Commit graph

1495 commits

Author SHA1 Message Date
Kranium Gikos Mendoza
1497998a40 bluejeans: 2.155.17.5 -> 2.160.49-8 2016-06-11 06:29:52 +08:00
Rok Garbas
ea3f1ff7f0 firefox-bin: 47.0b8 -> 47.0b9 2016-05-30 11:27:45 +02:00
aszlig
79d18eb604
chromium: Update dev channel to v52.0.2743.10
With this update we need to rebase the nix_plugin_paths patch, which was
done by @srp and I took it from his comment at:

https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677

Other than that, using libjpeg from nixpkgs fails to link:

https://headcounter.org/hydra/build/1114273

Rather than just using versionAtLeast to check for >= version 52, we're
matching on the explicit version number. That way we can make sure that
we (try to) build with system libjpeg again so we can keep it out of the
overall Chromium build time.

Built and tested using the VM tests on my Hydra at:

https://headcounter.org/hydra/eval/322006

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 19:15:39 +02:00
aszlig
c7a3645e7b
chromium: Remove stuff for versions <= v51
We're already on version 52, so there really is no need to keep all
those conditionals and old patches anymore.

Tested dropping the unconditional build_fixes_46.patch via the Chromium
VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 19:04:22 +02:00
aszlig
0f4095ec50
chromium: Fix hash for beta Debian package
I'm not sure how the wrong hash ended up being there, but I've checked
the hash from three different machines (and networks) just to be sure I
didn't make a mistake.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-28 18:57:15 +02:00
Scott R. Parish
e2d067d760
chromium: Update to latest stable and beta channel
Overview of updated versions:

stable: 50.0.2661.102 -> 51.0.2704.63
beta: 51.0.2704.47 -> 51.0.2704.63

I tried to update dev, but couldn't get it to compile, it was failing
with a "'isnan' was not declared in this scope.

As far as I can tell, at the moment the beta and stable channels are
on the same version.

The stable update addresses the following security issues:

  * High   CVE-2016-1672: Cross-origin bypass in extension bindings. Credit
                          to Mariusz Mlynski.
  * High   CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz
                          Mlynski.
  * High   CVE-2016-1676: Cross-origin bypass in extension bindings. Credit
                          to Rob Wu.
  * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of
                        Qihoo 360.
  * High   CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  * High   CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  * High   CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * High   CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic
                          of Cisco Talos.
  * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to
                          KingstonTime.
  * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas
                          Gregoire.
  * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu
                          of Tencent's Xuanwu LAB.
  * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte
                          Kettunen of OUSPG.
  * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  * Low    CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen
                          of OUSPG.
  * Low    CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit
                          to Til Jasper Ullrich.
  * Low    CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to
                          Khalil Zhani.
  * Low    CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan
                          Lester and Bryant Zadegan.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
2016-05-28 18:12:39 +02:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Rok Garbas
1908c90412 firefox-bin: 47.0b7 -> 47.0b8 2016-05-25 11:42:40 +02:00
Rok Garbas
03f36a4141 firefox-bin: 47.0b5 -> 47.0b7 2016-05-24 12:36:23 +02:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
825bd69b38 treewide: Make explicit that 'dev' output of boehmgc is used 2016-05-19 10:00:27 +02:00
Nikolay Amiantov
5445e521b6 firefox: restore gstreamer support for older firefox releases 2016-05-19 00:28:49 +03:00
Franz Pletz
2007e9b140
firefox: reenable libvpx as 1.5 is now available 2016-05-17 01:05:46 +02:00
Tobias Geerinckx-Rice
e8db151fa3
firefox-bin: fix evaluation 2016-05-15 23:22:50 +02:00
aszlig
ad2c8d3510
chromium: Update to latest beta and dev channels
Overview of the updated versions:

beta: 50.0.2661.49 -> 51.0.2704.47
dev:  51.0.2693.2  -> 52.0.2729.3

It has been a while since we had a major Chromium update that compiled
and worked without troubles, but version 52 builds and the VM tests are
successful as well:

https://headcounter.org/hydra/eval/320335

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-15 05:17:51 +02:00
Rok Garbas
d4fe0f522e firefox-bin: adding developer and beta channel 2016-05-15 03:00:44 +02:00
Nikolay Amiantov
e81c6c7768 firefox: upstream moved to ffmpeg from gstreamer
Sadly, they don't support using system library yet (or I was unattentive).
2016-05-15 01:06:39 +03:00
Scott R. Parish
5ebf20db0f
chromium: Update stable to 50.0.2661.102 for multiple security fixes
This addresses the following security fixes:

 * High   CVE-2016-1667: Same origin bypass in DOM. Credit to
                         Mariusz Mlynski.
 * High   CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit
                         to Mariusz Mlynski.
 * High   CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
 * Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
 * Medium CVE-2016-1671: Directory traversal using the file scheme on
                         Android. Credit to Jann Horn.

