Commit graph

607 commits

Author SHA1 Message Date
Andreas Rammhold
aa2acd0123 firefox: 65.0 -> 65.0.1
Release notes: https://www.mozilla.org/en-US/firefox/65.0.1/releasenotes/
2019-02-14 11:28:34 +01:00
Andreas Rammhold
7eaef48e5a
wrapFirefox: support GDK_BACKEND=wayland
The firefox wrapper now supports setting the GDK_BACKEND to wayland
which is useful in cases where firefox would be started from within an
X-Application inside of wayland. GTK/GDK would otherwise default to the
X11 backend in those situations.

The intention is that people that are using wayland primarily pull in
the new `firefox-wayland` top-level attribute into their environments
instead of just `firefox`. Firefox will then always be started with the
correct rendering backend.
2019-02-03 12:13:02 +01:00
Andreas Rammhold
d7731c3142
firefoxPackages: enable support for wayland
This adds support for building firefox with the gtk wayland backend. It
should work on all the flavors that use >=gtk3. Using the wayland
still allows using the X11 backend.
2019-02-03 11:36:25 +01:00
Jan Malakhovski
26f6fabcfe firefoxPackages: move nixpkgsPatches into common.nix 2019-01-31 17:02:52 +00:00
Jan Malakhovski
e11586f69f firefoxPackages.tor-browser: fix meta 2019-01-31 17:02:52 +00:00
Jan Malakhovski
afd0929f6c firefoxPackages: add a comments explaining the purpose of older versions 2019-01-31 17:02:52 +00:00
SLNOS
86a0112d59 firefoxPackages.tor-browser: 8.0.4 -> 8.0.5 2019-01-31 17:02:51 +00:00
SLNOS
7d9812e158 firefoxPackages.tor-browser: 8.0.3 -> 8.0.4 2019-01-31 17:02:51 +00:00
SLNOS
ff6cc1ac0e firefoxPackages.icecat: init at 60.3.0, 52.6.0
It works, but this state is far from ideal: GNU guys update generated source
tarballs very infrequently. Ideally, src needs to be generated by running
makeicecat over firefox src. Will do later.
2019-01-31 17:02:45 +00:00
Andreas Rammhold
10024f2ad1
firefoxPackages.firefox-esr-60: 60.4.0esr -> 60.5.0esr 2019-01-30 01:25:51 +01:00
Andreas Rammhold
cb7f7364a4 firefox: 64.0.2 -> 65.0
There have been some more changes to the source tree which broke the
buildconfig patch. This commit adds another patch that can be used for
the future versions. Once all the flavors are based off a new(ish)
firefox release we can remove the old patch.
2019-01-29 20:30:42 +01:00
Andreas Rammhold
08ba4f13c9 firefoxPackages: support building with firefox 65
Firefox >=65 will depend on icu >=63. All the older firefox versions
(and derived packages) seem to work fine with this change.

Also the system path environment patch will fail to apply since there
was a trivial whitespace change in the source file. By adding `-l` to
patch we can avoid having to track two patches that do basically the
same. Having patchFlags per file without resorting to pre-/postPatch
would be nicer but there doesn't seem to be a facility for that right
now.
2019-01-29 20:30:42 +01:00
Vladimír Čunát
bde8efe792
Merge branch 'master' into staging-next
A couple thousand rebuilds have accumulated on master.
2019-01-12 12:19:34 +01:00
taku0
08f779a9c3 firefox: 64.0 -> 64.0.2 2019-01-10 20:16:21 +09:00
Lengyel Balazs
f4a53ff3bc treewide/xorg: replace *proto with xorgproto 2019-01-04 14:38:57 +01:00
Jörg Thalheim
1b146a8c6f
treewide: remove paxutils from stdenv
More then one year ago we removed grsecurity kernels from nixpkgs:
https://github.com/NixOS/nixpkgs/pull/25277

This removes now also paxutils from stdenv.
2018-12-22 12:55:05 +01:00
Andreas Rammhold
ccd160023c
firefox: 63.0.3 -> 64.0
See #51863.
2018-12-12 11:27:23 +01:00
Andreas Rammhold
d16d0b3762
firefox-esr-60: 60.3.0esr -> 60.4.0esr
See #51863.
2018-12-12 00:25:57 +01:00
Andreas Rammhold
783dc61f68
firefox: updated common.nix to support ffx64
See #51863.
2018-12-12 00:25:33 +01:00
Jan Tojnar
59a94b57f0
update.nix: Run update scripts in parallel
To make updating large attribute sets faster, the update scripts
are now run in parallel.

