From 75eb7fd73604c180268d05da519e01eb4b2ad198 Mon Sep 17 00:00:00 2001 From: bill-auger Date: Thu, 11 Jun 2020 12:57:03 -0400 Subject: [qutebrowser]: upgrade to v1.12.0 --- libre/qutebrowser/PKGBUILD | 14 +++--- libre/qutebrowser/warning-webkit.html | 15 ++++++ libre/qutebrowser/webkit-warning.patch | 88 ---------------------------------- 3 files changed, 23 insertions(+), 94 deletions(-) create mode 100644 libre/qutebrowser/warning-webkit.html delete mode 100644 libre/qutebrowser/webkit-warning.patch diff --git a/libre/qutebrowser/PKGBUILD b/libre/qutebrowser/PKGBUILD index dd0f8ca3d..1925d3100 100644 --- a/libre/qutebrowser/PKGBUILD +++ b/libre/qutebrowser/PKGBUILD @@ -3,20 +3,22 @@ # Contributor (Arch): Florian Bruhin (The Compiler) # Maintainer: Omar Vega Ramos # Contributor: André Silva +# Contributor: bill-auger # parabola changes and rationale: # - removed qt5-webengine dependency # - set webkit backend as default +# - condensed the excessive webkit rant on the welcome screen pkgname=qutebrowser -pkgver=1.11.1 +pkgver=1.12.0 pkgrel=1 _pkgrel_armv7h=.parabola1 # this could be an 'any' package _pkgrel_i686=.parabola1 # but our different arches do not always roll at the same speed _pkgrel_x86_64=.parabola1 eval "pkgrel+=\$_pkgrel_${CARCH}" pkgdesc="A keyboard-driven, vim-like browser based on PyQt5" -pkgdesc+=" and QtWebKit, without nonfree qt5-webengine recommendation" +pkgdesc+=" and QtWebKit" arch=('armv7h' 'i686' 'x86_64') url="https://www.qutebrowser.org/" license=("GPL") @@ -32,11 +34,11 @@ optdepends=("gst-libav: media playback with qt5-webkit backend" options=(!emptydirs) source=("https://github.com/qutebrowser/qutebrowser/releases/download/v$pkgver/qutebrowser-$pkgver.tar.gz" "https://github.com/qutebrowser/qutebrowser/releases/download/v$pkgver/qutebrowser-$pkgver.tar.gz.asc" - "webkit-warning.patch") + "warning-webkit.html") validpgpkeys=("E04E560002401B8EF0E76F0A916EB0C8FD55A072") # Florian Bruhin -sha256sums=('7a3354cb28efcec2cc4549b8ab37e1c4b81b45c51f52e87fdfb9380100afb533' +sha256sums=('41bbd5ede2ba74dc691e0e3b59aad59dd5a7426e39bf82ecedd59b4d22f4dc5f' 'SKIP' - '41da24c74fca7a716a672bab2924e7c1de8e83ad4bdcec3b0ba055baba6459f2') + 'e18216f24387b61a109611958bb59248beaf5afc90da8654e29ea8b0a7ef1610') _version_constraint() # (dep_pkgname) @@ -52,7 +54,7 @@ _version_constraint() # (dep_pkgname) prepare() { cd "$pkgname-$pkgver" - patch -Np1 < $srcdir/webkit-warning.patch + cp "$srcdir"/warning-webkit.html qutebrowser/html/ } build() { diff --git a/libre/qutebrowser/warning-webkit.html b/libre/qutebrowser/warning-webkit.html new file mode 100644 index 000000000..c4aa6a952 --- /dev/null +++ b/libre/qutebrowser/warning-webkit.html @@ -0,0 +1,15 @@ +{% extends "styled.html" %} + +{% block content %} +

{{ title }}

+ +

You're using qutebrowser with the QtWebKit backend.

+ +
WARNING: This release [of QtWebKit] is based on [an] old +WebKit revision with known unpatched vulnerabilities. Please use it +carefully and avoid visiting untrusted websites and using it for +transmission of sensitive data.
+ +

If that bothers you, it is recommended that you use another web browser instead, +such as IceCat, IceWeasel, or Epiphany.

