Commit Graph

1614 Commits

Author SHA1 Message Date
Franz Pletz
072917ea5d
chromium: update to latest channel releases (security)
Fixes at least:

  - CVE-2016-1667
  - CVE-2016-1668
  - CVE-2016-1669
  - CVE-2016-1670
  - CVE-2016-5170
  - CVE-2016-5171
  - CVE-2016-5172
  - CVE-2016-5173
  - CVE-2016-5174
  - CVE-2016-5175
  - CVE-2016-7395

cc #18856
2016-09-24 21:55:24 +02:00
Thomas Tuegel
564b12656e
firefox-bin: update hashes 2016-09-23 17:28:47 -05:00
José Romildo Malaquias
40c4e80935 vivaldi: 1.3 -> 1.4 (#18886) 2016-09-24 00:27:36 +02:00
Joachim F
87ac2b108b Merge pull request #18799 from taku0/firefox-bin-49.0
firefox-bin: 48.0.2 -> 49.0
2016-09-22 14:41:08 +02:00
Eelco Dolstra
5bfd092f07 firefox-esr: 45.3.0 -> 45.4.0 2016-09-21 13:28:37 +02:00
Eelco Dolstra
99138dc356 firefox: 48.0.2 -> 49.0 2016-09-21 13:28:37 +02:00
taku0
25ff8637f4 firefox-bin: 48.0.2 -> 49.0 2016-09-20 09:12:07 +09:00
Eelco Dolstra
da3e6d6eda google-talk-plugin: Prevent a dependency on gcc 2016-09-19 20:02:07 +02:00
Vladimír Čunát
f27a970f2d firefox*: fix notifications
Fixes #18712. Now firefox uses the notification daemon, if available.

Unfortunately, the same approach didn't work for thunderbird; I don't
know why.
2016-09-18 23:23:13 +02:00
Profpatsch
61462c94e6 lib/fetchers.nix: factor out impure proxy vars (#18702)
Apparently everyone just copied those variables, instead of creating a
library constant for them. Some even removed the comment. -.-
2016-09-17 21:50:01 +02:00
Mike Cooper
c2a7410583 firefox-bin: add curl dependency for crash reporter (#18596) 2016-09-15 17:39:08 +02:00
Lancelot SIX
28d286ac4b Merge pull request #18562 from taku0/flashplayer-11.2.202.635
flashplayer: 11.2.202.632 -> 11.2.202.635
2016-09-14 17:19:08 +02:00
Kirill Boltaev
0f37287df5 treewide: explicitly specify gtk version 2016-09-13 21:09:24 +03:00
taku0
8b6e522bf8 flashplayer: 11.2.202.632 -> 11.2.202.635 2016-09-13 21:12:18 +09:00
Kirill Boltaev
bccd75094f treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
Tuomas Tynkkynen
290db94f04 Merge remote-tracking branch 'upstream/master' into staging 2016-09-09 02:40:47 +03:00
Franz Pletz
7949e69382
chromium: update to latest channel releases (security)
Fixes the following security problems:

- CVE-2016-5147: Universal XSS in Blink
- CVE-2016-5148: Universal XSS in Blink
- CVE-2016-5149: Script injection in extensions
- CVE-2016-5150: Use after free in Blink
- CVE-2016-5151: Use after free in PDFium
- CVE-2016-5152: Heap overflow in PDFium
- CVE-2016-5153: Use after destruction in Blink
- CVE-2016-5154: Heap overflow in PDFium
- CVE-2016-5155: Address bar spoofing
- CVE-2016-5156: Use after free in event bindings
- CVE-2016-5157: Heap overflow in PDFium
- CVE-2016-5158: Heap overflow in PDFium
- CVE-2016-5159: Heap overflow in PDFium
- CVE-2016-5160: Extensions web accessible resources bypass
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass
- CVE-2016-5163: Address bar spoofing
- CVE-2016-5164: Universal XSS using DevTools
- CVE-2016-5165: Script injection in DevTools
- CVE-2016-5166: SMB Relay Attack via Save Page As
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives
2016-09-07 04:49:56 +02:00
Eelco Dolstra
78178d5854 systemd: Separate lib output
This moves libsystemd.so and libudev.so into systemd.lib, and gets rid
of libudev (which just contained a copy of libudev.so and the udev
headers). It thus reduces the closure size of all packages that
(indirectly) depend on libsystemd, of which there are quite a few (for
instance, PulseAudio and dbus). For example, it reduces the closure of
Blender from 430.8 to 400.8 MiB.
2016-09-05 19:17:14 +02:00
Nikolay Amiantov
9f2c48a7a7 qutebrowser: add cssutils dependency 2016-09-04 15:49:00 +03:00
obadz
3de6e5be50 Merge branch 'master' into staging
Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Vladimír Čunát
f86392bfbe chromium: fixup share/share
Reported on https://github.com/NixOS/nixpkgs/issues/11501#issuecomment-164383204
2016-08-27 17:38:25 +02:00
Eelco Dolstra
c2fb3490c9 firefox: 48.0.1 -> 48.0.2 2016-08-26 16:46:34 +02:00
taku0
0536cc397c firefox-bin: 48.0.1 -> 48.0.2 2016-08-25 03:12:12 +09:00
Franz Pletz
c0fa26ef3b Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-08-24 11:01:53 +02:00
Nikolay Amiantov
76223aa4b2 qutebrowser: add pdfjs support 2016-08-23 23:36:18 +03:00
obadz
cd063d774e chromium: fix "Aw, snap!" after glibc 2.24 upgrade
See https://bugzilla.redhat.com/show_bug.cgi?id=1361157#c8
cc @domenkozar @aszlig
2016-08-23 11:56:11 +01:00
Lluís Batlle i Rossell
9ef3a51379 Adding vlc plugin for firefox.
I really wanted it to substitute the html5 player, or at least the direct
player for mp4/webm files in firefox, but I couldn't make it work. The
formats recognized by the firefox internal player were used in all cases. The
plugin worked for formats unknown by firefox.

