Commit Graph

1614 Commits

Author SHA1 Message Date
Marius Bakke
2500945b31 dwb: 2015-07-07 -> 2016-03-21 2016-04-15 21:26:17 +01:00
Moritz Ulrich
6645ae3946 google-chrome: Also add ${deps}/lib64 to $LD_LIBRARY_PATH.
...as per @abbradar's suggestion. Thanks!
2016-04-14 19:00:15 +02:00
Moritz Ulrich
0c5ed43cd4 google-chrome: Fix regression from closure-size merge.
Fixes #14695

I'm not entirely sure if including `stdenv.cc.cc` in `makeLibraryPath`
is the correct thing to do here. If it's incorrect, please feel free to
ping me.
2016-04-14 18:54:48 +02:00
Nikolay Amiantov
8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
Michael Raskin
f99a9c0679 nspluginwrapper: add missing libXt build input 2016-04-13 19:10:42 +02:00
Eelco Dolstra
18a6403c59 firefox-esr: 45.0.1esr -> 45.0.2esr
Also, switch to upstream SHA-512 hashes.
2016-04-13 14:11:18 +02:00
Nikolay Amiantov
5e025bc9ee vivaldi: fix evaluation 2016-04-13 14:03:41 +03:00
Vladimír Čunát
39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Franz Pletz
84edf81d71 firefox: 45.0.1 -> 45.0.2 2016-04-12 15:48:13 +02:00
taku0
c98cca3614 firefox-bin: 45.0.1 -> 45.0.2 (#14626) 2016-04-12 15:47:31 +02:00
Arseniy Seroka
e02debe165 Merge pull request #14291 from otwieracz/vivaldi
vivaldi-snapshot: init at 1.0.430.3
2016-04-12 08:52:37 +03:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Nikolay Amiantov
d45ac41e87 flashplayer: cleanup, add comment to maintainers 2016-04-08 17:18:54 +03:00
taku0
28232c3746 flashplayer: fix build on 32-bit platform 2016-04-08 16:55:51 +03:00
taku0
03e74fb117 flashplayer: 11.2.202.577 -> 11.2.202.616 2016-04-08 22:11:29 +09:00
Gabriel Ebner
ab58c22d6a Merge pull request #14528 from kragniz/qutebrowser-0.6.0
qutebrowser: 0.5.1 -> 0.6.0
2016-04-08 07:09:10 +02:00
Louis Taylor
21c78411da qutebrowser: 0.5.1 -> 0.6.0 2016-04-08 05:59:05 +01:00
Robin Gloster
3e68106afd Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-07 21:52:26 +00:00
Vladimír Čunát
d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Slawomir Gonet
c6345de9f9 vivaldi: init at 1.0 2016-04-07 08:05:53 +02:00
Markus Wotringer
90624dcf89 conkeror: 1.0pre-20150730 -> 1.0pre-20160130 2016-04-05 14:34:42 +02:00
Robin Gloster
696d85a62d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-03 11:01:57 +00:00
Eelco Dolstra
2f0195003e firefox-esr: Fix name
The Firefox wrapped called itself "firefox" rather than "firefox-esr".

Also eliminate a use of splitString which is evil and should never be
used.
2016-04-01 13:51:24 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz
2e08d8234e Merge remote-tracking branch 'origin/master' 2016-03-31 10:06:30 +02:00
aszlig
ef753d210e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 49.0.2623.87 -> 49.0.2623.110
beta:   50.0.2661.26 -> 50.0.2661.49
dev:    50.0.2661.18 -> 51.0.2693.2

Most notably, this includes a series of urgent security fixes:

 * CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
                  Tencent KeenLab.
 * CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
 * CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
 * CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
                  working with HP's Zero Day Initiative / Pwn2Own.
 * CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction

The official release announcement with details about these fixes can be
found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.

As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:

 * libexif got removed, so let's do that on our end as well.
   See https://codereview.chromium.org/1803883002 for details.
 * Chromium doesn't seem to compile with our version of libpng, so let's
   resort to the bundled libpng for now.
 * site_engagement_ui.cc uses isnan outside of std namespace, so
   we're fixing that in postPatch using sed.

I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.

Test reports can be found at the following evaluation of my Hydra:

https://headcounter.org/hydra/eval/314584

Thanks to @grahamc for reporting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: #14299
2016-03-30 15:24:39 +02:00
Robin Gloster
f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
aszlig
f9fff51c2a
chromium: Link using gold linker flags
I originally wanted to do this a long time (a31301d) but IIRC back then
it didn't compile. Nowadays with the splitup of the gold linking flags
and the binutils integration, it's merely just a switch to flip, so
let's do that.

Only tested it by building against the current Chromium stable version
on 64bit, because right now builds on Hydra seem to time out (because of
this?) anyway so we have nothing to lose here.

