Commit Graph

3415 Commits

Author SHA1 Message Date
Graham Christensen
e54434751a chromium: 49.0.2626.75 -> 50.0.2661.26 for CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 2016-03-10 14:57:29 -06:00
Thomas Tuegel
f21ed7a86a Merge pull request #13814 from Profpatsch/quassel-static
quasselDaemon: option for static linking
2016-03-10 10:00:41 -06:00
Profpatsch
8871c6fabc quasselDaemon: option for static linking 2016-03-10 15:17:07 +01:00
Graham Christensen
b87ebf2b62 pidgin-otr: 4.0.1 -> 4.0.2 for CVE-2016-2851 2016-03-09 17:20:36 -06:00
Arseniy Seroka
2c8d8d83d7 Merge pull request #13773 from taku0/firefox-bin-45.0
firefox-bin: 44.0.2 -> 45.0
2016-03-09 17:21:58 +03:00
Robin Gloster
937574a206 Merge pull request #13771 from zimbatm/remove-rq
rq: package removed
2016-03-09 08:22:17 +01:00
taku0
153468aa5e firefox-bin: 44.0.2 -> 45.0 2016-03-09 09:06:42 +09:00
zimbatm
0ced8f386c rq: package removed
rq only compiles with ruby 1.8 which we don't distribute anymore.

the source is dead.

there is a 1.9 branch over https://github.com/pjotrp/rq that hasn't been
touched for 4 years.
2016-03-08 21:36:59 +00:00
Ricardo M. Correia
19b92ce265 Merge pull request #13762 from hrdinka/update/transmission
transmission: 2.90 -> 2.92
2016-03-08 16:59:54 +01:00
joachifm
236eb55b08 Merge pull request #13752 from mboes/fix-spark-hash
spark: Fix tarball hash.
2016-03-08 15:01:40 +00:00
Christoph Hrdinka
c5695bc8be transmission: 2.90 -> 2.92 2016-03-08 15:40:17 +01:00
Christoph Hrdinka
48dde66cd7 communi: fix output paths 2016-03-08 13:35:03 +01:00
Mathieu Boespflug
6cf1853f29 spark: Fix tarball hash.
Maybe tarball changed upstream. Who knows.

Fixes #13703
2016-03-07 23:16:26 +01:00
joachifm
046e5011b4 Merge pull request #13691 from AndersonTorres/cutegram
Cutegram: add qtimageformats (for sticker support)
2016-03-07 14:10:08 +00:00
Christoph Hrdinka
d3e3b135ea pidgin: fix gstreamer plugin path
Closes #13722, fixes #13719 and maybe #10556.
2016-03-07 07:03:49 +01:00
joachifm
dca363b9a0 Merge pull request #13381 from kevincox/mesos-0.27.1
Mesos: 26.0 -> 27.1
2016-03-06 14:44:26 +00:00
Kevin Cox
ee9b151f5b marathon: 0.15.1 -> 0.15.3 2016-03-06 08:05:26 -05:00
Kevin Cox
2843d83905 Mesos: 26.0 -> 27.1 2016-03-05 22:49:48 -05:00
aszlig
8b97ca270e
chromium: Update all channels to latest versions
Overview of the updated versions:

stable: 48.0.2564.116 -> 49.0.2623.75
beta:   49.0.2623.63  -> 49.0.2623.75
dev:    50.0.2657.0   -> 50.0.2661.11

Stable and beta are now in par because of the release of a major stable
update.

The release addresses 26 security vulnerabilities, the following with an
assigned CVE:

 * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz
                  Mlynski.
 * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
 * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
 * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
 * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and
                  Bryant Zadegan.
 * CVE-2015-8126: Out-of-bounds access in libpng. Credit to
                  joerg.bornemann.
 * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
 * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
 * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
 * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan
                  Herrera.
 * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of
                  OUSPG.

The full announcement which also includes the link to the bug tracker
can be found here:

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html

Also, the 32bit Chrome package needed for the Flash and Widevine plugins
doesn't exist anymore, because Google has dropped support for 32bit
distros, see here for the announcement:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU

On our end, we need to fix the patch for the plugin paths to work for
the latest dev channel. The change is very minor, because the
nix_plugin_paths_46.patch only doesn't apply because of an iOS-related
ifdef.

Built and tested on my Hydra at:

https://headcounter.org/hydra/eval/311511

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #13665
2016-03-05 22:53:13 +01:00
AndersonTorres
af85404412 Cutegram: add qtimageformats (for sticker support)
This commit adds preliminary sticker support for Cutegram.
2016-03-05 11:41:39 -03:00
aszlig
c3d82f0fbf
chromium/updater: Fix eval error on stdenv.is32bit
There is no stdenv.is32bit, so let's just use !stdenv.is64bit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 03:16:26 +01:00
aszlig
8d5accb691
chromium/updater: Fix getting latest versions
Comparing the current version with the version in sources list and
accidentally swapping the version arguments isn't going to get very far
because every new version that will come up will then be treated as "we
already have that version".

