* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Also fix such obsolete flags:
* `use_gconf` was already known to become obsolete with Chromium 65
* `enable_hotwording` has been removed in upstream commit d693f0c7ab
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/qutebrowser/versions.
These checks were done:
- built on NixOS
- /nix/store/d5f7w3hcgxzhk1sgk1gjnl36nrq30wlm-qutebrowser-1.3.2/bin/qutebrowser passed the binary check.
- /nix/store/d5f7w3hcgxzhk1sgk1gjnl36nrq30wlm-qutebrowser-1.3.2/bin/..qutebrowser-wrapped-wrapped passed the binary check.
- /nix/store/d5f7w3hcgxzhk1sgk1gjnl36nrq30wlm-qutebrowser-1.3.2/bin/.qutebrowser-wrapped passed the binary check.
- 3 of 3 passed binary check by having a zero exit code.
- 0 of 3 passed binary check by having the new version present in output.
- found 1.3.2 with grep in /nix/store/d5f7w3hcgxzhk1sgk1gjnl36nrq30wlm-qutebrowser-1.3.2
- directory tree listing: https://gist.github.com/86db26ab52e4c4aaabb2949ceba69142
- du listing: https://gist.github.com/47c80976cbfff66061ccbffa47d02669
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/qutebrowser/versions.
These checks were done:
- built on NixOS
- /nix/store/g9592dbmfj1icx0njg1dhj094v2l8rcj-qutebrowser-1.3.1/bin/qutebrowser passed the binary check.
- /nix/store/g9592dbmfj1icx0njg1dhj094v2l8rcj-qutebrowser-1.3.1/bin/..qutebrowser-wrapped-wrapped passed the binary check.
- /nix/store/g9592dbmfj1icx0njg1dhj094v2l8rcj-qutebrowser-1.3.1/bin/.qutebrowser-wrapped passed the binary check.
- 3 of 3 passed binary check by having a zero exit code.
- 0 of 3 passed binary check by having the new version present in output.
- found 1.3.1 with grep in /nix/store/g9592dbmfj1icx0njg1dhj094v2l8rcj-qutebrowser-1.3.1
- directory tree listing: https://gist.github.com/c6f74ace4cd8ac51662079876bcef904
- du listing: https://gist.github.com/c1a964f74432d7f8c83f9825d26fbad0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/palemoon/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1/bin/palemoon -h’ got 0 exit code
- ran ‘/nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1/bin/palemoon --help’ got 0 exit code
- ran ‘/nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1/bin/palemoon -V’ and found version 27.9.1
- ran ‘/nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1/bin/palemoon -v’ and found version 27.9.1
- ran ‘/nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1/bin/palemoon --version’ and found version 27.9.1
- found 27.9.1 with grep in /nix/store/zcw80dly8ka0wa1afkl8wb01mg4aqdhx-palemoon-27.9.1
- directory tree listing: https://gist.github.com/5f0a5b316dd9c9cc0a59be36561c1b66
Update includes 4 security fixes, including one critical (see [0]):
* [835887] Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
* [836858] High CVE-2018-6121: Privilege Escalation in extensions.
* [836141] High CVE-2018-6122: Type confusion in V8.
* [$5000][833721] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17
[0] https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html
PS: Didn't build Beta and Dev, verified only Stable for now
cc @bendlas @aszlig
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/qutebrowser/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/qutebrowser -h’ got 0 exit code
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/qutebrowser --help’ got 0 exit code
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/..qutebrowser-wrapped-wrapped -h’ got 0 exit code
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/..qutebrowser-wrapped-wrapped --help’ got 0 exit code
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/.qutebrowser-wrapped -h’ got 0 exit code
- ran ‘/nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0/bin/.qutebrowser-wrapped --help’ got 0 exit code
- found 1.3.0 with grep in /nix/store/nckfqg5crmyrx3aazk6szii42qy7v1g3-qutebrowser-1.3.0
- directory tree listing: https://gist.github.com/b9f575b232cde51598aeed723a03f7ec
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/palemoon/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0/bin/palemoon -h’ got 0 exit code
- ran ‘/nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0/bin/palemoon --help’ got 0 exit code
- ran ‘/nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0/bin/palemoon -V’ and found version 27.9.0
- ran ‘/nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0/bin/palemoon -v’ and found version 27.9.0
- ran ‘/nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0/bin/palemoon --version’ and found version 27.9.0
- found 27.9.0 with grep in /nix/store/0qfxznyni5ivyrj3hs0w6dhlk3z4kfaq-palemoon-27.9.0
- directory tree listing: https://gist.github.com/d3039819d96bec3615450de44abbffc4
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 0.9.96 with grep in /nix/store/hy3dyckwbq8x0ylgydqf3hsd0yyj38mf-otter-browser-0.9.96
- directory tree listing: https://gist.github.com/3ba5ac755cab96acd876703e94dff4b4
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.
This update was made based on information from https://repology.org/metapackage/qutebrowser/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/qutebrowser -h` got 0 exit code
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/qutebrowser --help` got 0 exit code
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/..qutebrowser-wrapped-wrapped -h` got 0 exit code
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/..qutebrowser-wrapped-wrapped --help` got 0 exit code
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/.qutebrowser-wrapped -h` got 0 exit code
- ran `/nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1/bin/.qutebrowser-wrapped --help` got 0 exit code
- found 1.2.1 with grep in /nix/store/p9a5d6129dvx6gqbxn9fqgsmx7hnhwxb-qutebrowser-1.2.1
- directory tree listing: https://gist.github.com/b85ebb5c38a8861cac255f78b5c16525
The icons for Firefox are in a new location in the unwrapped package; the
wrapper is updated to reflect that. This should have no effect on other browers
that provide their own icons in the default XDG location.
This is optional (`libcardiacarrest` has a workaround for this bug
because there's `firefox-bin` that I can't fix), but with this applied things
are a bit smoother.
Semi-automatic update. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 27.8.0 with grep in /nix/store/vqardwl9d7s3wdgapj4ybzrgpw5w3671-palemoon-27.8.0
Since firefox 58.0.1 the google api key is now stored at an absolute
path ($TMPDIR/ga). Since variable expansion in `configureFlags` does not
really work (as expected) the build started failing when using the
legacy firefox build system. With the newer `./mach` based builds
firefox reads the configure flags from `.mozconfig` instead.
This commit moves the `with-google-api-keyfile=` setting into the
`preConfigure` phase where we can properly expand `$TMPDIR` into
whatever the path is.
As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at
https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
have permission to use the official firefox branding.
Fur purposes of documentation the statement of @sylvestre:
> As the person who did part of the work described in the LWN article
> and release manager working for Mozilla, I can confirm the statement
> that I made in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006
>
> @garbas shared with me the list of patches applied for the Nix package.
> As they are just for portability and tiny modifications, they don't
> alter the experience of the product. In parallel, Rok also shared the
> build options. They seem good (even if I cannot judge the quality of the
> packaging of the underlying dependencies like sqlite, png, etc).
> Therefor, as long as you keep the patch queue sane and you don't alter
> the experience of Firefox users, you won't have any issues using the
> official branding.