The linking time was hereby reduced from >30 minutes (I didn't measure
it exactly but looked half an hour later to the build progress and it
was *still* linking) to about a few seconds, which I guess is even
though the measurement is quite bogus a tremendous improvement
nonetheless.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-28 11:41:13 +02:00
Michael Raskin
891fa19e29 Fix Midori build 2016-03-28 00:02:10 +02:00
Vladimír Čunát
ec4685cf70 firefox-esr: fix build after 574a6d34d2
We're now using only newer versions that have ./configure in the root.
${pname} isn't the correct directory name for esr versions.
2016-03-26 09:13:58 +01:00
Eelco Dolstra
574a6d34d2 firefox-esr: 38.6.1 -> 45.0.1 2016-03-25 15:03:31 +01:00
Eelco Dolstra
79d6dc91fe firefox: 45.0 -> 45.0.1 2016-03-25 15:00:50 +01:00
aszlig
4d305102e0
google-chrome: Fix fetching upstream binary
Commit aa097946d2 only fixed evaluation.

Ssince 37dbd62 however, the fetchurl call is already implied so just
changing the path will still result in fetchurl (fetchurl ...), so let's
drop the outer fetchurl.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @msteen, @benley
2016-03-21 16:15:18 +01:00
Vladimír Čunát
aa097946d2 chrome: fix evaluation after 6041cfe2af 2016-03-21 12:04:33 +01:00
aszlig
5ebd629c6f
chromium: Fix comment of upstream-info.nix
As of 6041cfe, the upstream-info.nix (back then it was called
sources.nix) is no longer in the source/ subdirectory, so we need to fix
that comment to say that the file is autogenerated from update.sh in the
*same* directory.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 23:10:13 +01:00
aszlig
fb65a0048a
chromium: Revert working around --sysroot filter
This reverts commit 5979946c41.

I have tested this by building against the stable version of Chromium
and it seems to compile just fine, so it doesn't seem to be needed
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 21:05:49 +01:00
aszlig
1f497204f7
chromium: Show status about precompiling .py files
Only a aesthetics thingy, but also corrects the comment, because we're
essentially precompiling .py files, NOT the .pyc files (the latter are
the results).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 18:44:56 +01:00
aszlig
4f981b4f84
chromium: Move source/default.nix into common.nix
This addresses #12794 so that we now have only a single tarball where we
base our build on instead of splitting the source into different outputs
first and then reference the outputs.

The reason I did this in the first place is that we previously built the
sandbox as a different derivation and unpacking the whole source tree
just for building the sandbox was a bit too much.

As we now have namespaces sandbox built in by default we no longer have
that derivation anymore. It still might come up however if we want to
build NaCl as a separate derivation (see #8560), but splitting the
source code into things only NaCl might require is already too much work
and doesn't weight out the benefits.

Another issue with the source splitup is that Hydra now has an output
limit for non-fixed-output derivations which we're already hitting.

Tested the build against the stable channel and it went well, but I
haven't tested running the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:50:17 +01:00
aszlig
37dbd62a83
chromium: Move fetchurl calls to getChannel
We always do something like "fetchurl channelProduct", so let's move it
to getChannel directly so we can avoid those fetchurl calls all over the
place.

Also, we can still access subattributes from the fetchurl call if we
need to, so there really is no need to expose the product's attributes
directly.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:13:44 +01:00
aszlig
4984a2bf76
chromium/plugins: Break long line
Yes, I know I'm a bit nitpicky, but lines >80 chars are very ugly if you
have two windows side-by-side.

Thus no feature changes here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:07:28 +01:00
aszlig
985df3900d
chromium/common.nix: Remove unreferenced attrs
We're going to refactor things anyway, so let's first get rid of
everything that's not used anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 17:01:58 +01:00
aszlig
6041cfe2af
chromium/source: Move update.nix to parent dir
We now should have only the default.nix left in the source directory and
we can start to factor out the pieces into the Chromium main derivation
attributes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:53:08 +01:00
aszlig
2d9a604907
chromium: Rename sources.nix to upstream-info.nix
The "sources.nix" also contains information about where to get binary
packages, so calling it "upstream-info.nix" fits better in terms of
naming.

Also, we're moving it away from the sources dir, because the latter will
soon vanish.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:48:54 +01:00
aszlig
d6b11ed722
chromium/source: Move patches into its own subdir
We're going to reference the patches in the Chromium main build rather
than applying it to the sources. So as a first step, this should keep
the patches away from the "source" subdirectory so we can make it flat.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 16:44:34 +01:00
taku0
9aa6ca99e4 firefox-bin: 45.0 -> 45.0.1 2016-03-19 14:28:10 +09:00
Tobias Geerinckx-Rice
87ca9b9629 lynx: use full version, ‘official’ URI & lib.optionals 2016-03-18 08:03:48 +01:00
Vladimír Čunát
9be0c7d463 firefox: disable optimization hack (i686-linux)
It seems to build fine even without it, so the original reason doesn't
hold anymore:
https://github.com/NixOS/nixpkgs/commit/f4b5671b0d9e8904a4ad6b3fd85268
2016-03-16 10:05:09 +01:00
Robin Gloster
3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
宋文武
93feb5d115 drop my maintainership (close #13881) 2016-03-13 18:39:01 +01:00
aszlig
c6834ab527
Merge pull request #13821 (update chromium)
This is just a minor upgrade, even though the commit message says it's
to major version 50. However, the CVEs listed there are for real, see
the following announcement:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html