https://support.mozilla.org/ca/questions/1089501

Nevertheless, as I wrote the nix recipe, I commit it. It may be of interest to
someone else.
2016-08-23 10:16:37 +02:00
Nikolay Amiantov
a963b45c97 qutebrowser: fix restart 2016-08-22 20:07:30 +03:00
Ram Kromberg
64ba21e966 midori: vala -> vala_0_23 2016-08-21 20:02:08 +03:00
obadz
4574f22841 chromium: remove one layer of wrapper by using ed 2016-08-19 19:18:23 +01:00
Eelco Dolstra
1efedc6c4c firefox-esr: 45.2.0 -> 45.3.0 2016-08-19 13:26:20 +02:00
Eelco Dolstra
360ee2f0b9 firefox: 48.0 -> 48.0.1 2016-08-19 13:25:43 +02:00
taku0
0cd039b40e firefox-bin: 48.0 -> 48.0.1 2016-08-19 03:12:15 +09:00
Gábor Lehel
5bef9b271c vivaldi: 1.2 -> 1.3 2016-08-18 15:13:39 +02:00
Nikolay Amiantov
1c5399626a qutebrowser: don't depend on qtmultimedia
It's not needed now that qtwebkit uses gstreamer backend
2016-08-17 20:30:50 +03:00
Nikolay Amiantov
1d53115765 qutebrowser: use qtwebkit-plugins 2016-08-17 20:20:35 +03:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Nikolay Amiantov
9b4a7984a4 qutebrowser: add shared files and cleanup 2016-08-15 11:38:53 +03:00
Mike Cooper
b5194d7b9a firefox-bin: Add libxcb to build inputs (#17700)
This is needed for future versions of Firefox, and makes external
packaging of prerelease versions of Firefox much easier.
2016-08-15 01:03:19 +02:00
Ram Kromberg
7802a0f14b midori: update to current webkitgtk (#17731) 2016-08-14 21:49:19 +00:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
Eelco Dolstra
8877b93649 firefox: 47.0.1 -> 48.0 2016-08-11 16:09:00 +02:00
obadz
3822c56e1e chromium: minor fixups
cc @aszlig
2016-08-10 02:35:59 +01:00
obadz
20f009d56d chromium: split the sandbox into a seperate output (take 2)
Fixup of 231ed9e
2016-08-06 14:42:13 +01:00
obadz
231ed9edd9 chromium: split the sandbox into a separate output
Related to #17460 and 66d5edf
Triggers a rebuild of Chromium
2016-08-06 10:29:56 +01:00
obadz
66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
obadz
d6528a1b7f chromium: fixup commit 33557ac
Helps with #17460

@cleverca22 saw calls to SetuidSandboxHost::GetSandboxBinaryPath so we
patch this function instead.

cc @joachifm
2016-08-05 10:55:48 +01:00
obadz
33557acb36 chromium: add ability to control which sandbox is used
First step towards addressing #17460

In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
2016-08-04 20:37:35 +01:00
Benjamin Staffin
78e5e61bbe Update google-chrome versions
The previous download links were all broken.

Stable: 51.0.2704.103 -> 52.0.2743.116
Beta:   52.0.2743.41  -> 53.0.2785.34
Dev:    53.0.2767.4   -> 54.0.2816.0
2016-08-04 00:22:58 -04:00
Rok Garbas
2a4312d92b
firefox-beta-bin: 48.0b9 -> 49.0b1 2016-08-03 19:39:46 +02:00