Please note the following changes in semantics:

- The string passed to updateScript needs to be a path to an executable file.
- The updateScript can also be a list: the tail elements will then be passed
  to the head as command line arguments.
2018-12-01 19:17:13 +01:00
Michael Raskin
355aa4e9ca
Merge pull request #50484 from taku0/firefox-bin-63.0.3
firefox, firefox-bin: 63.0.1 -> 63.0.3
2018-11-17 16:54:35 +00:00
Andreas Rammhold
b4f2c7ba8b
Merge pull request #50373 from pbogdan/ff-no-gs
firefoxen: remove unused gstreamer dependencies
2018-11-16 16:25:23 +01:00
taku0
917309fa62 firefox: 63.0.1 -> 63.0.3 2018-11-16 23:14:14 +09:00
taku0
4bb9af228e common-updater, firefox: fix updater for firefox 2018-11-16 23:04:54 +09:00
Piotr Bogdan
3e7b6b5bfa firefoxen: remove unused gstreamer dependencies
Firefox and, by extension, Tor browser don't support gstreamer any more, this
removes what are effectively unused dependencies.

https://bugzilla.mozilla.org/show_bug.cgi?id=1234092 "Remove gstreamer support"
2018-11-14 22:29:48 +00:00
Andreas Rammhold
66e16843b3
firefox: apply patch for newer rust-cbindgen
rust-cbindgen did apply some breaking changes which requires the added
patch in order to compile until a firefox version with the fix gets
released. Firefox 63.0.3 is supposed to carry the required patches. This
should only be required for a short term.
2018-11-14 20:51:19 +01:00
Michael Raskin
108de151f8 firefox: 63.0 -> 63.0.1; firefox-esr: 60.2.2esr -> 60.3.0esr 2018-11-08 20:23:33 +03:00
Michael Raskin
adf41ed942
Merge pull request #49864 from oxij/pkgs/tiny-things
trivial: tiny cleanups and fixes
2018-11-08 06:28:10 +00:00
Jan Malakhovski
d2d80e6d30 firefox: disable pulseaudio support on non-Linux by default 2018-11-08 05:20:18 +00:00
Andreas Rammhold
551ef1ac41 firefox: provide clang configure flags on i686
With the upgrade to firefox 62 clang flags are now required on i686.

(cherry picked from commit acf4a4eff315a52d8f9c944a167ecb373bc1fdf9)
2018-11-07 19:44:01 +01:00
Andreas Rammhold
c8d45086d1
firefox-esr-60: drop skia patch on aarch64 2018-11-07 16:47:24 +01:00
Matthew Harm Bekkema
9973a266ab firefox-esr-60: 60.2.2 -> 60.3.0 [critical security fixes]
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12392: Crash with nested event loops
  When manipulating user events in nested loops while opening a document
  through script, it is possible to trigger a potentially exploitable
  crash due to poor event handling.

- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
  A potential vulnerability was found in 32-bit builds where an integer
  overflow during the conversion of scripts to an internal UTF-16
  representation could result in allocating a buffer too small for the
  conversion. This leads to a possible out-of-bounds write.
  Note: 64-bit builds are not vulnerable to this issue.

- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
  By rewriting the Host request headers using the webRequest API, a
  WebExtension can bypass domain restrictions through domain fronting.
  This would allow access to domains that share a host that are
  otherwise restricted.

- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
  A vulnerability where a WebExtension can run content scripts in
  disallowed contexts following navigation or other events. This allows
  for potential privilege escalation by the WebExtension on sites where
  content scripts should not be run.

- CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
  A WebExtension can request access to local files without the warning
  prompt stating that the extension will "Access your data for all
  websites" being displayed to the user. This allows extensions to run
  content scripts in local pages without permission warnings when a
  local file is opened.

- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
  Mozilla developers and community members Daniel Veditz and Philipp
  reported memory safety bugs present in Firefox ESR 60.2. Some of these
  bugs showed evidence of memory corruption and we presume that with
  enough effort that some of these could be exploited to run arbitrary
  code.

- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
  Mozilla developers and community members Christian Holler, Bob Owen,
  Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee,
  Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond
  Forbes, and Bogdan Tara reported memory safety bugs present in Firefox
  62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory
  corruption and we presume that with enough effort that some of these
  could be exploited to run arbitrary code.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
2018-11-03 22:51:36 +11:00
Joachim F
3272b9a2e9
Merge pull request #49173 from oxij/pkgs/update-tor-browser-again
firefoxPackages.tor-browser: 8.0.2 -> 8.0.3
2018-10-29 09:54:17 +00:00
SLNOS
87d0fe0049 firefoxPackages.tor-browser: 8.0.2 -> 8.0.3 2018-10-26 18:02:05 +00:00
Andreas Rammhold
277da59e47
firefox: 62.0.3 -> 63.0 2018-10-23 10:15:46 +02:00
SLNOS
0e3df42d64 firefoxPackages.tor-browser-8-0: apply a fix from bugzilla 2018-10-21 19:18:28 +00:00
SLNOS
bd7c0c8a6c firefoxPackages.tor-browser: 7.5.6 -> 8.0.2
Mostly usable now.
2018-10-19 16:46:55 +00:00
SLNOS
b21b9bbd6c firefoxPackages: indent 2018-10-19 16:46:41 +00:00
SLNOS
5ec27f3033 firefoxPackages: cleanup
Misc cleanups, but mainly this:

Before:
- `version` could mean either Firefox or TorBrowser version,
- `configureFlags` was hacky.

Now:
- `ffversion` is Firefox version, `tbversion` is TorBrowser version,
- `configureFlags` is much less hacky.
2018-10-19 16:46:28 +00:00
Andreas Rammhold
246d2848ff
firefox-esr-60: 60.2.1 -> 60.2.2 [critical security fixes]
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
2018-10-03 09:51:13 +02:00
Andreas Rammhold
e7785f1148
firefox: 62.0.2 -> 62.0.3 [critical security fixes]
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
2018-10-03 09:51:13 +02:00
Pavol Rusnak
62b15996a7
mozilla-plugins/trezor: remove applications/networking/browsers/mozilla-plugins/trezor
trezor-mozilla-plugin is no longer maintained software

package pkgs/servers/trezord should be used instead
2018-09-29 12:24:43 +02:00
taku0
e5778a9991 firefox-esr: 60.2.0esr -> 60.2.1esr 2018-09-24 09:13:03 +09:00
taku0
da9823672f firefox: 61.0.2 -> 62.0.2 2018-09-22 03:13:50 +09:00
taku0
0a3f07077b firefox-esr: 60.1.0esr -> 60.2.0esr, mark 52.9.0esr insecure 2018-09-07 08:14:48 +09:00
taku0
26cbfe1035 firefox: 61.0.2 -> 62.0 2018-09-04 21:16:46 +09:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Matthew Bauer
7974e45689 firefox: readd --disable-xcode-checks
Only works on version 61 apparently, but it is needed.
2018-08-23 13:09:16 -05:00
Matthew Bauer
090985a443
firefox: remove --disable-xcode-checks
Apparently it's not needed anymore!
2018-08-22 13:26:05 -05:00
Jan Malakhovski
cad8fc3447
firefoxPackages: avoid BINDGEN_CFLAGS on some versions
... to fix build; vcunat included the old ESR firefox, too.
2018-08-21 15:32:39 +02:00