Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: e2d067d76035974a77bcb15526d5414b3823a123
https://github.com/NixOS/nixpkgs/commit/e2d067d76035974a77bcb15526d5414b3823a123
Author: Scott R. Parish <srpar...@gmail.com>
Date: 2016-05-28 (Sat, 28 May 2016)
Changed paths:
M pkgs/applications/networking/browsers/chromium/upstream-info.nix
Log Message:
-----------
chromium: Update to latest stable and beta channel
Overview of updated versions:
stable: 50.0.2661.102 -> 51.0.2704.63
beta: 51.0.2704.47 -> 51.0.2704.63
I tried to update dev, but couldn't get it to compile, it was failing
with a "'isnan' was not declared in this scope.
As far as I can tell, at the moment the beta and stable channels are
on the same version.
The stable update addresses the following security issues:
* High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit
to Mariusz Mlynski.
* High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz
Mlynski.
* High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz
Mlynski.
* High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz
Mlynski.
* High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit
to Rob Wu.
* Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of
Qihoo 360.
* High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
* High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
* High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen
of OUSPG.
* High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic
of Cisco Talos.
* Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to
KingstonTime.
* Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas
Gregoire.
* Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas
Gregoire.
* Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu
of Tencent's Xuanwu LAB.
* Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu
of Tencent's Xuanwu LAB.
* Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
* Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
* Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte
Kettunen of OUSPG.
* Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
* Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen
of OUSPG.
* Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit
to Til Jasper Ullrich.
* Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to
Khalil Zhani.
* Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan
Lester and Bryant Zadegan.
See:
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Commit: 0f4095ec5069515a5ecdcb3f9b9b0d18ff090a30
https://github.com/NixOS/nixpkgs/commit/0f4095ec5069515a5ecdcb3f9b9b0d18ff090a30
Author: aszlig <asz...@redmoonstudios.org>
Date: 2016-05-28 (Sat, 28 May 2016)
Changed paths:
M pkgs/applications/networking/browsers/chromium/upstream-info.nix
Log Message:
-----------
chromium: Fix hash for beta Debian package
I'm not sure how the wrong hash ended up being there, but I've checked
the hash from three different machines (and networks) just to be sure I
didn't make a mistake.
Signed-off-by: aszlig <asz...@redmoonstudios.org>
Commit: c7a3645e7bfe8bd6db7d3d9a320c2f07ea582347
https://github.com/NixOS/nixpkgs/commit/c7a3645e7bfe8bd6db7d3d9a320c2f07ea582347
Author: aszlig <asz...@redmoonstudios.org>
Date: 2016-05-28 (Sat, 28 May 2016)
Changed paths:
M pkgs/applications/networking/browsers/chromium/common.nix
R
pkgs/applications/networking/browsers/chromium/patches/build_fixes_46.patch
R
pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_46.patch
Log Message:
-----------
chromium: Remove stuff for versions <= v51
We're already on version 52, so there really is no need to keep all
those conditionals and old patches anymore.
Tested dropping the unconditional build_fixes_46.patch via the Chromium
VM tests.
Signed-off-by: aszlig <asz...@redmoonstudios.org>
Commit: 79d18eb6045b33e081fbce4b66374ea75dfeeb5f
https://github.com/NixOS/nixpkgs/commit/79d18eb6045b33e081fbce4b66374ea75dfeeb5f
Author: aszlig <asz...@redmoonstudios.org>
Date: 2016-05-28 (Sat, 28 May 2016)
Changed paths:
M pkgs/applications/networking/browsers/chromium/common.nix
A
pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_52.patch
M pkgs/applications/networking/browsers/chromium/upstream-info.nix
Log Message:
-----------
chromium: Update dev channel to v52.0.2743.10
With this update we need to rebase the nix_plugin_paths patch, which was
done by @srp and I took it from his comment at:
https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677
Other than that, using libjpeg from nixpkgs fails to link:
https://headcounter.org/hydra/build/1114273
Rather than just using versionAtLeast to check for >= version 52, we're
matching on the explicit version number. That way we can make sure that
we (try to) build with system libjpeg again so we can keep it out of the
overall Chromium build time.
Built and tested using the VM tests on my Hydra at:
https://headcounter.org/hydra/eval/322006
Signed-off-by: aszlig <asz...@redmoonstudios.org>
Commit: b5f95a5303a4bf20b513c2a4f636b82cb588239a
https://github.com/NixOS/nixpkgs/commit/b5f95a5303a4bf20b513c2a4f636b82cb588239a
Author: aszlig <asz...@redmoonstudios.org>
Date: 2016-05-28 (Sat, 28 May 2016)
Changed paths:
M pkgs/applications/networking/browsers/chromium/common.nix
R
pkgs/applications/networking/browsers/chromium/patches/build_fixes_46.patch
R
pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_46.patch
A
pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_52.patch
M pkgs/applications/networking/browsers/chromium/upstream-info.nix
Log Message:
-----------
Merge pull request #15762 (Chromium update)
This is the original pull request plus some commits from me to bring all
channels to the latest versions, because the fixed security
vulnerabilites might not be fixed in the dev version we had before.
I've tested the whole changeset on my Hydra at:
https://headcounter.org/hydra/eval/322006
Thanks to @srp for the initial commit and thus implicitly also for the
security notice.
Cc: @abbradar
Compare: https://github.com/NixOS/nixpkgs/compare/7a023d50b9ff...b5f95a5303a4_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits
