At the time of this writing, Midori has not been updated for CVE-2024-9680. There have been "reports of this vulnerability being exploited in the wild."
Update: Fixed in commit 38bb05d
Git Clone URL: | https://aur.archlinux.org/midori-git.git (read-only, click to copy) |
---|---|
Package Base: | midori-git |
Description: | Web browser based on Floorp |
Upstream URL: | https://github.com/goastian/midori-desktop |
Licenses: | MPL-2.0 |
Conflicts: | midori |
Provides: | midori |
Submitter: | SolarAquarion |
Maintainer: | xiota |
Last Packager: | xiota |
Votes: | 148 |
Popularity: | 0.001784 |
First Submitted: | 2018-10-28 14:20 (UTC) |
Last Updated: | 2024-10-30 18:48 (UTC) |
At the time of this writing, Midori has not been updated for CVE-2024-9680. There have been "reports of this vulnerability being exploited in the wild."
Update: Fixed in commit 38bb05d
@maaarghk aur/midori-git
has not built the WebKit version since Nov 2022, when it was switched to the Electron version. When it was switched to the Floorp version, I made sure it was clearly stated in the description so users would be aware of what they may be installing.
The 9.x PKGBUILD was updated and preserved to satisfy use cases similar to yours.
I think you would satisfy the maximum number of people by pointing this back at midori-browser even though the webkit version is totally unmaintained, this basically is now a completely different piece of software than it was before. I don't really think it's appropriate to change this to point at a totally different piece of software than it was pointing to before after several years even if a company recycled the name and abandoned the first. I don't know if the Arch guidelines say about this. But as someone who had it installed my expectation was to have (and continue to have) webkit based browser to test things with, not to get some shitty Firefox fork.
Besides, the astian people seem like they would be happier maintaining their own AUR package, if they could even manage to follow the rules for long enough to get it submitted.
edit: acht, I see PKGBUILD.midori-classic in the midori
package. It'll do.
@SolarAquarion I've decided against using the description you suggested.
@ponchale When creating a package description for a package, do not include the package name in a self-referencing way. For example, "Nedit is a text editor for X11" could be simplified to "A text editor for X11". Also try to keep the descriptions to ~80 characters or less.
private and secure browser forked from Floorp
@ponchale Do not post any more comments, except for legitimate packaging issues.
I will not entertain any request to change description from you because you have repeatedly ignored problems with previous attempts. Find someone else at your organization with better communication skills.
"Midori Web Browser by Astian" has the same problem as your previous attempts. It is in violation of Arch packaging guidelines for being self referencing. It does not distinguish from previous Midori incarnations because Astian was involved with all of them. The merger was Feb 2019, while the last webkit-based version 9.0 was released Jul 2019.
The description is for users to know what the package is. The current description is adequate for that purpose.
What different name do you propose that does not violate Arch Linux's AUR policies?
We do not request a version change, we request a description change in the package. Making reference to this is something totally incomprehensible given that how do you think we should refer to Midori? I am part of the group that developed Midori 7 and 9 as well as the team that develops the current version of Midori. How do you think we should refer to Midori?
Ok Since it seems that the conflict is generated by the description of Midori Web Browser by Astian, a more consistent description that allows us to differentiate.
@ponchale "Midori Web Browser" – again – is self referencing, in violation of Arch packaging guidelines. Again – does not distinguish from previous Midori incarnations. I will consider your failure to comprehend to be a translation barrier. Do not request any more description changes.
Also, since you mention an upcoming 11.2.1 release, I am notifying you ahead of time: Do not request version bumps on this package. This is a git package that uses the latest available commit when built by users.
@xiota Midori Web Browser our final request
Pinned Comments
xiota commented on 2024-01-18 05:33 (UTC) (edited on 2024-05-18 08:25 (UTC) by xiota)
Midori 11.x.y is based on Floorp.
For Midori 9.x, based on WebKit, use
PKGBUILD.midori-classic
(included withaur/midori
).If you have problems building, try building in a clean chroot.
Some options are available:
_build_pgo=false makepkg
– Build without PGO. Faster compilation, but reduced performance._build_pgo_reuse=false makepkg
– Make a new profile. Can delete the old profile for similar effect._build_pgo_xvfb=true makepkg
– Usexvfb
for profiling.This package reuses the previously created PGO profile to reduce rebuild times while retaining most of the performance benefit of PGO. Generate a new profile when:
Avoid flagging and commenting at the same time for the same issue.