The summary of updated packages:

stable: 49.0.2623.75 -> 49.0.2623.87
beta:   49.0.2623.75 -> 50.0.2661.26
dev:    50.0.2661.11 -> 50.0.2661.18

I've also added two commits, fixing the chdir() in the updater and
shutting up Python precompilation errors during the preBuild phase.

Tested on my Hydra at:

https://headcounter.org/hydra/eval/312166
2016-03-13 12:23:22 +01:00
aszlig
a62f100ec3
chromium/update.sh: Allow to be called out-of-tree
Changing the working directory to
pkgs/applications/networking/browsers/chromium is a bit annoying, so
let's make sure the script can be called from anywhere.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
aszlig
f7e2171937
chromium/common: Shut up about precompiling .pyc's
The errors are completely non-fatal and only cause a particular file to
be not precompiled. Unfortunately this can lead to confusion to whether
these errors are real errors or not, so let's shut it up completely
because they're *not* real errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-13 12:22:18 +01:00
Vladimír Čunát
4c0125bc8f chromium: fixup plugins with multiple outputs
Chromium+flash seem to work fine now.
2016-03-11 15:10:51 +01:00
Eelco Dolstra
0d6d91739f firefox: 44.0.2 -> 45.0 2016-03-11 15:10:05 +01:00
taku0
218901bdb6 flashplayer: 11.2.202.559 -> 11.2.202.577 2016-03-11 10:11:08 +09:00
Graham Christensen
e54434751a chromium: 49.0.2626.75 -> 50.0.2661.26 for CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 2016-03-10 14:57:29 -06:00
taku0
153468aa5e firefox-bin: 44.0.2 -> 45.0 2016-03-09 09:06:42 +09:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz
e9fc4e7db6 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-07 22:08:27 +01:00
aszlig
8b97ca270e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 48.0.2564.116 -> 49.0.2623.75
beta:   49.0.2623.63  -> 49.0.2623.75
dev:    50.0.2657.0   -> 50.0.2661.11

Stable and beta are now in par because of the release of a major stable
update.

The release addresses 26 security vulnerabilities, the following with an
assigned CVE:

 * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
 * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
 * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and
                  Bryant Zadegan.
 * CVE-2015-8126: Out-of-bounds access in libpng. Credit to
                  joerg.bornemann.
 * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
 * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
 * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
 * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan
                  Herrera.
 * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of
                  OUSPG.

The full announcement which also includes the link to the bug tracker
can be found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html

Also, the 32bit Chrome package needed for the Flash and Widevine plugins
doesn't exist anymore, because Google has dropped support for 32bit
distros, see here for the announcement:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU

On our end, we need to fix the patch for the plugin paths to work for
the latest dev channel. The change is very minor, because the
nix_plugin_paths_46.patch only doesn't apply because of an iOS-related
ifdef.

Built and tested on my Hydra at:

https://headcounter.org/hydra/eval/311511

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #13665
2016-03-05 22:53:13 +01:00
Franz Pletz
cb3d27df93 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-05 18:55:30 +01:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
aszlig
c3d82f0fbf
chromium/updater: Fix eval error on stdenv.is32bit
There is no stdenv.is32bit, so let's just use !stdenv.is64bit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 03:16:26 +01:00
aszlig
8d5accb691
chromium/updater: Fix getting latest versions
Comparing the current version with the version in sources list and
accidentally swapping the version arguments isn't going to get very far
because every new version that will come up will then be treated as "we
already have that version".

So we're now using versionOlder and also a check whether the version is
the *same* as the one in sources.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 02:55:00 +01:00
Robin Gloster
fed49425c5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-03 16:11:55 +00:00
Derek Gonyeo
f681ceb593 uzbl: version 20120514 -> v0.9.0 2016-03-01 23:15:26 -05:00
Robin Gloster
d47857c3d9 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-01 21:09:17 +00:00
Luca Bruno
5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
Robin Gloster
3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
aszlig
54b4912566
chromium: Regenerate sources.nix with new updater
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
28b289efa6
chromium: Refactor updater entirely in Nix
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.

Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.

The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.

This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
716b79d3a5
chromium: Provide SHA256s for beta/dev plugins
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
aszlig
459642b8de
chromium/updater: Allow a single plugin arch
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.

Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.

This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
zimbatm
30891166be Merge pull request #11997 from benley/google-chrome-variants
google-chrome: add -beta and -unstable variants
2016-02-26 00:13:00 +00:00
Graham Christensen
712d59225e chromium{,Beta,Dev}: 48.0.2564.97 -> 48.0.2564.116
From the debian security mailing list:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.

CVE-2016-1623

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

    lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.

CVE-2016-1626

    An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

    It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

    An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.
2016-02-25 12:00:12 -06:00
zimbatm
7848d215f4 Merge pull request #13094 from nathan7/chromium-flash-version-jq
chromium/plugins: use jq for extracting the Flash version
2016-02-23 22:45:42 +00:00
Robin Gloster
f2d5bda7c9 vimprobable2: turn off format hardening 2016-02-20 22:34:06 +00:00
Robin Gloster
bc21db3692 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-19 21:16:14 +00:00
Frederik Rietdijk
4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Nathan Zadoks
2610986991 chromium/plugins: use jshon for extracting the Flash version from JSON 2016-02-19 12:31:08 +01:00
zimbatm
97bbc37b6f rekonq: fix homepage url 2016-02-16 14:11:36 +00:00
zimbatm
a6ac8d7915 Merge pull request #13020 from colemickens/fix-widevine
chromium/plugins: Fix widevine substitution
2016-02-16 10:14:16 +00:00
Cole Mickens
a5a5c1d9cd chromium/plugins: Fix widevine substitution
Fixes: #12840
Related to: 61042a5

61042a5 changes the replaced token from $something to @something@. This
commit repeats that change in one additional location used by the
WideVine plugin
2016-02-15 18:04:16 -08:00
Franz Pletz
41698c9efa Merge branch 'master' into hardened-stdenv 2016-02-15 20:05:29 +01:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Franz Pletz
657c56678c firefox-esr: 38.5.2esr -> 38.6.1esr 2016-02-12 08:02:31 +01:00
Franz Pletz
70925f0a92 firefox: 44.0 -> 44.0.2 2016-02-12 08:02:24 +01:00
Franz Pletz
b276f4f171 Merge pull request #12945 from taku0/firefox-bin-44.0.1
firefox-bin: 44.0.1 -> 44.0.2
2016-02-12 07:55:54 +01:00
taku0
6d3f909975 firefox-bin: 44.0.1 -> 44.0.2 2016-02-12 10:15:23 +09:00
Arseniy Seroka
885acea1dd Merge pull request #12891 from taku0/firefox-bin-44.0.1
firefox-bin: 44.0 -> 44.0.1
2016-02-11 16:57:20 +03:00
Vladimír Čunát
0609154a19 wrapFirefox: add enableAdobeReader
So far we only have 32-bit package.
It will be silently missed on 64-bit ATM.
2016-02-10 23:27:28 +00:00
Vladimír Čunát
177464ade9 wrapFirefox: add enableAdobeReader
So far we only have 32-bit package.
It will be silently missed on 64-bit ATM.
2016-02-09 18:21:40 +01:00
taku0
74270469db firefox-bin: 44.0 -> 44.0.1 2016-02-10 00:03:00 +09:00
Robin Gloster
9229e9c656 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-07 11:17:57 +00:00
Vladimír Čunát
d3a3aa8674 Merge #12740: multiple outputs for Qt 5 and KDE 5 2016-02-03 17:09:09 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
aszlig
61042a5b6a
chromium/plugins: Use @var@ for passing variables
There is already a pull request from @colemickens, who has just reversed
the variable references $flash and $flashVersion but the fix is kinda
fragile as he points out himself in #12713.

The reason the wrong substition was made is that both variables begin
with the same name and we do a simple replace instead of a more
complicated one using builtins.match.

So staying simple but to still not raising issues with other variables
that begin with the same name I'm now using @var@ instead, like we use
in substituteAll and other substituters (like the ones in CMake or
autotools) deal with it.

Note that I'm not using $var$ here to make sure it doesn't get confused
with real shell variables.

So with this fix in place, the wrapper now has the following flags:

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=20.0.0.294

Previously we had (#12710):

  --ppapi-flash-path=/nix/store/.../lib/libpepflashplayer.so
  --ppapi-flash-version=/nix/store/...-binary-plugins-flashVersion

Thanks to @colemickens for reporting and putting up a pull request.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12710
Fixes: #12713
2016-02-02 17:39:08 +01:00
aszlig
ff90f52375
chromium: Remove import-from-derivation again
This reverts commit f7af2272a2.

