From 2ad59bdf8c5940acc29509decc72fee2ffa3c983 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 14:47:53 +0100 Subject: firefox-esr-68: 68.3.0esr -> 68.4.0esr --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 105a0a18d6b..9c99318b4ae 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -99,10 +99,10 @@ rec { firefox-esr-68 = common rec { pname = "firefox-esr"; - ffversion = "68.3.0esr"; + ffversion = "68.4.0esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "31zisy4l07hhm9yvxz7sx04kz1f5rl20z1w072jxaabi42sw07xr6lcflv88gwl21y902n7vwd1q1zfavpnipn65wap4i0vm8c4m6pr"; + sha512 = "29h0fm929jrk9nbb40bajf6a6s4x9w8zc2qw1hrg5jki1pabx30wdgn372pb51ak371a0q59k8p1vab6j31q7par6xvpwh7aiydfq04"; }; patches = [ -- cgit 1.4.1 From 40018e5987766639bda5fb97fe22396028e4e2bd Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 01:43:05 +0100 Subject: firefox: 71.0 -> 72.0 --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 9c99318b4ae..2e96df858c8 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -16,10 +16,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "71.0"; + ffversion = "72.0"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "0hfjlhwdhfdfzd27d6p3h8ff5m2jphlaipv4zym48bn6g95if1x98q2lb87617bxfm31di4rckjvqb70g9sm3smil6p6bnw2dsvnq1g"; + sha512 = "3ri375myxn040avylz3xdvbgyb0ixn0q1sszrsc4b9jp620j1732qixylw0lyfym5a0vkhpmihbp5kdjrmc4r26myjar5c9zjzisnd0"; }; patches = [ -- cgit 1.4.1 From aab1f2dfe28be4ea826ac1ec375e29471405aea1 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 21:39:16 +0100 Subject: firefox: 72.0 -> 72.0.1 --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 2e96df858c8..beb98c0655e 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -16,10 +16,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "72.0"; + ffversion = "72.0.1"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "3ri375myxn040avylz3xdvbgyb0ixn0q1sszrsc4b9jp620j1732qixylw0lyfym5a0vkhpmihbp5kdjrmc4r26myjar5c9zjzisnd0"; + sha512 = "37ryimi6yfpcha4c9mcv8gjk38kia1lr5xrj2lglwsr1jai7qxrcd8ljcry8bg87qfwwb9fa13prmn78f5pzpxr7jf8gnsbvr6adxld"; }; patches = [ -- cgit 1.4.1 From 204d32a746f70cb8be163a98e0d6ec7f2c8b9ee4 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 21:39:30 +0100 Subject: firefox-esr-68: 68.4.0esr -> 68.4.1esr --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index beb98c0655e..0032e607ec8 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -99,10 +99,10 @@ rec { firefox-esr-68 = common rec { pname = "firefox-esr"; - ffversion = "68.4.0esr"; + ffversion = "68.4.1esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "29h0fm929jrk9nbb40bajf6a6s4x9w8zc2qw1hrg5jki1pabx30wdgn372pb51ak371a0q59k8p1vab6j31q7par6xvpwh7aiydfq04"; + sha512 = "3nqchvyr95c9xvz23z0kcqqyx8lskw0lxa3rahiagc7b71pnrk8l40c7327q1wd4y5g16lix0fg04xiy6lqjfycjsrjlfr2y6b51n4d"; }; patches = [ -- cgit 1.4.1 From f703a3a04a657b569c0881326ffaffad31ac0bca Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Fri, 10 Jan 2020 16:58:10 +0100 Subject: firefox-esr-60: mark as vulnerable The last release was in September, so it's surely "vulnerable" now. https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/ This is the same appproach we've taken for esr-52. --- pkgs/applications/networking/browsers/firefox/packages.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 0032e607ec8..7903a345e1f 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -89,6 +89,7 @@ rec { meta = firefox.meta // { description = "A web browser built from Firefox Extended Support Release source tree"; + knownVulnerabilities = [ "Support ended around October 2019." ]; }; updateScript = callPackage ./update.nix { attrPath = "firefox-esr-60-unwrapped"; -- cgit 1.4.1 From 1efaa03d95ec5c8080c0e5bff91c41e4b3acf0a0 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 10 Jan 2020 18:08:28 +0100 Subject: firefoxPackages.tor-browser*, tor-browser-bundle: remove These are all based on firefox versions with known vulnerabilities exploited in the wild. We seriously shouldn't ship this in nixpkgs, especially not for sensitive applications as the Tor