Commit graph

1395 commits

Author SHA1 Message Date
Vladimír Čunát
4c0125bc8f chromium: fixup plugins with multiple outputs
Chromium+flash seem to work fine now.
2016-03-11 15:10:51 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
aszlig
8b97ca270e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 48.0.2564.116 -> 49.0.2623.75
beta:   49.0.2623.63  -> 49.0.2623.75
dev:    50.0.2657.0   -> 50.0.2661.11

Stable and beta are now in par because of the release of a major stable
update.

The release addresses 26 security vulnerabilities, the following with an
assigned CVE:

 * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
 * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
 * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and
                  Bryant Zadegan.
 * CVE-2015-8126: Out-of-bounds access in libpng. Credit to
                  joerg.bornemann.
 * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
 * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
 * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
 * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan
                  Herrera.
 * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of
                  OUSPG.

The full announcement which also includes the link to the bug tracker
can be found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html

Also, the 32bit Chrome package needed for the Flash and Widevine plugins
doesn't exist anymore, because Google has dropped support for 32bit
distros, see here for the announcement:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU

On our end, we need to fix the patch for the plugin paths to work for
the latest dev channel. The change is very minor, because the
nix_plugin_paths_46.patch only doesn't apply because of an iOS-related
ifdef.

Built and tested on my Hydra at:

https://headcounter.org/hydra/eval/311511

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #13665
2016-03-05 22:53:13 +01:00
aszlig
c3d82f0fbf
chromium/updater: Fix eval error on stdenv.is32bit
There is no stdenv.is32bit, so let's just use !stdenv.is64bit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 03:16:26 +01:00
aszlig
8d5accb691
chromium/updater: Fix getting latest versions
Comparing the current version with the version in sources list and
accidentally swapping the version arguments isn't going to get very far
because every new version that will come up will then be treated as "we
already have that version".

So we're now using versionOlder and also a check whether the version is
the *same* as the one in sources.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 02:55:00 +01:00
Derek Gonyeo
f681ceb593 uzbl: version 20120514 -> v0.9.0 2016-03-01 23:15:26 -05:00
Luca Bruno
5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
aszlig
54b4912566
chromium: Regenerate sources.nix with new updater
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
28b289efa6
chromium: Refactor updater entirely in Nix
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.

Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.

The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.

This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
716b79d3a5
chromium: Provide SHA256s for beta/dev plugins
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
aszlig
459642b8de
chromium/updater: Allow a single plugin arch
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.

Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.

This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
zimbatm
30891166be Merge pull request #11997 from benley/google-chrome-variants
google-chrome: add -beta and -unstable variants
2016-02-26 00:13:00 +00:00
Graham Christensen
712d59225e chromium{,Beta,Dev}: 48.0.2564.97 -> 48.0.2564.116
From the debian security mailing list:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.

CVE-2016-1623

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

    lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.

CVE-2016-1626

    An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

    It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

    An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.
2016-02-25 12:00:12 -06:00
zimbatm
7848d215f4 Merge pull request #13094 from nathan7/chromium-flash-version-jq
chromium/plugins: use jq for extracting the Flash version
2016-02-23 22:45:42 +00:00
Frederik Rietdijk
4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Nathan Zadoks
2610986991 chromium/plugins: use jshon for extracting the Flash version from JSON 2016-02-19 12:31:08 +01:00
zimbatm
97bbc37b6f rekonq: fix homepage url 2016-02-16 14:11:36 +00:00
zimbatm
a6ac8d7915 Merge pull request #13020 from colemickens/fix-widevine
chromium/plugins: Fix widevine substitution
2016-02-16 10:14:16 +00:00
Cole Mickens
a5a5c1d9cd chromium/plugins: Fix widevine substitution
Fixes: #12840
Related to: 61042a5

61042a5 changes the replaced token from $something to @something@. This
commit repeats that change in one additional location used by the
WideVine plugin
2016-02-15 18:04:16 -08:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Franz Pletz
657c56678c firefox-esr: 38.5.2esr -> 38.6.1esr 2016-02-12 08:02:31 +01:00
Franz Pletz
70925f0a92 firefox: 44.0 -> 44.0.2 2016-02-12 08:02:24 +01:00
Franz Pletz
b276f4f171 Merge pull request #12945 from taku0/firefox-bin-44.0.1
firefox-bin: 44.0.1 -> 44.0.2
2016-02-12 07:55:54 +01:00
taku0
6d3f909975 firefox-bin: 44.0.1 -> 44.0.2 2016-02-12 10:15:23 +09:00
Arseniy Seroka
885acea1dd Merge pull request #12891 from taku0/firefox-bin-44.0.1
firefox-bin: 44.0 -> 44.0.1
2016-02-11 16:57:20 +03:00
Vladimír Čunát
177464ade9 wrapFirefox: add enableAdobeReader
So far we only have 32-bit package.
It will be silently missed on 64-bit ATM.
2016-02-09 18:21:40 +01:00
taku0
74270469db firefox-bin: 44.0 -> 44.0.1 2016-02-10 00:03:00 +09:00
Vladimír Čunát
d3a3aa8674 Merge #12740: multiple outputs for Qt 5 and KDE 5 2016-02-03 17:09:09 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
aszlig
61042a5b6a
chromium/plugins: Use @var@ for passing variables
There is already a pull request from @colemickens, who has just reversed
the variable references $flash and $flashVersion but the fix is kinda
fragile as he points out himself in #12713.