We're going to fix #12710 properly by reintroducing 38c77bb and fixing
the shell variable substitution.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-02 17:39:08 +01:00
Franz Pletz
1026673f37 firefox: 43.0.4 -> 44.0 2016-02-01 18:10:47 +01:00
Tony White
8491d0d1ca chromium: 47.0.2526.106 - > 48.0.2564.97
- Fixes CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615
  CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620.
- Moves chromium stable and beta channels up one version major.
  vcunat made dev channel stay for now, as it wouldn't download otherwise.
  This is most of PR #12717.
2016-02-01 12:12:07 +01:00
Thomas Tuegel
2f4087b13d google-talk-plugin: udev -> libudev 2016-01-31 21:15:03 -06:00
Franz Pletz
8ec3bce8f8 links: Remove package & deprecate for links2
This package is deprecated and superseeded by links2 which also provides the
links binary this maintaining backwards-compatibility.

Debian removed links back in 2008:

  https://packages.qa.debian.org/l/links.html

Fixes #12623.
2016-01-31 11:46:35 +01:00
Vladimír Čunát
f7af2272a2 Revert "chromium: Do not rely on import-from-derivation"
This reverts commit 38c77bb72c.
In this form it causes problems #12710.
2016-01-31 10:03:57 +01:00
Robin Gloster
f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz
954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
taku0
85f5394c5f firefox-bin: 43.0.4 -> 44.0 2016-01-27 23:34:42 +09:00
Nikolay Amiantov
5bc8f09b65 Merge pull request #12577 from zohl/flashplayer
Standalone flashplayers
2016-01-26 00:49:02 +03:00
Al Zohali
d9066cd36f flashplayer-standalone: init at 11.2.202.559 2016-01-24 19:29:02 +03:00
Tuomas Tynkkynen
dc8e939dbc treewide: Mass replace 'cups}/lib' to refer the 'out' output 2016-01-24 10:03:33 +02:00
Tobias Geerinckx-Rice
32d40f0f98 Remove no longer (or never) referenced patches
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
Gabriel Ebner
889a05ea5b qutebrowser: 0.5.0 -> 0.5.1 2016-01-22 14:19:23 +01:00
Vladimír Čunát
0957359568 Merge branch 'staging' 2016-01-22 13:48:35 +01:00
Vladimír Čunát
3317eef084 Merge #12414: qutebrowser: fix various things 2016-01-21 11:56:50 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
taku0
fba7544812 firefox-bin: wrap firefox-bin (close #12416) 2016-01-18 10:42:57 +01:00
aszlig
85dd89f6eb
chromium: Remove myself from maintainers
Working on Chromium really drives me nuts due to its build time, also I
really don't have quite a lot of time these days to properly maintain it
anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:35:28 +01:00
aszlig
38c77bb72c
chromium: Do not rely on import-from-derivation
This has been introduced by me in 690a845 and discovered by @vcunat in
his comment over at:

690a845de9 (commitcomment-14209868)

It's really a bit ugly to have builds running during evaluation, but
back when I made that commit the reason was to avoid having to shell
quote the hell out of it (see the comment in mkPluginInfo for the
reason).

Now we propagate plugin flags and environment variables as a list of
arguments in a plain file that's appended verbatim to makeWrapper, so
it shouldn't do any builds anymore during instantiation.

I have tested this with both just WideVine and just Flash enabled as
well as both in combination and none of the plugins and the output seems
correct. However I didn't test to run Chromium with the new
implementation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Vladimír Čunát <vcunat@gmail.com>
2016-01-18 03:35:28 +01:00
Gabriel Ebner
23b3e6430e qutebrowser: 0.4.1 -> 0.5.0
Fixes #8568 by using the release tarballs.
2016-01-16 07:23:44 +01:00
Gabriel Ebner
dbd3a5ff20 qutebrowser: use correct plugin versions
Since PyQt uses Qt 5.5, we need to use the Qt plugins from 5.5 as well,
and gstreamer plugins from 1.0.
2016-01-16 07:23:44 +01:00
Vladimír Čunát
c29df5f8a7 firefox: fixup ${name} problems introduced in 2e78e19
Fixes #12403. I'm sorry for the problems. Thanks to @mdorman!
2016-01-15 13:32:36 +01:00
Vladimír Čunát
98218971c2 Merge #12299: make firefox-like browsers wrapped by default 2016-01-15 08:53:58 +01:00
Vladimír Čunát
2e78e19de0 firefox: put "unwrapped" into its name
I'm not certain about this, so I'm trying for firefox only.
Rationale: it might be confusing to see two firefox-${version} instances
in logs or paths, so I wanted to differentiate them.
2016-01-15 08:36:22 +01:00
Vladimír Čunát
a8f1d40c1f all-packages: browserWrapper -> browser
- I chose to keep `browser-unwrapped` attributes so that it's much
  easier to override parameters for the browser (through `packageOverrides`).
- Aliases `browserWrapper` are retained for now, as usual.
2016-01-15 08:36:08 +01:00
Jakob Gillich
c8b231a40c w3m: update to actively maintained debian repo
The official repository has last been updated in 2013,
meanwhile there are a lot of issues like non-existant
certificate verification. The debian repository is actively
maintained and already includes most of our custom patches,
so we use it instead.

Fixes #12257, closes #12259.

vcunat appended commit date to version.
2016-01-14 13:06:48 +01:00
Kranium Gikos Mendoza
ae6686441e bluejeans: 2.100.102.8 -> 2.125.24.5 2016-01-12 12:31:13 +08:00
Vladimír Čunát
95c1429e62 wrapFirefox: move out of all-packages.nix, change defaults
- I don't think that amount of code belonged into all-packages.nix.
- Now the default name of the wrapped package is identical
  with the command that runs the browser.
- Other defaults were changed according to how the wrapper is
  (almost always) used.
- `meta` is improved: mostly inherited with priority above
  the unwrapped package.
2016-01-10 15:08:00 +01:00
Avery Glitch
440444d69d vimb: 2.9 -> 2.11 2016-01-08 10:57:32 +11:00
Eelco Dolstra
094723f0bc firefox: 43.0.3 -> 43.0.4 2016-01-07 16:14:51 +01:00
taku0
a9abdc8426 firefox-bin: 43.0.3 -> 43.0.4 2016-01-07 22:10:44 +09:00
Tobias Geerinckx-Rice
4df7006319 netsurf: remove dead package & dependencies
Not updated since 2009 (!), not working since 2013.

cc @marcweber
2016-01-06 01:46:16 +01:00
Eelco Dolstra
bab578f961 firefox-esr: 38.5.0 -> 38.5.2 2016-01-05 12:29:31 +01:00
Eelco Dolstra
9bce31e9b6 firefox: 43.0 -> 43.0.3 2016-01-05 12:29:31 +01:00
Arseniy Seroka
371dd85c84 Merge pull request #12104 from taku0/firefox-bin-43.0.3
firefox-bin: 43.0.2 -> 43.0.3
2016-01-03 20:28:02 +03:00
Pascal Wittmann
f8da54d83d surf: move to correct category 2016-01-03 15:49:55 +01:00
taku0
12a6fc722f firefox-bin: 43.0.2 -> 43.0.3 2016-01-03 20:03:53 +09:00
Michael Alan Dorman
c140bd697b flashplayer: 11.2.202.554 -> 11.2.202.559 2016-01-01 14:03:08 -05:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Domen Kožar
6da327b433 Chromium updates 2015-12-29 19:32:38 +01:00
Vladimír Čunát
08dd527cc7 Merge branch 'staging'
http://hydra.nixos.org/eval/1234895
The mass errors on Hydra seem transient; I verified ghc on i686-linux.
Only darwin jobs are queued ATM. There's a libpng security update
included in this merge, so I don't want to wait too long.
2015-12-29 17:14:35 +01:00
Benjamin Staffin
c8368cf124 google-chrome: add -beta and -unstable variants
It is a little weird that chromium has chromium, chromiumBeta,
chromiumDev but this one is google-chrome, google-chrome-beta,
google-chrome-dev.  Not quite sure what the best resolution is, if any.
2015-12-28 00:40:45 -08:00
Charles Strahan
9e34985430 w3m: use Arch patches
Fix the built-in help (perl.patch)
  https://bugs.archlinux.org/task/45608

Properly link w3mimgdisplay to x11
  https://bbs.archlinux.org/viewtopic.php?id=196093

Fix rendering bug in w3mimgdisplay (w3m_rgba.patch)
  https://github.com/hut/ranger/issues/86

Don't ignore input tags with invalid types (form_unkown.patch)
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615843