Browser. `tor-browser-bundle` is just a wrapper around `firefoxPackages.tor-browser`, so let's remove it too. `tor-browser-bundle-bin` is the much safer bet, which is individually downloaded from `dist.torproject.org` and just `patchelf`-ed locally to work on NixOS. Co-Authored-By: Alyssa Ross Co-Authored-By: Andreas Rammhold Co-Authored-By: Graham Christensen --- .../networking/browsers/firefox/packages.nix | 92 +----- .../browsers/tor-browser-bundle-bin/default.nix | 13 +- .../browsers/tor-browser-bundle/default.nix | 345 --------------------- pkgs/top-level/aliases.nix | 5 + pkgs/top-level/all-packages.nix | 6 - 5 files changed, 17 insertions(+), 444 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/tor-browser-bundle/default.nix (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 7903a345e1f..61cc6e936d2 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -196,94 +196,8 @@ in { meta.knownVulnerabilities = [ "Support ended in August 2018." ]; }; -}) // (let - - tbcommon = args: common (args // { - pname = "tor-browser"; - isTorBrowserLike = true; - - unpackPhase = '' - # fetchFromGitHub produces ro sources, root dir gets a name that - # is too long for shebangs. fixing - cp -a $src tor-browser - chmod -R +w tor-browser - cd tor-browser - - # set times for xpi archives - find . -exec touch -d'2010-01-01 00:00' {} \; - ''; - - meta = (args.meta or {}) // { - description = "A web browser built from TorBrowser source tree"; - longDescription = '' - This is a version of TorBrowser with bundle-related patches - reverted. - - I.e. it's a variant of Firefox with less fingerprinting and - some isolation features you can't get with any extensions. - - Or, alternatively, a variant of TorBrowser that works like any - other UNIX program and doesn't expect you to run it from a - bundle. - - It will use your default Firefox profile if you're not careful - even! Be careful! - - It will clash with firefox binary if you install both. But it - should not be a problem because you should run browsers in - separate users/VMs anyway. - - Create new profile by starting it as - - $ firefox -ProfileManager - - and then configure it to use your tor instance. - - Or just use `tor-browser-bundle` package that packs this - `tor-browser` back into a sanely-built bundle. - ''; - homepage = "https://www.torproject.org/projects/torbrowser.html"; - platforms = lib.platforms.unix; - license = with lib.licenses; [ mpl20 bsd3 ]; - }; - }); - -in rec { - - tor-browser-7-5 = (tbcommon { - ffversion = "52.9.0esr"; - tbversion = "7.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-52.9.0esr-7.5-2-slnos" - rev = "95bb92d552876a1f4260edf68fda5faa3eb36ad8"; - sha256 = "1ykn3yg4s36g2cpzxbz7s995c33ij8kgyvghx38z4i8siaqxdddy"; - }; - }).override { - gtk3Support = false; - }; - - tor-browser-8-5 = tbcommon rec { - ffversion = "60.9.0esr"; - tbversion = "8.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-60.9.0esr-8.5-2-slnos" - rev = "0489ae3158cd8c0e16c2e78b94083d8cbf0209dc"; - sha256 = "0y5s7d8pg8ak990dp8d801j9823igaibfhv9hsa79nib5yllifzs"; - }; - - patches = [ - missing-documentation-patch - ]; - }; - - tor-browser = tor-browser-8-5; + tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; }) diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix index 1027bf7c71d..d219ad2a02d 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix @@ -54,9 +54,6 @@ # Extra preferences , extraPrefs ? "" - -# For meta -, tor-browser-bundle }: with stdenv.lib; @@ -394,7 +391,15 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Tor Browser Bundle built by torproject.org"; - longDescription = tor-browser-bundle.meta.longDescription; + longDescription = '' + Tor Browser Bundle is a bundle of the Tor daemon, Tor Browser (heavily patched version of + Firefox), several essential extensions for Tor Browser, and some tools that glue those + together with a convenient UI. + + `tor-browser-bundle-bin` package is the official version built by torproject.org patched with + `patchelf` to work under nix and with bundled scripts adapted to the read-only nature