nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix

# This file is autogenerated from update.sh in the same directory.
{
  beta = {
    sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";
    sha256bin64 = "14qj8l5dapha87ndyzcs3spaxp3s9sapcjcplkisbivis09a29cb";
    version = "51.0.2704.63";
  };
  dev = {
    sha256 = "1bbwbn0svgr2pfkza8pdq61bjzlj50axdm5bqqxi51hab51fc9ww";
    sha256bin64 = "1s02q72b84g9p5i7y1hh1c67qjb92934dqqwd7w6j0jz8ix71nzc";
    version = "52.0.2743.10";
  };
  stable = {
    sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";
    sha256bin64 = "1kjnxxf2ak8v1akzxz46r7a7r6bhxjb2y9fhr1fqvks3m4jc5zqw";
    version = "51.0.2704.63";
  };
}
chromium: Fix comment of upstream-info.nix As of 6041cfe, the upstream-info.nix (back then it was called sources.nix) is no longer in the source/ subdirectory, so we need to fix that comment to say that the file is autogenerated from update.sh in the same directory. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-03-20 23:10:13 +01:00			`# This file is autogenerated from update.sh in the same directory.`
chromium: Generate new sources.nix. This means that we now have hashes and URLs for the latest versions of chromium and can now work on integrating the changes into default.nix. 2012-07-03 21:53:56 +02:00			`{`
			`beta = {`
chromium: Update to latest stable and beta channel Overview of updated versions: stable: 50.0.2661.102 -> 51.0.2704.63 beta: 51.0.2704.47 -> 51.0.2704.63 I tried to update dev, but couldn't get it to compile, it was failing with a "'isnan' was not declared in this scope. As far as I can tell, at the moment the beta and stable channels are on the same version. The stable update addresses the following security issues: * High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. * High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. * High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. * High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. * High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. * High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. * High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. * Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. * Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. * Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. * Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html 2016-05-26 21:24:41 +02:00			`sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";`
chromium: Fix hash for beta Debian package I'm not sure how the wrong hash ended up being there, but I've checked the hash from three different machines (and networks) just to be sure I didn't make a mistake. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-27 21:48:34 +02:00			`sha256bin64 = "14qj8l5dapha87ndyzcs3spaxp3s9sapcjcplkisbivis09a29cb";`
chromium: Update to latest stable and beta channel Overview of updated versions: stable: 50.0.2661.102 -> 51.0.2704.63 beta: 51.0.2704.47 -> 51.0.2704.63 I tried to update dev, but couldn't get it to compile, it was failing with a "'isnan' was not declared in this scope. As far as I can tell, at the moment the beta and stable channels are on the same version. The stable update addresses the following security issues: * High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. * High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. * High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. * High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. * High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. * High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. * High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. * Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. * Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. * Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. * Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html 2016-05-26 21:24:41 +02:00			`version = "51.0.2704.63";`
chromium: Regenerate sources.nix with new updater No changes in functionality, but to make future source updates a bit easier on the eyes when viewing the diff. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-02-26 20:53:26 +01:00			`};`
			`dev = {`
chromium: Update dev channel to v52.0.2743.10 With this update we need to rebase the nix_plugin_paths patch, which was done by @srp and I took it from his comment at: https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677 Other than that, using libjpeg from nixpkgs fails to link: https://headcounter.org/hydra/build/1114273 Rather than just using versionAtLeast to check for >= version 52, we're matching on the explicit version number. That way we can make sure that we (try to) build with system libjpeg again so we can keep it out of the overall Chromium build time. Built and tested using the VM tests on my Hydra at: https://headcounter.org/hydra/eval/322006 Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-28 19:08:15 +02:00			`sha256 = "1bbwbn0svgr2pfkza8pdq61bjzlj50axdm5bqqxi51hab51fc9ww";`
			`sha256bin64 = "1s02q72b84g9p5i7y1hh1c67qjb92934dqqwd7w6j0jz8ix71nzc";`
			`version = "52.0.2743.10";`
chromium: Generate new sources.nix. This means that we now have hashes and URLs for the latest versions of chromium and can now work on integrating the changes into default.nix. 2012-07-03 21:53:56 +02:00			`};`
			`stable = {`
chromium: Update to latest stable and beta channel Overview of updated versions: stable: 50.0.2661.102 -> 51.0.2704.63 beta: 51.0.2704.47 -> 51.0.2704.63 I tried to update dev, but couldn't get it to compile, it was failing with a "'isnan' was not declared in this scope. As far as I can tell, at the moment the beta and stable channels are on the same version. The stable update addresses the following security issues: * High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. * High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. * High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. * High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. * High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. * High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. * High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. * Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. * Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. * Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. * Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html 2016-05-26 21:24:41 +02:00			`sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj";`
			`sha256bin64 = "1kjnxxf2ak8v1akzxz46r7a7r6bhxjb2y9fhr1fqvks3m4jc5zqw";`
			`version = "51.0.2704.63";`
chromium: Generate new sources.nix. This means that we now have hashes and URLs for the latest versions of chromium and can now work on integrating the changes into default.nix. 2012-07-03 21:53:56 +02:00			`};`
			`}`