From e2d067d76035974a77bcb15526d5414b3823a123 Mon Sep 17 00:00:00 2001 From: "Scott R. Parish" Date: Thu, 26 May 2016 12:24:41 -0700 Subject: chromium: Update to latest stable and beta channel Overview of updated versions: stable: 50.0.2661.102 -> 51.0.2704.63 beta: 51.0.2704.47 -> 51.0.2704.63 I tried to update dev, but couldn't get it to compile, it was failing with a "'isnan' was not declared in this scope. As far as I can tell, at the moment the beta and stable channels are on the same version. The stable update addresses the following security issues: * High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. * High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. * High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. * High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. * High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. * High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. * High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. * Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. * Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. * Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. * Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html --- .../networking/browsers/chromium/upstream-info.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'pkgs/applications') diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 4cc459397d3e..e633f25558b2 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,9 +1,9 @@ # This file is autogenerated from update.sh in the same directory. { beta = { - sha256 = "0l1434wqhi6c24qyb5ysg1wnd0s9l9i1k6kh6wr3s4acrsbb7p12"; - sha256bin64 = "1ssw92l8zwj8x0zs5h6vxl7d7gj0lqb0x71vsazgd4d0p23nglb1"; - version = "51.0.2704.47"; + sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj"; + sha256bin64 = "1kjnxxf2ak8v1akzxz46r7a7r6bhxjb2y9fhr1fqvks3m4jc5zqw"; + version = "51.0.2704.63"; }; dev = { sha256 = "0czp4p434yqr5rv3w2vypkyis13x8lc4xph8yh84r9big1ga6fqs"; @@ -11,8 +11,8 @@ version = "52.0.2729.3"; }; stable = { - sha256 = "1ijpbmn38znjjb3h8579x5gsclgjx122lvm0afv17gf2j3w5w4qj"; - sha256bin64 = "17vqvxmy6llg7dpc3pxi0qhwpm9qc9rsq8lgknhwwygvkl8g14sb"; - version = "50.0.2661.102"; + sha256 = "1sgfwh2b0aw6l5v4ggk7frcy306x3ygxk81p3h6zdy5s1rpf8hxj"; + sha256bin64 = "1kjnxxf2ak8v1akzxz46r7a7r6bhxjb2y9fhr1fqvks3m4jc5zqw"; + version = "51.0.2704.63"; }; } -- cgit 1.4.1