of + the `/nix/store`. + ''; homepage = "https://www.torproject.org/"; platforms = attrNames srcs; maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm hax404 cap ]; diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix deleted file mode 100644 index 7ff099853e2..00000000000 --- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix +++ /dev/null @@ -1,345 +0,0 @@ -{ stdenv -, fetchgit -, fetchurl -, symlinkJoin - -, tor -, tor-browser-unwrapped - -# Wrapper runtime -, coreutils -, hicolor-icon-theme -, shared-mime-info -, noto-fonts -, noto-fonts-emoji - -# Audio support -, audioSupport ? mediaSupport -, apulse - -# Media support (implies audio support) -, mediaSupport ? false -, ffmpeg - -# Extensions, common -, zip - -# HTTPS Everywhere -, git -, libxml2 # xmllint -, python27 -, python27Packages -, rsync - -# Pluggable transports -, obfs4 - -# Customization -, extraPrefs ? "" -, extraExtensions ? [ ] -}: - -with stdenv.lib; - -let - tor-browser-build_src = fetchgit { - url = "https://git.torproject.org/builders/tor-browser-build.git"; - rev = "refs/tags/tbb-7.5a5-build5"; - sha256 = "0j37mqldj33fnzghxifvy6v8vdwkcz0i4z81prww64md5s8qcsa9"; - }; - - firefoxExtensions = import ./extensions.nix { - inherit stdenv fetchurl fetchgit zip - git libxml2 python27 python27Packages rsync; - }; - - bundledExtensions = with firefoxExtensions; [ - https-everywhere - noscript - torbutton - tor-launcher - ] ++ extraExtensions; - - fontsEnv = symlinkJoin { - name = "tor-browser-fonts"; - paths = [ noto-fonts noto-fonts-emoji ]; - }; - - fontsDir = "${fontsEnv}/share/fonts"; - - mediaLibPath = makeLibraryPath [ - ffmpeg - ]; -in -stdenv.mkDerivation { - pname = "tor-browser-bundle"; - version = tor-browser-unwrapped.version; - - buildInputs = [ tor-browser-unwrapped tor ]; - - dontUnpack = true; - - buildPhase = ":"; - - # The following creates a customized firefox distribution. For - # simplicity, we copy the entire base firefox runtime, to work around - # firefox's annoying insistence on resolving the installation directory - # relative to the real firefox executable. A little tacky and - # inefficient but it works. - installPhase = '' - TBBUILD=${tor-browser-build_src}/projects/tor-browser - TBDATA_PATH=TorBrowser-Data - - self=$out/lib/tor-browser - mkdir -p $self && cd $self - - TBDATA_IN_STORE=$self/$TBDATA_PATH - - cp -dR ${tor-browser-unwrapped}/lib"/"*"/"* . - chmod -R +w . - - # Prepare for autoconfig - cat >defaults/pref/autoconfig.js <mozilla.cfg <> $TBDATA_PATH/torrc-defaults - cat \ - $bundleData/$bundlePlatform/Data/Browser/profile.default/preferences/extension-overrides.js \ - $bundleData/PTConfigs/bridge_prefs.js \ - >> defaults/pref/extension-overrides.js - - # Configure geoip - # - # tor-launcher insists on resolving geoip data relative to torrc-defaults - # (and passes them directly on the tor command-line). - # - # Write the paths into torrc-defaults anyway, otherwise they'll be - # captured in the runtime torrc. - ln -s -t $TBDATA_PATH ${tor.geoip}/share/tor/geoip{,6} - cat >>$TBDATA_PATH/torrc-defaults <fonts,${fontsDir}," \ - > $TBDATA_PATH/fonts.conf - - # Generate a suitable wrapper - wrapper_PATH=${makeBinPath [ coreutils ]} - wrapper_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [ - hicolor-icon-theme - shared-mime-info - ]} - - ${optionalString audioSupport '' - # apulse uses a non-standard library path ... - wrapper_LD_LIBRARY_PATH=${apulse}/lib/apulse''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH} - ''} - - ${optionalString mediaSupport '' - wrapper_LD_LIBRARY_PATH=${mediaLibPath}''${wrapper_LD_LIBRARY_PATH:+:$wrapper_LD_LIBRARY_PATH} - ''} - - mkdir -p $out/bin - cat >$out/bin/tor-browser <&2 - exit 1 - fi - - mkdir -p "\$TBB_HOME" - - HOME=\$TBB_HOME - cd "\$HOME" - - # Re-init XDG basedir envvars - XDG_CACHE_HOME=\$HOME/.cache - XDG_CONFIG_HOME=\$HOME/.config - XDG_DATA_HOME=\$HOME/.local/share - - # Initialize empty TBB runtime state directory hierarchy. Mirror the - # layout used by the official TBB, to avoid the hassle of working - # against