initializers -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -isystem/nix/store/smmxgfkqaqqh43d5gmv5p3abcq19hkzy-glib-2.56.0-dev/include/glib-2.0 -isystem/nix/store/yn3bbw1sxg19h07wzn16k0ja58wr9yiz-glib-2.56.0/lib/glib-2.0/include -isystem/nix/store/f82jgynysk9mvhyfavfzims41zkskb3c-libpng-apng-1.6.34-dev/include/libpng16 -isystem/nix/store/56i89kfi2nmjrv8hifsz6zikr6pq1avw-zlib-1.2.11-dev/include -std=gnu++14 -fno-exceptions -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include -fvisibility-inlines-hidden -Wno-narrowing -c ../../skia/ext/convolver_neon.cc -o obj/skia/skia/convolver_neon.o
../../skia/ext/convolver_neon.cc: In function 'int32x4_t skia::AccumRemainder(const unsigned char*, const Fixed*, int)':
../../skia/ext/convolver_neon.cc:26:65: error: cannot convert '<brace-enclosed initializer list>' to 'int32x4_t {aka __vector(4) int}' in return
   return {remainder[0], remainder[1], remainder[2], remainder[3]};
                                                                 ^
```

The following patch appears to fix this build issue.

Source: b84682f31d%5E%21/#F0
Suggested-by: @dezgeg
2018-04-29 18:38:38 +03:00
Léo Gaspard a07881c8b8 chromium: skia patch appears to be still needed with 66 on aarch64
Cc @chaoflow @bendlas
Replaces #39628
2018-04-29 18:38:38 +03:00
Herwig Hochleitner 2b29e40153 chromium: 65.0.3325.181 -> 66.0.3359.117
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
2018-04-21 14:57:45 +02:00
Andrew Childs 3928fd9081 Chromium: fix skia build on aarch64
Patch imported from Arch Linux ARM
2018-03-20 00:20:42 +02:00
Yuriy Taraday ebce42146f chromium: fix GCC 7 related build issues
Also clean up unused patches.
2018-03-10 03:31:55 +04:00
Herwig Hochleitner 9b4ffd98a4 chromium: 64.0.3282.186 -> 65.0.3325.146
see https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

cc @aszlig @YorikSar

CVE-2017-11215
CVE-2017-11225
CVE-2018-6060
CVE-2018-6061
CVE-2018-6062
CVE-2018-6057
CVE-2018-6063
CVE-2018-6064
CVE-2018-6065
CVE-2018-6066
CVE-2018-6067
CVE-2018-6068
CVE-2018-6069
CVE-2018-6070
CVE-2018-6071
CVE-2018-6072
CVE-2018-6073
CVE-2018-6074
CVE-2018-6075
CVE-2018-6076
CVE-2018-6077
CVE-2018-6078
CVE-2018-6079
CVE-2018-6080
CVE-2018-6081
CVE-2018-6082
CVE-2018-6083
2018-03-09 03:02:49 +01:00
Vladimír Čunát 565bd805e6
Merge branch 'master' 2018-03-05 14:53:27 +01:00
Herwig Hochleitner c2339ed75a chromium: replace ninja workaround with upstream patch
https://github.com/NixOS/nixpkgs/issues/35296

This reverts workaround commit e3cb6e7772.