The reason the wrong substition was made is that both variables begin
with the same name and we do a simple replace instead of a more
complicated one using builtins.match.

So staying simple but to still not raising issues with other variables
that begin with the same name I'm now using @var@ instead, like we use
in substituteAll and other substituters (like the ones in CMake or
autotools) deal with it.

Note that I'm not using $var$ here to make sure it doesn't get confused
with real shell variables.

So with this fix in place, the wrapper now has the following flags:

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=20.0.0.294

Previously we had (#12710):

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=/nix/store/...-binary-plugins-flashVersion

Thanks to @colemickens for reporting and putting up a pull request.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12710
Fixes: #12713
2016-02-02 17:39:08 +01:00
aszlig
ff90f52375
chromium: Remove import-from-derivation again
This reverts commit f7af2272a2.

We're going to fix #12710 properly by reintroducing 38c77bb and fixing
the shell variable substitution.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-02 17:39:08 +01:00
Franz Pletz
1026673f37 firefox: 43.0.4 -> 44.0 2016-02-01 18:10:47 +01:00
Tony White
8491d0d1ca chromium: 47.0.2526.106 - > 48.0.2564.97
- Fixes CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615
  CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620.
- Moves chromium stable and beta channels up one version major.
  vcunat made dev channel stay for now, as it wouldn't download otherwise.
  This is most of PR #12717.
2016-02-01 12:12:07 +01:00
Thomas Tuegel
2f4087b13d google-talk-plugin: udev -> libudev 2016-01-31 21:15:03 -06:00
Franz Pletz
8ec3bce8f8 links: Remove package & deprecate for links2
This package is deprecated and superseeded by links2 which also provides the
links binary this maintaining backwards-compatibility.

Debian removed links back in 2008:

  https://packages.qa.debian.org/l/links.html

Fixes #12623.
2016-01-31 11:46:35 +01:00
Vladimír Čunát
f7af2272a2 Revert "chromium: Do not rely on import-from-derivation"
This reverts commit 38c77bb72c.
In this form it causes problems #12710.
2016-01-31 10:03:57 +01:00
taku0
85f5394c5f firefox-bin: 43.0.4 -> 44.0 2016-01-27 23:34:42 +09:00
Nikolay Amiantov
5bc8f09b65 Merge pull request #12577 from zohl/flashplayer
Standalone flashplayers
2016-01-26 00:49:02 +03:00
Al Zohali
d9066cd36f flashplayer-standalone: init at 11.2.202.559 2016-01-24 19:29:02 +03:00
Tuomas Tynkkynen
dc8e939dbc treewide: Mass replace 'cups}/lib' to refer the 'out' output 2016-01-24 10:03:33 +02:00
Tobias Geerinckx-Rice
32d40f0f98 Remove no longer (or never) referenced patches
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
Gabriel Ebner
889a05ea5b qutebrowser: 0.5.0 -> 0.5.1 2016-01-22 14:19:23 +01:00
Vladimír Čunát
0957359568 Merge branch 'staging' 2016-01-22 13:48:35 +01:00
Vladimír Čunát
3317eef084 Merge #12414: qutebrowser: fix various things 2016-01-21 11:56:50 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
taku0
fba7544812 firefox-bin: wrap firefox-bin (close #12416) 2016-01-18 10:42:57 +01:00
aszlig
85dd89f6eb
chromium: Remove myself from maintainers
Working on Chromium really drives me nuts due to its build time, also I
really don't have quite a lot of time these days to properly maintain it
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:35:28 +01:00
aszlig
38c77bb72c
chromium: Do not rely on import-from-derivation
This has been introduced by me in 690a845 and discovered by @vcunat in
his comment over at:

690a845de9 (commitcomment-14209868)

It's really a bit ugly to have builds running during evaluation, but
back when I made that commit the reason was to avoid having to shell
quote the hell out of it (see the comment in mkPluginInfo for the
reason).

Now we propagate plugin flags and environment variables as a list of
arguments in a plain file that's appended verbatim to makeWrapper, so
it shouldn't do any builds anymore during instantiation.

I have tested this with both just WideVine and just Flash enabled as
well as both in combination and none of the plugins and the output seems
correct. However I didn't test to run Chromium with the new
implementation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Vladimír Čunát <vcunat@gmail.com>
2016-01-18 03:35:28 +01:00
Gabriel Ebner
23b3e6430e qutebrowser: 0.4.1 -> 0.5.0
Fixes #8568 by using the release tarballs.
2016-01-16 07:23:44 +01:00
Gabriel Ebner
dbd3a5ff20 qutebrowser: use correct plugin versions
Since PyQt uses Qt 5.5, we need to use the Qt plugins from 5.5 as well,
and gstreamer plugins from 1.0.
2016-01-16 07:23:44 +01:00