Also fix such obsolete flags:
* `use_gconf` was already known to become obsolete with Chromium 65
* `enable_hotwording` has been removed in upstream commit d693f0c7ab
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
this introduces a standard approach to playing with patches from the
gentoo repository.
the patches for 64 are a first guess during a build in progress
cc @YorikSar @aszlig
Includes security fixes for CVE-2017-15398 and CVE-2017-15399.
Also fixes builds for beta and dev branches:
- backport https://webrtc-review.googlesource.com/9384 to fix build for
new webrtc revision
- for dev branch fix gn bootstrap, see
https://chromium-review.googlesource.com/758584
- for 63+ manpage now is not generated during ninja build, it is
processed with sed using packagers tools included in sources
also fix beta/dev build - use harfbuzz from sources
Unfortunatelly after [0] chromium doesn't support using harfbuzz provided by
system while using vendored version of freetype.
Disabling usage of separate harfbuzz for now.
[0] https://chromium-review.googlesource.com/c/chromium/src/+/696241
This should allow us to easily add system-wide Chromium extensions via a
NixOS configuration similar to this:
{ pkgs, ... }: {
environment.pathsToLink = [ "/share/chromium/extensions" ];
environment.systemPackages = [ pkgs.my-shiny-extension ];
}
For more details about what Chromium expects within that directory, see:
https://developer.chrome.com/extensions/external_extensions
I've introduced this because of a personal desire to gain more control
about which extensions are installed and what they are able to do. All
of the extensions I use are free software, but despite that it's useful
to either easily patch them and also prevent unwanted automatic updates.
Tested this using the NixOS "chromium.stable" test on x86_64-linux.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @offlinehacker because of #21050
somehow, the build seems to have changed with chromium 58, to not auto
download the node binary. It is needed to generate webui files and we
can substitute our own.
Versions before 56 already had experimental support for Gtk 3 and since
version 56, Gtk 3 _seemed_ to become the default. Although it's now
requiring *both* Gtk 2 and Gtk3, so let's supply the dependency for now
to get it to build.
In the future however we might want to add use_gtk3 to the GN flags and
get rid of Gtk 2 completely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Before version 54, the WideVine CDM plugin was built unconditionally and
it seems since version 54 this now is dependent upon a GYP/GN flag on
whether to include the CDM shared library or not.
Also, we now use a patch from Gentoo which should hopefully get the CDM
plugin to work properly, at least according to their bugtracker:
https://bugs.gentoo.org/show_bug.cgi?id=547630
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Seems that these libraries aren't the ones Chromium is expecting to be,
so let's switch to use the bundled version of these libraries instead.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Previously I've added the extra file common-gn.nix in addition to
common.nix, so we can possibly have a smooth transition from current
stable to the new version 54.
Unfortunately, version 53 is already EOL and we have to move to version
54 as soon as possible so we can only use GN and thus it doesn't make
sense to provide expressions for GYP anymore.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This should now be the upstream default and there also is no more flag
for GN to set it, so we'll no longer need it on our side as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This moves libsystemd.so and libudev.so into systemd.lib, and gets rid
of libudev (which just contained a copy of libudev.so and the udev
headers). It thus reduces the closure size of all packages that
(indirectly) depend on libsystemd, of which there are quite a few (for
instance, PulseAudio and dbus). For example, it reduces the closure of
Blender from 430.8 to 400.8 MiB.
Closes#17460
Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.
Does not trigger a Chromium rebuild.
cc @cleverca22 @joachifm @jasom
First step towards addressing #17460
In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
stable 51.0.2704.63 => 51.0.2704.103
beta 51.0.2704.63 => 52.0.2743.41
dev 52.0.2743.10 => 53.0.2767.4
This addresses 15 security fixes, including:
* High CVE-2015-1696: Cross-origin bypass in Extension bindings. Credit to
anonymous.
* High CVE-2015-1697: Cross-origin bypass in Blink. Credit to Mariusz
Mlynski.
* Medium CVE-2016-1698: Information leak in Extension bindings. Credit to
Rob Wu.
* Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit
to Gregory Panakkal.
* Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
* Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
* Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
See: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
With this update we need to rebase the nix_plugin_paths patch, which was
done by @srp and I took it from his comment at:
https://github.com/NixOS/nixpkgs/pull/15762#issuecomment-222230677
Other than that, using libjpeg from nixpkgs fails to link:
https://headcounter.org/hydra/build/1114273
Rather than just using versionAtLeast to check for >= version 52, we're
matching on the explicit version number. That way we can make sure that
we (try to) build with system libjpeg again so we can keep it out of the
overall Chromium build time.
Built and tested using the VM tests on my Hydra at:
https://headcounter.org/hydra/eval/322006
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We're already on version 52, so there really is no need to keep all
those conditionals and old patches anymore.
Tested dropping the unconditional build_fixes_46.patch via the Chromium
VM tests.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Overview of the updated versions:
stable: 49.0.2623.87 -> 49.0.2623.110
beta: 50.0.2661.26 -> 50.0.2661.49
dev: 50.0.2661.18 -> 51.0.2693.2
Most notably, this includes a series of urgent security fixes:
* CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from
Tencent KeenLab.
* CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
* CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
* CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt
working with HP's Zero Day Initiative / Pwn2Own.
* CVE-2016-1650: Denial of service in PageCaptureSaveAsMHTMLFunction
The official release announcement with details about these fixes can be
found here:
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html
Beta and stable could be also affected, although I didn't do a detailed
check whether that's the case.
As this introduces Chromium 51 as the dev version, I had to make the
following changes to make it build:
* libexif got removed, so let's do that on our end as well.