+{% endblock %} diff --git a/libre/qutebrowser/webkit-warning.patch b/libre/qutebrowser/webkit-warning.patch deleted file mode 100644 index e659e68ee..000000000 --- a/libre/qutebrowser/webkit-warning.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff --git a/qutebrowser/html/warning-webkit.html b/qutebrowser/html/warning-webkit.html -index 7fc2290..938762c 100644 ---- a/qutebrowser/html/warning-webkit.html -+++ b/qutebrowser/html/warning-webkit.html -@@ -2,81 +2,14 @@ - - {% block content %} -

{{ title }}

--Note this warning will only appear once. Use :open --qute://warning/webkit to show it again at a later time. - -

You're using qutebrowser with the QtWebKit backend.

- --

While QtWebKit has gained some traction again recently, its latest release --(5.212.0 Alpha 3) is still based on an old upstream WebKit. It also lacks --various security features (process isolation/sandboxing) present in --QtWebEngine. From the upstream release notes:

-- -
WARNING: This release is based on old WebKit revision with known - unpatched vulnerabilities. Please use it carefully and avoid visiting untrusted - websites and using it for transmission of sensitive data. Wait for new release - from qtwebkit-dev branch to use it with untrusted content.
- --

It's recommended that you use QtWebEngine instead.

-- --

(Outdated) reasons to use QtWebKit

--

Most reasons why people preferred the QtWebKit backend aren't relevant anymore:

-- --

PDF.js support: Supported with QtWebEngine since qutebrowser v1.5.0.

-- --

Missing control over Referer header: content.headers.referer is supported with QtWebEngine since --qutebrowser v1.5.0.

-- --

Missing control over cookies: With Qt 5.11 or newer, the content.cookies.accept setting works on QtWebEngine.

-- --

Graphical glitches: The new values for the qt.force_software_rendering setting added in v1.4.0 should --hopefully help.

-- --

Missing support for notifications: With qutebrowser v1.7.0, initial --notification support was added for Qt 5.13.0.

-- --

Resource usage: qutebrowser v1.5.0 added the qt.process_model and qt.low_end_device_mode settings which can be used to --decrease the resource usage of QtWebEngine (but come with other drawbacks).

-- --

Not trusting Google: Various people have checked the connections made --by QtWebEngine/qutebrowser, and it doesn't make any connections to Google (or --any other unsolicited connections at all). Arguably, having to trust Google --also is a smaller issue than having to trust every website you visit because of --heaps of security issues...

-- --

Nouveau graphic driver: You can use QtWebEngine with software --rendering. With Qt 5.13 (~May 2019) it might be possible to run with Nouveau --without software rendering.

-- --

Wayland: It's possible to use QtWebEngine with XWayland. With Qt --5.11.2 or newer, qutebrowser also runs natively with Wayland.

-- --

Instability on FreeBSD: Those seem to be FreeBSD-specific crashes, --and unfortunately nobody has looked into them yet so far...

-- --

QtWebEngine being unavailable in ArchlinuxARM's PyQt package: --QtWebEngine itself is available on the armv7h/aarch64 architectures, but their --PyQt package is broken and doesn't come with QtWebEngine support. This --has --been reported in their forums, but without any change so far. It should --however be possible to rebuild the PyQt package from source with QtWebEngine --installed.

-- --

QtWebEngine being unavailable on Parabola: Claims of Parabola --developers about QtWebEngine being "non-free" have repeatedly been disputed, --and so far nobody came up with solid evidence about that being the case. Also, --note that their qutebrowser package is usually very outdated (even qutebrowser --security fixes took months to arrive there). You might be better off chosing an -- alternative install --method.

-- --

White flashing between loads with a custom stylesheet: This doesn't --seem to happen with qt.process_model = single-process --set. However, note that that setting comes with decreased security and --stability, but QtWebKit doesn't have any process isolation at all.

-+

If that bothers you, it is recommended that you use another web browser instead, -+such as IceCat, IceWeasel, or Epiphany.

- {% endblock %} -- cgit v1.2.3