See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

Signed-off-by: Scott R. Parish <srparish@gmail.com>
Tested-by: aszlig <aszlig@redmoonstudios.org>
Closes: #15446
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-14 22:04:56 +02:00
Vladimír Čunát
3e387c3e00 Merge branch 'staging'
Darwin isn't in a perfect state, in particular its bootstrap tools won't
build which will block nixpkgs channel. But on the whole it seems
acceptable.
2016-05-13 10:14:53 +02:00
taku0
cade2f36e5 flashplayer: 11.2.202.616 -> 11.2.202.621 2016-05-12 21:58:26 +09:00
Vladimír Čunát
6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Eelco Dolstra
86c45ba50d google-talk-plugin: 5.4.2.0 -> 5.41.0.0 2016-05-11 20:18:30 +02:00
Kranium Gikos Mendoza
a36f721630 bluejeans: 2.125.24.5 -> 2.155.17.5 2016-05-11 21:47:12 +08:00
Eelco Dolstra
cb37ab146b Add mirror://mozilla scheme 2016-05-09 19:37:22 +02:00
Eelco Dolstra
de22402f85 firefox-esr: 45.0.2 -> 45.1.1 2016-05-09 15:28:13 +02:00
Eelco Dolstra
02d01dc7c5 firefox: 46.0 -> 46.0.1 2016-05-09 15:27:06 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
taku0
07a83f226e firefox-bin: fixed missing icon 2016-05-08 17:06:08 +09:00
Wei Tang
4d15758984 firefox: Fix build due to commit #ab0a0c 2016-05-08 05:58:02 +02:00
Vladimír Čunát
1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
aszlig
3f7735fe65
chromium+chrome: Don't import update.nix directly
Regression introduced by f28b71023c.

Let's now expose and use the upstream-info attribute via the main
Chromium derivation, so that other packages like the google-chrome
package doesn't need to rely on internals of the Chromium
implementation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-04 23:12:33 +02:00
aszlig
f28b71023c
chromium/updater: Don't import <nixpkgs> again
This effectively resets the attributes given at the point the main
<nixpkgs> is imported and thus for example is also reading in stuff like
~/.nixpkgs/config.nix again, which might lead to unexpected results.

We now only import <nixpkgs> now if the updater is auto-called (like in
update.sh), otherwise the required attributes are passed by callPackage
within the Chromium scope.

I remember noting about this a while ago either on IRC or on GitHub, but
I can't find it right now, so thanks to @obadz for reminding me about
this in #15225.

Tested this by running the updater and also using:

NIXPKGS_CONFIG=$(pwd)/broken.nix nix-instantiate --arg config {} -A chromium

The contents of broken.nix were:

EVALERR{

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15225
2016-05-04 22:35:24 +02:00
Arseniy Seroka
9cb8abe846 Merge pull request #15208 from taku0/firefox-bin-46.0.1
firefox-bin: 45.0.2 -> 46.0.1
2016-05-04 21:38:47 +03:00
Eelco Dolstra
1f84e43239 Do some large, concurrency-capable builds on dedicated machines 2016-05-04 18:16:27 +02:00
Eelco Dolstra
f2d24b9840 chromium: Disable Hydra builds of -dev and -beta
It's not the job of Nixpkgs to distribute beta versions of upstream
packages. More importantly, building these delays channel updates by
several hours, which is bad for our security fix turnaround time.
2016-05-04 18:16:27 +02:00
taku0
90f5be3133 firefox-bin: 45.0.2 -> 46.0.1 2016-05-04 14:50:17 +09:00
Tuomas Tynkkynen
aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Nikolay Amiantov
3a52c5fa7d firefox: fix library path
Fixes #15126
2016-05-01 12:26:39 +03:00
Nikolay Amiantov
87ebab128a replace ${stdenv.cc.cc}/lib occurences 2016-05-01 00:13:23 +03:00
Tim Steinbach
1142b402a8 vivaldi: Clean up 2016-04-29 01:19:15 +00:00
Tim Steinbach
25290a9f15 vivaldi: 1.0 -> 1.1 2016-04-28 23:54:05 +00:00
Eelco Dolstra
930d243ea4 firefox: 45.0.2 -> 46.0
Still using GTK+ 2 for now, since apparently building with GTK+ 3
still requires GTK+ 2, increasing the closure size. (#15008)
2016-04-28 13:39:12 +02:00
Arseniy Seroka
52b64cedec Merge pull request #15016 from jagajaga/eid
open-eid
2016-04-28 13:56:09 +03:00
Arseniy Seroka
f6d7cefa7b
esteidfirefoxplugin: init at 3.12.1.1142 2016-04-27 11:38:09 +03:00
Nikolay Amiantov
ab0a0c004e makeSearchPathOutputs: refactor to makeSearchPathOutput 2016-04-25 13:24:39 +03:00
Nikolay Amiantov
bab152826f arora: move to qmake4Hook 2016-04-20 18:55:45 +03:00
Gabriel Ebner
4003d16d66 qutebrowser: 0.6.0 -> 0.6.1 2016-04-17 15:38:12 +02:00
Pascal Wittmann
ea4f08a919 Merge pull request #14742 from mbakke/dwb
dwb: 2015-07-07 -> 2016-03-21
2016-04-15 23:12:31 +02:00
Marius Bakke
2500945b31 dwb: 2015-07-07 -> 2016-03-21 2016-04-15 21:26:17 +01:00