See https://codereview.chromium.org/1803883002 for details.
* Chromium doesn't seem to compile with our version of libpng, so let's
resort to the bundled libpng for now.
* site_engagement_ui.cc uses isnan outside of std namespace, so
we're fixing that in postPatch using sed.
I have successfully built all versions on i686-linux and x86_64-linux
and tested it using the VM tests.
Test reports can be found at the following evaluation of my Hydra:
https://headcounter.org/hydra/eval/314584
Thanks to @grahamc for reporting this.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Graham Christensen <graham@grahamc.com>
Fixes: #14299
I originally wanted to do this a long time (a31301d) but IIRC back then
it didn't compile. Nowadays with the splitup of the gold linking flags
and the binutils integration, it's merely just a switch to flip, so
let's do that.
Only tested it by building against the current Chromium stable version
on 64bit, because right now builds on Hydra seem to time out (because of
this?) anyway so we have nothing to lose here.
The linking time was hereby reduced from >30 minutes (I didn't measure
it exactly but looked half an hour later to the build progress and it
was *still* linking) to about a few seconds, which I guess is even
though the measurement is quite bogus a tremendous improvement
nonetheless.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Only a aesthetics thingy, but also corrects the comment, because we're
essentially precompiling .py files, NOT the .pyc files (the latter are
the results).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This addresses #12794 so that we now have only a single tarball where we
base our build on instead of splitting the source into different outputs
first and then reference the outputs.
The reason I did this in the first place is that we previously built the
sandbox as a different derivation and unpacking the whole source tree
just for building the sandbox was a bit too much.
As we now have namespaces sandbox built in by default we no longer have
that derivation anymore. It still might come up however if we want to
build NaCl as a separate derivation (see #8560), but splitting the
source code into things only NaCl might require is already too much work
and doesn't weight out the benefits.
Another issue with the source splitup is that Hydra now has an output
limit for non-fixed-output derivations which we're already hitting.
Tested the build against the stable channel and it went well, but I
haven't tested running the browser.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The errors are completely non-fatal and only cause a particular file to
be not precompiled. Unfortunately this can lead to confusion to whether
these errors are real errors or not, so let's shut it up completely
because they're *not* real errors.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Built and run Beta and Stable locally. Dev is surrently superseded by Stable so
it doesn't matter much.
- Dev: 47.0.2508.0 -> 48.0.2564.22
- Beta: 46.0.2490.64 -> 48.0.2564.23
- Stable: 45.0.2454.101 -> 47.0.2526.73
Changed the SSL dependencies to the supported configuration on Linux (according
to Torne @Freenode/#chromium-support).
- NSS is a dependency since it is used to access the ceritiface store.
- Dropped system OpenSSL support, the bundled BoringSSL is used.
This probably fixes issue #10555. Note that without this adjustment the build
fails even.
Dropped uneeded old patches.
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
- systemd puts all into one output now (except for man),
because I wasn't able to fix all systemd/udev refernces
for NixOS to work well
- libudev is now by default *copied* into another path,
which is what most packages will use as build input :-)
- pkgs.udev = [ libudev.out libudev.dev ]; because there are too many
references that just put `udev` into build inputs (to rewrite them all),
also this made "${udev}/foo" fail at *evaluation* time
so it's easier to catch and change to something more specific
Since 0aad4b7, we no longer need to have an external sandbox binary,
because the upstream implementation of the user namespace sandbox no
longer needs an external sandbox binary.
In our implementation of the user namespace sandbox, we (ab)used the
setuid sandbox to run non-setuid and set up user namespaces instead.
Because our implementation is no longer needed, we can safely drop the
external binary entirely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
There has been some recent news about that component extension on hacker
news:
https://news.ycombinator.com/item?id=9724409
Even though on our side it won't work, because we don't have NaCl
enabled by default or even working (I honestly haven't tested if it even
builds if enabled), we might get to the point where we can build with
NaCl enabled.
But until and even after that day, we want to have explicit control on
whether this extension is enabled.
Please also have a look at these two issues explaining the details
(about component extensions and the hotwording extension in particular):
https://crbug.com/491435https://crbug.com/500922
Fixes issue #8358.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Changes included:
- Update versions.
- Use gyp package not gyp_svn1977.
- Remove icu from buildInputs, since this causes a build error due to inferference with use_system_icu=false.
- Remove the hack that inserts the absolute path into gyp files, and pass `--depth .` to gyp. This resolves the `third_party/angle` gyp error.
- Do a normal copy of the source code not a symlink copy. This resolves some link error where the symlinks interfere with relative paths (seems like because gyp resolves symlinks first). Note, this used to be worked around with the absolute path insertion hack.
- Change the bucketURL in update.nix to https (for more secure updates).
Works around regression from a305e6855d.
We're also marking it lowPrio to make sure nobody will accidentally
reference it using nix-env -i.
Until we have fixed#7402, we're going to build with the old gyp version
to prevent being affected by https://crbug.com/462153.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Domen Kožar
Herwig Hochleitner
volth
volth
Yuriy Taraday
Daiderd Jordan
Niklas Hambüchen
Léo Gaspard
Andrew Childs
Vladimír Čunát
Jan Tojnar
Alexander V. Nikolaev
Guillaume Maudoux
Robin Gloster
Michael Raskin
aszlig
Nicolas Truessel
Nikolay Amiantov
Frederik Rietdijk
Kirill Boltaev
Eelco Dolstra
obadz
Scott R. Parish
Luca Bruno
Ambroz Bizjak
obadz
William A. Kennington III