the assumptions made by tor-launcher & co. - mkdir -p "\$HOME/TorBrowser" "\$HOME/TorBrowser/Data" - - # Initialize the Tor data directory. - mkdir -p "\$HOME/TorBrowser/Data/Tor" - - # TBB fails if ownership is too permissive - chmod 0700 "\$HOME/TorBrowser/Data/Tor" - - # Initialize the browser profile state. Expect TBB to generate all data. - mkdir -p "\$HOME/TorBrowser/Data/Browser/profile.default" - - # Files that capture store paths; re-generated by firefox at startup - rm -rf "\$HOME/TorBrowser/Data/Browser/profile.default"/{compatibility.ini,extensions.ini,extensions.json,startupCache} - - # Clear out fontconfig caches - rm -f "\$HOME/.cache/fontconfig/"*.cache-* - - # Lift-off! - # - # TZ is set to avoid stat()ing /etc/localtime over and over ... - # - # DBUS_SESSION_BUS_ADDRESS is inherited to avoid auto-launching a new - # dbus instance; to prevent using the session bus, set the envvar to - # an empty/invalid value prior to running tor-browser. - # - # FONTCONFIG_FILE is required to make fontconfig read the TBB - # fonts.conf; upstream uses FONTCONFIG_PATH, but FC_DEBUG=1024 - # indicates the system fonts.conf being used instead. - # - # HOME, TMPDIR, XDG_*_HOME are set as a form of soft confinement; - # ideally, tor-browser should not write to any path outside TBB_HOME - # and should run even under strict confinement to TBB_HOME. - # - # XDG_DATA_DIRS is set to prevent searching system directories for - # mime and icon data. - # - # PULSE_{SERVER,COOKIE} is necessary for audio playback w/pulseaudio - # - # APULSE_PLAYBACK_DEVICE is for audio playback w/o pulseaudio (no capture yet) - # - # TOR_* is for using an external tor instance - # - # Parameters lacking a default value below are *required* (enforced by - # -o nounset). - exec env -i \ - LD_LIBRARY_PATH=$wrapper_LD_LIBRARY_PATH \ - \ - TZ=":" \ - \ - DISPLAY="\$DISPLAY" \ - XAUTHORITY="\''${XAUTHORITY:-}" \ - DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \ - \ - HOME="\$HOME" \ - TMPDIR="\$XDG_CACHE_HOME/tmp" \ - XDG_CONFIG_HOME="\$XDG_CONFIG_HOME" \ - XDG_DATA_HOME="\$XDG_DATA_HOME" \ - XDG_CACHE_HOME="\$XDG_CACHE_HOME" \ - XDG_RUNTIME_DIR="\$HOME/run" \ - \ - XDG_DATA_DIRS="$wrapper_XDG_DATA_DIRS" \ - \ - FONTCONFIG_FILE="$TBDATA_IN_STORE/fonts.conf" \ - \ - APULSE_PLAYBACK_DEVICE="\''${APULSE_PLAYBACK_DEVICE:-plug:dmix}" \ - \ - TOR_SKIP_LAUNCH="\''${TOR_SKIP_LAUNCH:-}" \ - TOR_CONTROL_PORT="\''${TOR_CONTROL_PORT:-}" \ - TOR_SOCKS_PORT="\''${TOR_SOCKS_PORT:-}" \ - \ - $self/firefox \ - -no-remote \ - -profile "\$HOME/TorBrowser/Data/Browser/profile.default" \ - "\$@" - EOF - chmod +x $out/bin/tor-browser - - echo "Syntax checking wrapper ..." - bash -n $out/bin/tor-browser - - echo "Checking wrapper ..." - DISPLAY="" XAUTHORITY="" DBUS_SESSION_BUS_ADDRESS="" TBB_HOME=$(mktemp -d) \ - $out/bin/tor-browser -version >/dev/null - ''; - - passthru.execdir = "/bin"; - meta = with stdenv.lib; { - description = "An unofficial version of the Tor Browser Bundle, built from source"; - longDescription = '' - Tor Browser Bundle is a bundle of the Tor daemon, Tor Browser (heavily patched version of - Firefox), several essential extensions for Tor Browser, and some tools that glue those - together with a convenient UI. - - `tor-browser-bundle-bin` package is the official version built by torproject.org patched with - `patchelf` to work under nix and with bundled scripts adapted to the read-only nature of - the `/nix/store`. - - `tor-browser-bundle` package is the version built completely from source. It reuses the `tor` - package for the tor daemon, `firefoxPackages.tor-browser` package for the tor-browser, and - builds all the extensions from source. - - Note that `tor-browser-bundle` package is not only built from source, but also bundles Tor - Browser differently from the official `tor-browser-bundle-bin` implementation. The official - Tor Browser is not a normal UNIX program and is heavily patched for its use in the Tor Browser - Bundle (which `tor-browser-bundle-bin` package then has to work around for the read-only - /nix/store). Meanwhile, `firefoxPackages.tor-browser` reverts all those patches, allowing - `firefoxPackages.tor-browser` to be used independently of the bundle, and then implements what - `tor-browser-bundle` needs for the bundling using a much simpler patch. See the - longDescription and expression of the `firefoxPackages.tor-browser` package for more info. - ''; - inherit (tor-browser-unwrapped.meta) homepage platforms license; - hydraPlatforms = [ ]; - maintainers = with maintainers; [ joachifm ]; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index f7191dba0e4..68dfe49545a 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -532,4 +532,9 @@ mapAliases ({ # added 2019-10-28 gnatsd = nats-server; + + # added 2020-01-10 + tor-browser-bundle = throw "tor-browser-bundle was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + # added 2020-01-10 + tor-browser-unwrapped = throw "tor-browser-unwrapped was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; }) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 386ec738ad9..d7b0a046d24 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6793,11 +6793,6 @@ in tor-browser-bundle-bin = callPackage ../applications/networking/browsers/tor-browser-bundle-bin { }; - tor-browser-bundle = callPackage ../applications/networking/browsers/tor-browser-bundle { - stdenv = stdenvNoCC; - tor-browser-unwrapped = firefoxPackages.tor-browser; - }; - touchegg = callPackage ../tools/inputmethods/touchegg { }; torsocks = callPackage ../tools/security/tor/torsocks.nix { }; @@ -19036,7 +19031,6 @@ in firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52; firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; firefox-esr-68-unwrapped = firefoxPackages.firefox-esr-68; - tor-browser-unwrapped = firefoxPackages.tor-browser; icecat-unwrapped = firefoxPackages.icecat; firefox = wrapFirefox firefox-unwrapped { }; -- cgit 1.4.1 From 0e75514442205a4ec7e087652ae842a65b02b907 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 10 Jan 2020 20:19:19 +0100 Subject: firefoxPackages.icecat: mark as insecure It's based on 60.3.0, whose support ended around October 2019. --- pkgs/applications/networking/browsers/firefox/packages.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 61cc6e936d2..54be5fd32b6 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -175,6 +175,7 @@ in { ./no-buildconfig.patch missing-documentation-patch ]; + meta.knownVulnerabilities = [ "Support ended around October 2019." ]; }; # Similarly to firefox-esr-52 above. -- cgit 1.4.1 From 57aed520d8b0461da5369c9f3283529e576ba0d4 Mon Sep 17 00:00:00 2001 From: taku0 Date: Tue, 21 Jan 2020 19:59:34 +0900 Subject: firefox: 72.0.1 -> 72.0.2 --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 54be5fd32b6..3cd72fec7cd 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -16,10 +16,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "72.0.1"; + ffversion = "72.0.2"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "37ryimi6yfpcha4c9mcv8gjk38kia1lr5xrj2lglwsr1jai7qxrcd8ljcry8bg87qfwwb9fa13prmn78f5pzpxr7jf8gnsbvr6adxld"; + sha512 = "13l23p2dqsf2cpdzaydqqq4kbxlc5jxggz9r2i49avn4q9bqx036zvsq512q1hk37bz2bwq8zdr0530s44zickinls150xq14kq732d"; }; patches = [ -- cgit 1.4.1 From 249e3d0ef381945d94ecd69368bb7c333ea084e2 Mon Sep 17 00:00:00 2001 From: taku0 Date: Tue, 21 Jan 2020 20:03:26 +0900 Subject: firefox-esr: 68.4.1esr -> 68.4.2esr --- pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/applications/networking/browsers/firefox/packages.nix') diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 3cd72fec7cd..833b97ba86f 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -100,10 +100,10 @@ rec { firefox-esr-68 = common rec { pname = "firefox-esr"; - ffversion = "68.4.1esr"; + ffversion = "68.4.2esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "3nqchvyr95c9xvz23z0kcqqyx8lskw0lxa3rahiagc7b71pnrk8l40c7327q1wd4y5g16lix0fg04xiy6lqjfycjsrjlfr2y6b51n4d"; + sha512 = "1n7ssx4w5b822bq8zcv6vsy5ph1xjyj9qh6zbnknym5bc0spzk19nrkrpl8a2m26z6xj2lgw1n19gjf4ab6jpfxv3cqq4qwmm0v2fz1"; }; patches = [ -- cgit 1.4.1