Fix a segfault when using https (https.patch)
  https://bugzilla.redhat.com/show_bug.cgi?id=707994
2015-12-25 15:26:14 -05:00
taku0
fe287dea9b firefox-bin: 43.0.1 -> 43.0.2 2015-12-24 23:08:28 +09:00
Robin Gloster
f8ee267576 w3m: do not always link to RAND_egd for openssl
This fixes the build for libressl >= 2.3 as RAND_egd has been removed as
it is insecure.
2015-12-23 22:10:01 +00:00
Thomas Tuegel
5ff1c58606 Merge pull request #11839 from ttuegel/qt-5.4
Qt infrastructure update
2015-12-20 08:11:52 -06:00
Thomas Tuegel
143d6123dc qutebrowser: Qt 5 infrastructure update 2015-12-20 07:56:54 -06:00
taku0
e24211df8f firefox-bin: 43.0 -> 43.0.1 2015-12-20 22:26:25 +09:00
Nikolay Amiantov
8c1770769f flashplayer: fix 32-bit version 2015-12-17 15:09:24 +03:00
Arseniy Seroka
326801e0ac Merge pull request #11758 from taku0/firefox-bin-43.0
firefox-bin: 42.0 -> 43.0
2015-12-17 13:05:57 +03:00
Eelco Dolstra
7651680615 firefox: 42.0 -> 43.0 2015-12-16 17:24:58 +01:00
Eelco Dolstra
d8d04c8cf3 firefox-esr: 38.4.0 -> 38.5.0 2015-12-16 16:03:39 +01:00
taku0
df02ed5696 firefox-bin: 42.0 -> 43.0 2015-12-16 09:55:39 +09:00
Arseniy Seroka
c7b320656f Merge pull request #11714 from ericsagnes/jumanji
jumanji: fixed source
2015-12-14 22:46:41 +03:00
Eric Sagnes
a77569fd97 jumanji: fixed source 2015-12-15 02:46:04 +09:00
Eelco Dolstra
1ae8f0f0f7 Merge pull request #11675 from abbradar/flashplayer-archive
flashplayer: cleanup, use archive as a source
2015-12-14 13:56:20 +01:00
Ambroz Bizjak
03cf5e6627 chromium: Updates.
- dev: 48.0.2564.22 -> 49.0.2587.3
- beta: 48.0.2564.23 -> 48.0.2564.41
- stable: 47.0.2526.73 -> 47.0.2526.80
2015-12-13 17:00:13 +01:00
Nikolay Amiantov
26e738206c flashplayer: cleanup, use archive as a source
Most work done by ericsagnes
2015-12-13 16:28:52 +03:00
Echo Nolan
f01c56f109 Remove Echo Nolan from maintainers
I'm not using Nix anymore.
2015-12-12 22:59:11 -08:00
Luca Bruno
5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Michael Raskin
0a64071932 flashplayer: 11.2.202.540 -> 11.2.202.554 2015-12-08 23:28:53 +01:00
Ambroz Bizjak
b9093f1c64 chromium: Updates, fixes #11492
Built and run Beta and Stable locally. Dev is surrently superseded by Stable so
it doesn't matter much.

- Dev: 47.0.2508.0 -> 48.0.2564.22
- Beta: 46.0.2490.64 -> 48.0.2564.23
- Stable: 45.0.2454.101 -> 47.0.2526.73

Changed the SSL dependencies to the supported configuration on Linux (according
to Torne @Freenode/#chromium-support).

- NSS is a dependency since it is used to access the ceritiface store.
- Dropped system OpenSSL support, the bundled BoringSSL is used.

This probably fixes issue #10555. Note that without this adjustment the build
fails even.

Dropped uneeded old patches.
2015-12-07 14:52:15 +01:00
Arseniy Seroka
f6754747bd Merge pull request #11513 from oxij/fix-w3m-on-darwin
w3m: turn off mouseSupport on Darwin
2015-12-07 03:03:08 +03:00
Jan Malakhovski
53f93b0b7e w3m: turn off mouseSupport on Darwin
Fixes an issue reported at https://github.com/NixOS/nixpkgs/pull/11222/files#r46774825
2015-12-06 20:44:29 +00:00
Emery Hemingway
2b6dcdfcd0 Rename 'emery' maintainer handle to 'ehmry', fixes #11493
Communication happens on Github so names should be consistent.
2015-12-05 23:06:20 +01:00
Vladimír Čunát
263fd55d4b Merge recent staging built on Hydra
http://hydra.nixos.org/eval/1231884
Only Darwin jobs seem to be queued now,
but we can't afford to wait for that single build slave.
2015-12-05 11:11:51 +01:00
Evgeny Egorochkin
78d3164ff1 midori: add a missing dependency to buildInputs 2015-12-01 00:26:49 +02:00
Jan Malakhovski
caed1528a3 w3m: fix w3mimgdisplay, refactor the expression, make batch and nox versions, use batch version where appropriate 2015-11-26 00:34:09 +00:00
Luca Bruno
a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Vladimír Čunát
13eca6f79a Merge #11067: SmartOS updates
I amended some commits slightly.
2015-11-23 14:45:44 +01:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Pascal Wittmann
7fd2796e99 Replace 'with plaforms; platform' with 'platforms.platform' 2015-11-17 21:30:43 +01:00
Danny Wilson
62ff7367d5 LDFLAGS hack is only required for SmartOS builds 2015-11-17 11:21:12 +01:00
Danny Wilson
546601cf4b SmartOS: Fix w3m build 2015-11-16 17:20:11 +01:00
taku0
b3a40786c0 firefox-bin: 41.0.2 -> 42.0 (close #10821) 2015-11-16 16:39:26 +01:00
Matthijs Steen
0ceda119d7 google-chrome: init at 45.0.2454.101-1 (close #10892)
As suggested the Google Chrome .deb file that is used for Chromium's plugins is reused.
vcunat removed lots of newlines, as the style was diverging from the
majority far too much (IHHO).
2015-11-16 15:15:51 +01:00
William A. Kennington III
588a950df9 firefox: Updates
- 41.0.2 -> 42.0
  - 38.3.0 -> 38.4.0
2015-11-04 00:58:28 -08:00
Domen Kožar
5c37ce8aa7 Merge pull request #10562 from obadz/chromium-srtp-crash-fix
Revert "chromium: 45.0.2454.101 -> 46.0.2490.71"
2015-10-29 10:54:26 +01:00
Brian McKenna
492ccdd52d chromium: include WideVine patch to get NetFlix
Close #10444, fixes #8749.
For some reason it's more involved than just setting gyp configuration,
we also have to set some definitions in widevine_cdm_version.h according
to the comments left in the file. Arch Linux does this already and so we
should probably just use the patch they created while getting Netflix to
work:

