Age | Commit message (Collapse) | Author | Files | Lines |
|
polypane: 17.0.0 -> 17.1.0
|
|
|
|
vivaldi: 6.5.3206.48 -> 6.5.3206.50
|
|
|
|
|
|
https://community.brave.com/t/release-channel-1-61-120/526928
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
This update includes 4 security fixes. Google is aware of reports that
an exploit for CVE-2024-0519 exists in the wild.
CVEs:
CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
This update includes 4 security fix.
CVEs:
CVE-2024-0517 CVE-2024-0518 CVE-2024-0519
|
|
|
|
|
|
After #235912 changed the binary name for some Firefox packages, the meta.mainProgram value was no longer accurate and commands such as nix run nixpkgs#firefox-devedition failed because /bin/firefox was executed instead of /bin/firefox-devedition.
This sets meta.mainProgram to launcherName, which contains the nameSuffix set in #235912, instead of inheriting the unwrapped package's mainProgram, which is always firefox with no suffix.
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
This update includes 1 security fix.
CVEs:
CVE-2024-0333
|
|
https://www.mozilla.org/en-US/firefox/121.0.1/releasenotes/
|
|
https://www.mozilla.org/en-US/firefox/121.0.1/releasenotes/
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
This update includes 1 security fix.
CVEs:
CVE-2024-0333
|
|
|
|
|
|
{ungoogled-,}chromium: 120.0.6099.129 -> 120.0.6099.199, improve and move `recompressTarball`
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
This update includes 6 security fixes.
CVEs:
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
|
|
chromium: drop inactive maintainers, CODEOWNERS: init chromium
|
|
https://community.brave.com/t/release-channel-1-61-114/524569
|
|
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
This update includes 6 security fixes.
CVEs:
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
|
|
Recap: We need that (arguably stupid) helper function/drv because the
chromium tarball is big -- and is likely to increase even more in the
future. So big, that we eventually exceeded hydra.nixos.org's
max-output-limit (3G). Instead of raising global hydra's limit, it was
decided that we recompress the tarball after deleting unused vendored
files from it.
I spent a lot of time on a version/prototype that does everything
(downloading, decompression, tar extraction, deleting unused files,
reproducible tar recreation and finally recompression) via stdin but
eventually had to scratch that.
GNU tar does not allow to create a tarball just from stdin, nixpkgs'
stdenv isn't built with stdin/stdout/pipes in mind, and things a lot of
other things I probably already forgot.
Nonetheless, this version improves multiple things:
- No more `mv` (used to be multiple, not just ours, since fetchzip had
some as well)
- No more `rm` to get rid of the extracted files before recompressing.
Instead, we simply don't extract them in the first place (thanks to
tar's --exlude).
- No more "no space left" that happened due to `downloadToTemp = true;`.
- Multithreaded xz decompression, since that commit is still in
staging-next.
We cannot use stdenv's unpackFile() because that does not allow us to
specify the needed --exclude (and --strip-components=1 if we don't want
to rely on glob matching).
The hash changed because we now have a static base directory ("source")
in the tarball, instead of whatever upstream provided us with (e.g.
"chromium-120.0.6099.129").
|
|
polypane: 16.0.0 -> 17.0.0
|
|
opera: 105.0.4970.21 -> 106.0.4998.19
|
|
chromium: use llvm 17
|
|
microsoft-edge: 119.0.2151.72 -> 120.0.2210.61
|
|
vivaldi: 6.5.3206.39 -> 6.5.3206.48
|
|
|
|
|
|
Specifically the maintainers section is quite outdated and prone to get
out of sync with whatever primary data we have (mostly meta.maintainers)
in each derivation.
In an attempt to lower the risk of ending up out of sync again, we
simply remove the maintainer handles.
Also adds a mention for the newly from source built electron variant, as
almost everything except `upstream-info.nix` bumps will trigger electron
rebuilds as well.
And lastly, removes mentions of `chromium{Beta,Dev}` and the
accompanying `google-chrome-{beta,dev}, that have been removed a few
months ago.
I might look into reworking bigger parts of the README.md in the future,
but this honestly isn't that high of a priority for me for now.
|
|
|
|
https://github.com/mullvad/mullvad-browser/releases/tag/13.0.7
|
|
https://blog.torproject.org/new-release-tor-browser-1307/
https://blog.torproject.org/new-release-tor-browser-1308/
|
|
|
|
floorp: 11.6.1 -> 11.7.1
|
|
|
|
brave: 1.61.101 -> 1.61.109
|
|
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
This update includes 1 security fix. Google is aware that an exploit
for CVE-2023-7024 exists in the wild.
CVEs:
CVE-2023-7024
|
|
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
This update includes 1 security fix. Google is aware that an exploit
for CVE-2023-7024 exists in the wild.
CVEs:
CVE-2023-7024
|
|
|
|
|
|
https://community.brave.com/t/release-channel-1-61-109/522518
|
|
|
|
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
Fixes CVE-2023-6856
Fixes CVE-2023-6857
Fixes CVE-2023-6858
Fixes CVE-2023-6859
Fixes CVE-2023-6860
Fixes CVE-2023-6861
Fixes CVE-2023-6862
Fixes CVE-2023-6863
Fixes CVE-2023-6864
Fixes CVE-2023-6865
Fixes CVE-2023-6867
|
|
https://www.mozilla.org/en-US/firefox/121.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
Fixes CVE-2023-6135
Fixes CVE-2023-6856
Fixes CVE-2023-6857
Fixes CVE-2023-6858
Fixes CVE-2023-6859
Fixes CVE-2023-6860
Fixes CVE-2023-6861
Fixes CVE-2023-6863
Fixes CVE-2023-6864
Fixes CVE-2023-6865
Fixes CVE-2023-6866
Fixes CVE-2023-6867
Fixes CVE-2023-6868
Fixes CVE-2023-6869
Fixes CVE-2023-6870
Fixes CVE-2023-6871
Fixes CVE-2023-6872
Fixes CVE-2023-6873
|
|
https://www.mozilla.org/en-US/firefox/121.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/
Fixes CVE-2023-6135
Fixes CVE-2023-6856
Fixes CVE-2023-6857
Fixes CVE-2023-6858
Fixes CVE-2023-6859
Fixes CVE-2023-6860
Fixes CVE-2023-6861
Fixes CVE-2023-6863
Fixes CVE-2023-6864
Fixes CVE-2023-6865
Fixes CVE-2023-6866
Fixes CVE-2023-6867
Fixes CVE-2023-6868
Fixes CVE-2023-6869
Fixes CVE-2023-6870
Fixes CVE-2023-6871
Fixes CVE-2023-6872
Fixes CVE-2023-6873
|
|
Our ./maintainers/README.md has a section titled "How to lose maintainer
status", which describes an "inactivity measure":
Maintainers how haven't reacted to "package-related notifications" for
more than 3 months can be removed.
All those 4 maintainers that are getting dropped as part of this commit
haven't responded to any such notifications (mostly review pings) for at
least 3 months.
|
|
chromium: never use libpng-apng patch
|
|
|