2018-02-27 00:08:38 +01:00
Jan Tojnar a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Alexander V. Nikolaev 0acec7e984 treewide: transition mesa to libGLU_combined 2018-02-24 17:06:49 +02:00
Herwig Hochleitner 0d20bf0287 chromium: 64.0.3282.140 -> 64.0.3282.167
[806388] High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
2018-02-15 01:22:46 +01:00
Herwig Hochleitner 7a2662569d chromium: 63.0.3239.132 -> 64.0.3282.119
CVE-2018-6031
CVE-2018-6032
CVE-2018-6033
CVE-2018-6034
CVE-2018-6035
CVE-2018-6036
CVE-2018-6037
CVE-2018-6038
CVE-2018-6039
CVE-2018-6040
CVE-2018-6041
CVE-2018-6042
CVE-2018-6043
CVE-2018-6045
CVE-2018-6046
CVE-2018-6047
CVE-2018-6048
CVE-2017-15420
CVE-2018-6049
CVE-2018-6050
CVE-2018-6051
CVE-2018-6052
CVE-2018-6053
CVE-2018-6054
2018-01-25 20:34:04 +01:00
Andrew Childs e8926be6bf chromium: Configure aarch64 toolchain 2018-01-22 00:41:03 +02:00
Herwig Hochleitner dbb774c5e1 chromium: update 63.0.3239.108 -> 63.0.3239.132
this introduces a standard approach to playing with patches from the
gentoo repository.

the patches for 64 are a first guess during a build in progress

cc @YorikSar @aszlig
2018-01-09 02:20:07 +01:00
Yuriy Taraday 994a614ca3 chromium: 62.0.3202.94 -> 63.0.3239.84
New stable release with bunch of security fixes and other changes [0]

Also:
* remove patch for dev already landed upstream
* remove patches specific to version 62
* dev is broken again, need to investigate failures

[0] https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
2017-12-09 01:12:32 +01:00
Guillaume Maudoux 84fb41dd26 chromium: hardcode xdg_utils path in system calls
ref #23518
2017-11-10 01:26:35 +01:00
Yuriy Taraday 7105bb68cc chromium: 62.0.3202.75 -> 62.0.3202.89
Includes security fixes for CVE-2017-15398 and CVE-2017-15399.

Also fixes builds for beta and dev branches:
- backport https://webrtc-review.googlesource.com/9384 to fix build for
  new webrtc revision
- for dev branch fix gn bootstrap, see
  https://chromium-review.googlesource.com/758584
- for 63+ manpage now is not generated during ninja build, it is
  processed with sed using packagers tools included in sources
2017-11-10 01:19:23 +01:00
Yuriy Taraday da3c404e58 chromium: 62.0.3202.62 -> 62.0.3202.75
also fix beta/dev build - use harfbuzz from sources

Unfortunatelly after [0] chromium doesn't support using harfbuzz provided by
system while using vendored version of freetype.
Disabling usage of separate harfbuzz for now.

[0] https://chromium-review.googlesource.com/c/chromium/src/+/696241
2017-10-28 11:45:31 +02:00
Yuriy Taraday f0a0f02b22 chromium: 61.0.3163.100 -> 62.0.3202.62
Also updated most of patches according to their state in Gentoo
repository, deleted ones that are not applicable anymore.
2017-10-21 15:55:42 +02:00
Robin Gloster c8a2265513
Revert "chromium: take into account new nss header layout"
This reverts commit df41edfe1c.
2017-10-09 20:50:02 +02:00
Michael Raskin df41edfe1c chromium: take into account new nss header layout 2017-10-09 18:15:30 +02:00
Herwig Hochleitner 93aaeaccc2 chromium: separate patches for beta and dev builds
fixes beta and dev builds
2017-09-28 19:53:20 +02:00
Herwig Hochleitner 2773508b5d chromium: 60.0.3112.113 -> 61.0.3163.79
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
2017-09-14 20:15:57 +02:00
Vladimír Čunát 017561209e
chromium: try to hack around Hydra problems
Discussion: https://github.com/NixOS/nixpkgs/commit/e8f1ddcbd1d
2017-09-01 12:24:47 +02:00
Herwig Hochleitner bb397093b5 chromium: add build flags and system libs
This is lifted from the Arch build recipe:
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/chromium

using system libjpeg still doesn't work for some reason, otherwise the
build runs fine
2017-08-11 11:17:14 +02:00
Herwig Hochleitner 8dc869e340 chromium: 59.0.3071.115 -> 60.0.3112.78
get rid of outdated version branches and patches
take a patch from gentoo, to fix gn bootstrapping
2017-08-11 11:17:14 +02:00