https://code.google.com/p/chromium/issues/detail?id=429452#c16
2015-10-29 07:30:04 +01:00
Vladimír Čunát
6d31e9b81d flashplayer: update 11.2.202.535 -> 11.2.202.540
Tested by @wedens.
2015-10-24 13:32:38 +02:00
Cillian de Róiste
063c27ec77 chromium: remove myself from the maintainers list 2015-10-24 13:11:02 +02:00
obadz
2b7c156079 Revert "chromium: 45.0.2454.101 -> 46.0.2490.71"
This reverts commit 0ad0fbdf8a.

This upgrade causes "Aw, Snap" crashes on websites that use srtp
such as Google Hangouts.

Details: https://github.com/NixOS/nixpkgs/issues/10555
2015-10-23 17:01:37 +01:00
Domen Kožar
b7088df010 Merge pull request #10277 from obadz/chromium-screensharing-bugfix
chromium: add enable_hangout_services_extension=true
2015-10-21 21:14:56 +02:00
Jude Taylor
283c83785f bluejeans: fix evaluation on non-linux 2015-10-20 16:24:41 -07:00
Michael Raskin
fe6226af8a firefox: 41.0.1 -> 41.0.2 2015-10-16 19:28:34 +03:00
taku0
45705d584a firefox-bin: 41.0.1 -> 41.0.2 2015-10-16 09:30:23 +09:00
William A. Kennington III
0ad0fbdf8a chromium: 45.0.2454.101 -> 46.0.2490.71 2015-10-15 13:13:56 -07:00
William A. Kennington III
fc69fadfe4 chromiumBeta: 46.0.2490.52 -> 46.0.2490.64 2015-10-15 13:13:55 -07:00
Ricardo M. Correia
18cad45480 flashplayer: 11.2.202.521 -> 11.2.202.535 2015-10-15 11:20:38 +02:00
Vladimír Čunát
8e381b89a1 glib-networking: split the dev output
That's done to get rid of propagatedBuildInputs from regular closure.
Also references were fixed, mainly to its gio modules.
2015-10-13 20:18:56 +02:00
Vladimír Čunát
ba9b80c7e0 nspr,nss: split into multiple outputs
Hopefully most references are OK.
2015-10-13 20:18:44 +02:00
Nikolay Amiantov
70bb555368 opera: fix build 2015-10-10 14:24:05 +03:00
obadz
d90040afd8 chromium: add enable_hangout_services_extension=true to fix screensharing bug
as suggested in: https://code.google.com/p/chromium/issues/detail?id=416856#c53
2015-10-07 20:39:22 +01:00
Domen Kožar
161bf6c8cd Merge pull request #10220 from enolan/update-flash
flashplayer: 11.2.202.508 -> 11.2.202.521 security
2015-10-04 15:23:55 +02:00
Vladimír Čunát
b44d846990 udev: complete rework
- systemd puts all into one output now (except for man),
  because I wasn't able to fix all systemd/udev refernces
  for NixOS to work well
- libudev is now by default *copied* into another path,
  which is what most packages will use as build input :-)
- pkgs.udev = [ libudev.out libudev.dev ]; because there are too many
  references that just put `udev` into build inputs (to rewrite them all),
  also this made "${udev}/foo" fail at *evaluation* time
  so it's easier to catch and change to something more specific
2015-10-04 10:03:53 +02:00
William A. Kennington III
759c86c817 chromiumBeta: 46.0.2490.42 -> 46.0.2490.52 2015-10-03 22:22:21 -07:00
Echo Nolan
89931277de flashplayer: add myself to maintainers 2015-10-03 20:54:38 -07:00
Echo Nolan
78dd7f8543 flashplayer: 11.2.202.508 -> 11.2.202.521 security
Several CVEs, listed here:
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Tested by installing firefox-wrapper with nix-env and running twitch.tv
and a flash game.
2015-10-03 20:54:23 -07:00
Gabriel Ebner
31779e6347 qutebrowser: 0.4.0 -> 0.4.1 2015-10-03 15:30:32 +02:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Eelco Dolstra
25bb1e10f3 firefox: Update to 41.0.1 2015-10-01 13:51:24 +02:00
taku0
57155e04a7 firefox-bin: 41.0 -> 41.0.1, thunderbird-bin: 38.2.0 -> 38.3.0 2015-10-01 20:44:37 +09:00