The attached patch advances the version of the fossil expression in
Nixpkgs to the latest release 1.36
From fdd5d610e35eed355f5f3fec9d3675aa60f36292 Mon Sep 17 00:00:00 2001
From: Karn Kallio <kkallio@skami.org>
Date: Tue, 8 Nov 2016 20:23:22 -0400
Subject: [PATCH] fossil : advance to version 1.36
This brings in the new stable version 54 which also introduces a lot of
security fixes:
CVE-2016-5198: Out of bounds memory access in V8
CVE-2016-5181: Universal XSS in Blink
CVE-2016-5182: Heap overflow in Blink
CVE-2016-5183: Use after free in PDFium
CVE-2016-5184: Use after free in PDFium
CVE-2016-5185: Use after free in Blink
CVE-2016-5187: URL spoofing
CVE-2016-5188: UI spoofing
CVE-2016-5192: Cross-origin bypass in Blink
CVE-2016-5189: URL spoofing
CVE-2016-5186: Out of bounds read in DevTools
CVE-2016-5191: Universal XSS in Bookmarks
CVE-2016-5190: Use after free in Internals
CVE-2016-5193: Scheme bypass
Detailed announcements about these changes can be found here (latest to
oldest):
https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.htmlhttps://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.htmlhttps://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html
The update process of Chromium has been a bit bumpy on our side, because
version 54 also did the switch from GYP to GN so it wasn't just a matter
of updating the upstream-info file.
I've tested the Flash plugin (which runs fine) and WideVine manually,
although I couldn't get WideVine to work (I was running this within a VM
though).
So if people want to use WideVine they need to use Chrome instead until
we got this sorted out.
VM test results along with builds for all platforms can be found here:
https://headcounter.org/hydra/eval/339328
I'm going to backport these changes to stable as soon as the
tests/builds succeed there as well.
Closes: #19565Closes: #20120
Sometimes it happens that the "Type to search or enter a URL to
navigate" popup doesn't show, but all we need to know at this time is
whether Chromium has finished starting up.
So checking for the "startup done" page is a better option here.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Versions before 56 already had experimental support for Gtk 3 and since
version 56, Gtk 3 _seemed_ to become the default. Although it's now
requiring *both* Gtk 2 and Gtk3, so let's supply the dependency for now
to get it to build.
In the future however we might want to add use_gtk3 to the GN flags and
get rid of Gtk 2 completely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Before version 54, the WideVine CDM plugin was built unconditionally and
it seems since version 54 this now is dependent upon a GYP/GN flag on
whether to include the CDM shared library or not.
Also, we now use a patch from Gentoo which should hopefully get the CDM
plugin to work properly, at least according to their bugtracker:
https://bugs.gentoo.org/show_bug.cgi?id=547630
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Since 8180922d23, the cjdns module
imports from a derivation, which is very bad. It causes all of stdenv
to be built at evaluation time. Since we have a hard 3600 second limit
on Hydra evaluations, this was causing NixOS jobsets to time out.
@joachifm