@ponchale Rather than fixing CVE-2024-9680, you are wasting time arguing. Feel free to flag when there is a new release so that the notice can be unpinned and the package updated.
Update: Issue fixed in 11.4.1, released 2024-10-31.
Git Clone URL: | https://aur.archlinux.org/midori.git (read-only, click to copy) |
---|---|
Package Base: | midori |
Description: | Web browser based on Floorp |
Upstream URL: | https://github.com/goastian/midori-desktop |
Licenses: | MPL-2.0 |
Submitter: | polyzen |
Maintainer: | xiota |
Last Packager: | xiota |
Votes: | 1 |
Popularity: | 0.060840 |
First Submitted: | 2024-03-10 01:44 (UTC) |
Last Updated: | 2024-11-03 17:36 (UTC) |
@ponchale Rather than fixing CVE-2024-9680, you are wasting time arguing. Feel free to flag when there is a new release so that the notice can be unpinned and the package updated.
Update: Issue fixed in 11.4.1, released 2024-10-31.
I am aware of the times I am part of the Midori team, but if you are not going to be impartial in your work of packaging, please relieve your function, we do not tell you how to do your job, respect ours, Midori was 4 months without updating due to the strategy of our entire ecosystem polishing VPN, search engine etc it was not neglected we were working passively on it, Now the activity of updates has returned, so I thank you for maintaining your partial position.
If you decided to package Midori to make passive aggressive comments I appreciate you relieving the function, someone neutral you want to contribute, all projects even Floorp has lasted weeks many times without a commit that does not mean that it has been abandoned or will not be updated.
Thank you.
@ponchale There are new Firefox ESR releases every month with security updates, yet there was a four-month gap between the most recent Midori releases.
"There have been "reports of [CVE-2024-9680] being exploited in the wild." Waiting an indefinite amount of time for it to be fixed is not in users' best interests.
Your impartiality as a packager is evident, Midori is being updated, take care of the packaging and we take care of the development of the browser.
At the time of this writing, Midori has not been updated for CVE-2024-9680. There have been "reports of this vulnerability being exploited in the wild."
Update: Fixed in 38bb05d, included in release 11.4.1.
@BuZZ-dEE You have to remove conflicting packages manually. Don't use --noconfirm
. That said:
Conflicts during install.
paru -S --noconfirm midori
:: Resolving dependencies...
:: Calculating conflicts...
:: Calculating inner conflicts...
:: Conflicts found:
rustup: rust (cargo) rust (rustfmt) rust rust (cargo) rust (rustfmt)
:: Conflicting packages will have to be confirmed manually
error: can not install conflicting packages with --noconfirm
@saltedcoffii xwayland-run
is a makedep. It is not used during runtime. It is used to profile the binary to improve runtime performance (PGO).
There are variables at the beginning of the PKGBUILD you can edit to alter build parameters.
Hi! Please add xwayland-run
as an optional dependency rather than a required dependency for users that do not use wayland.
Thank you!
Build failed with ModuleNotFoundError: No module named 'distutils'
'cause of "Of note, the distutils package has been removed from the standard library." (https://docs.python.org/3/whatsnew/3.12.html)
Pinned Comments
xiota commented on 2024-03-19 12:30 (UTC) (edited on 2024-05-18 08:24 (UTC) by xiota)
Midori 11.x.y is based on Floorp.
For Midori 9.x, based on WebKit, use
PKGBUILD.midori-classic
.If you have problems building, try building in a clean chroot.
Some options are available:
_build_pgo=false makepkg
– Build without PGO. Faster compilation, but reduced performance._build_pgo_reuse=false makepkg
– Make a new profile. Can delete the old profile for similar effect._build_pgo_xvfb=true makepkg
– Usexvfb
for profiling.This package reuses the previously created PGO profile to reduce rebuild times while retaining most of the performance benefit of PGO. Generate a new profile when:
Avoid flagging and commenting at the same time for the same issue.