So we're now using versionOlder and also a check whether the version is
the *same* as the one in sources.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-05 02:55:00 +01:00
Graham Christensen
ca6108a2a1 wireshark: 2.0.0 -> 2.0.2 for: CVE-2016-2521 CVE-2016-2522 CVE-2016-2523 CVE-2016-2524 CVE-2016-2525 CVE-2016-2526 CVE-2016-2527 CVE-2016-2528 CVE-2016-2529 CVE-2016-2531 CVE-2016-2532 2016-03-04 13:31:31 -06:00
Bruno Bzeznik Bruno.Bzeznik@imag.fr
15c4167d28 kanif: init at 1.2.2 2016-03-04 12:22:29 +01:00
Lancelot SIX
95f22a6fb5 pkgs.taktuk: fix remote url 2016-03-04 10:30:42 +01:00
Lancelot SIX
f689bc9629 Merge pull request #13656 from bzizou/taktuk
taktuk: init at 3.7.5
2016-03-04 10:27:19 +01:00
Bruno Bzeznik Bruno.Bzeznik@imag.fr
92e86f03b0 taktuk: init at 3.7.5 2016-03-04 10:11:08 +01:00
Arseniy Seroka
dfbf0b27a4 Merge pull request #13497 from AndersonTorres/cutegram
cutegram: 2.7.0 -> 2.7.1
2016-03-03 09:04:17 +03:00
AndersonTorres
14aa382f03 cutegram: 2.7.0 -> 2.7.1
And some minor changes
2016-03-03 02:21:31 -03:00
AndersonTorres
f70ba914ef telegram-qml: 0.9.1 -> 0.9.2 2016-03-03 02:19:07 -03:00
AndersonTorres
bd71f511e5 libqtelegram-aseman-edition: 6.0 -> 6.1 2016-03-03 02:18:07 -03:00
Pascal Wittmann
ba7b5ad530 filezilla: 3.15.0.2 -> 3.16.0 2016-03-02 23:14:31 +01:00
Pascal Wittmann
369ede9235 mcabber: 1.0.1 -> 1.0.2 2016-03-02 22:37:14 +01:00
Derek Gonyeo
f681ceb593 uzbl: version 20120514 -> v0.9.0 2016-03-01 23:15:26 -05:00
Luca Bruno
5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
Thomas Tuegel
5947f565ed Merge pull request #13049 from bendlas/update-dropbox-master
dropbox: 3.12.6 -> 3.14.7
2016-02-29 11:16:36 -06:00
Domen Kožar
756604cc08 transmission: 2.84 -> 2.90 2016-02-29 13:08:33 +00:00
zimbatm
69ce5cb656 use the sourceforge mirrors everywhere
find pkgs -name "*.nix" -exec sed -r \
    "s|https?://downloads.sourceforge.net/|mirror://sourceforge/|g" -i {} \;
2016-02-28 12:07:42 +00:00
Graham Christensen
4a54794d18 xara: broken due to patch-tracker.debian.org being missing. 2016-02-27 16:13:47 -06:00
zimbatm
90525b718f Merge pull request #11141 from cresh/darwin-msmtp
msmtp: Enable on OS X with Keychain integration.
2016-02-27 00:02:53 +00:00
aszlig
54b4912566
chromium: Regenerate sources.nix with new updater
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
28b289efa6
chromium: Refactor updater entirely in Nix
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.

Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.

The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.

This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
aszlig
716b79d3a5
chromium: Provide SHA256s for beta/dev plugins
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
aszlig
459642b8de
chromium/updater: Allow a single plugin arch
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.

Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.

This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 10:55:51 +01:00
zimbatm
30891166be Merge pull request #11997 from benley/google-chrome-variants
google-chrome: add -beta and -unstable variants
2016-02-26 00:13:00 +00:00
Graham Christensen
712d59225e chromium{,Beta,Dev}: 48.0.2564.97 -> 48.0.2564.116
From the debian security mailing list:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.

CVE-2016-1623

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

    lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.

CVE-2016-1626

    An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

    It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

    An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.
2016-02-25 12:00:12 -06:00
Austin Seipp
4da1711988 nixpkgs: bittorrentSync20 2.3.0 -> 2.3.3
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2016-02-24 22:28:16 -06:00
Austin Seipp
a2d1cbd019 nixpkgs: bittorrentSync20 2.2.7 -> 2.3.0
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2016-02-24 22:23:49 -06:00
Arseniy Seroka
c84f56e3d3 Merge pull request #12344 from hrdinka/update/znc
Update and add new ZNC modules
2016-02-24 18:57:17 +03:00
zimbatm
fa46b448d7 Merge pull request #13019 from tg-x/qtox
qtox: 20151221 -> 1.2.4, libtoxcore-dev: 20160105 -> 20160131
2016-02-23 22:52:09 +00:00