From me at the-compiler.org Thu Jul 2 22:31:46 2015 From: me at the-compiler.org (Florian Bruhin) Date: Thu, 2 Jul 2015 22:31:46 +0200 Subject: This week's qutebrowser updates Message-ID: <20150702203146.GK22364@tonks> Hi, Apparently it's been two weeks since the last update mail already... whoops! Overview -------- (from the last week) Excluding merges, 4 authors have pushed 42 commits to master and 55 commits to all branches. On master, 71 files have changed and there have been 2,176 additions and 2,066 deletions. 4 Pull requests merged by 4 people 1 Pull request proposed by 1 person 8 Issues closed by 2 people 5 Issues created by 2 people https://github.com/The-Compiler/qutebrowser/pulse Added ----- - Alt-Backspace is now bound to rl-unix-word-rubout by default. - The version info now displays the desktop environment and used style. - New completion -> auto-open option to only open the completion if tab is pressed. Thanks to Carpetsmoker for the initial pull request. Changed ------- - pkg_resources instead of distutils is used to compare versions, which should work better in some edge cases. - When entering caret mode with a text selected, the caret is positioned at the current selection's position instead of the top of the page. - The version output with --version is now shorter. - The default for new-instance-open-target is now 'tab'. Fixed ----- - Hopefully fixed a crash on Windows when pinning qutebrowser to the taskbar and starting it. - The javascript folder (needed for caret mode) now gets included properly when freezing (e.g. windows executables). - Using {foo} in search engine URLs no longer causes a crash. - Various fixes regarding updating of the zoom position. - Fixed a bug where all tabs showed the title of the first one. Thanks to Franz Fellner for the fix! - There's no longer a 'scripts' package installed with qutebrowser. - Scroll position and zoom are now properly stored for each item in a session. Under the hood -------------- - Tests now also run in a frozen environment. - Building of Windows executables now use a virtualenv to make sure all dependencies are present in the right version. - Fixed tests with Qt 5.5. - Various updates of testing tools. - Various documentation and spelling fixes. Florian -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From me at the-compiler.org Wed Jul 8 07:38:03 2015 From: me at the-compiler.org (Florian Bruhin) Date: Wed, 8 Jul 2015 07:38:03 +0200 Subject: This week's qutebrowser updates Message-ID: <20150708053803.GF22364@tonks> Hi, Not too much interesting stuff this week, as I'm busy with preparing for my EuroPython talk[1] and other stuff. [1] https://ep2015.europython.eu/conference/talks/pytest-simple-rapid-and-fun-testing-with-python Overview -------- Excluding merges, 2 authors have pushed 20 commits to master and 22 commits to all branches. On master, 20 files have changed and there have been 871 additions and 303 deletions. 3 Pull requests merged by 2 people 3 Issues closed by 1 person 1 Issue created by 1 person https://github.com/The-Compiler/qutebrowser/pulse Changed ------- - The backspace default binding has been removed as it was annoying when pressing backspace while accidentally not in insert mode. - Scrolling now aborts when the beginning/end of the page has been reached, which causes qutebrowser not to hang when doing something like 20000j. - Downloading to a special file (FIFO, device, etc.) now asks for confirmation as it could cause qutebrowser to hang. Thanks to Carpetsmoker for the contribution! Fixed ----- - Adjusted scripts/importer.py to not show a warning with BeautifulSoup 4.4.0. Under the hood -------------- - Various improvements for tests and new tests. Florian -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From me at the-compiler.org Wed Jul 8 14:01:28 2015 From: me at the-compiler.org (Florian Bruhin) Date: Wed, 8 Jul 2015 14:01:28 +0200 Subject: Fwd: [arch-security] [ASA-201507-7] flashplugin: remote code execution Message-ID: <20150708120128.GJ22364@tonks> FYI - update your flash player, or leave allow-plugins set to false ;) Florian ----- Forwarded message from Remi Gacogne ----- Arch Linux Security Advisory ASA-201507-7 ========================================= Severity: Critical Date : 2015-07-08 CVE-ID : CVE-2015-5119 Package : flashplugin Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.481-1 is vulnerable to remote code execution. Resolution ========== Upgrade to 11.2.202.481-1. # pacman -Syu "flashplugin>=11.2.202.481-1" The problem has been fixed upstream in version 11.2.202.481. Workaround ========== None. Description =========== A critical vulnerability (use-after-free in the AS3 ByteArray class) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Impact ====== A remote attacker can execute arbitrary code on the affected host using a crafted flash application. References ========== https://access.redhat.com/security/cve/CVE-2015-5119 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html https://www.kb.cert.org/vuls/id/561288 http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ ----- End forwarded message ----- -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From me at the-compiler.org Thu Jul 16 16:15:41 2015 From: me at the-compiler.org (Florian Bruhin) Date: Thu, 16 Jul 2015 16:15:41 +0200 Subject: Fwd: [arch-security] [ASA-201507-13] flashplugin: arbitrary code execution Message-ID: <20150716141541.GH18503@tonks> I don't think I have to comment on this anymore, but it might be nice to know if you didn't already ;) ----- Forwarded message from Levente Polyak ----- Arch Linux Security Advisory ASA-201507-13 ========================================== Severity: Critical Date : 2015-07-16 CVE-ID : CVE-2015-5122 CVE-2015-5123 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.491-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.491-1. # pacman -Syu "flashplugin>=11.2.202.491-1" The problems have been fixed upstream in version 11.2.202.491. Workaround ========== None. Description =========== - CVE-2015-5122 (arbitrary code execution) Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property. - CVE-2015-5123 (arbitrary code execution) Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function. Impact ====== A remote attacker is able to use a specially crafted flash application to execute arbitrary code. References ========== https://helpx.adobe.com/security/products/flash-player/apsb15-18.html https://access.redhat.com/security/cve/CVE-2015-5122 https://access.redhat.com/security/cve/CVE-2015-5123 ----- End forwarded message ----- -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From me at the-compiler.org Thu Jul 16 19:02:49 2015 From: me at the-compiler.org (Florian Bruhin) Date: Thu, 16 Jul 2015 19:02:49 +0200 Subject: This week's qutebrowser updates Message-ID: <20150716170249.GJ18503@tonks> Hi, There still not too much going on as: a) it's too hot to think b) I was busy with my EuroPython talk c) it's too hot to think d) I'm working on some improvements to some tools qutebrowser uses. e) it's too hot to think Development will probably get more interesting in August again :) Overview -------- Excluding merges, 5 authors have pushed 15 commits to master and 29 commits to all branches. On master, 13 files have changed and there have been 188 additions and 98 deletions. 2 Pull requests proposed by 2 people 3 Issues closed by 2 people 11 Issues created by 2 people https://github.com/The-Compiler/qutebrowser/pulse Changed ------- - Various user-friendlyness improvements and QtWebEngine support for minimal_webkit_testbrowser. - link_pyqt.py was improved to hopefully work better on various untested distributions. Fixed ----- - The OS X-only tests now actually run under OS X. - Fixed a crash when an invalid quickmark entry was found or an invalid URL was given on startup. Under the hood -------------- - The tests were fixed on machines with non-english locales Florian -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From z1693060 at students.niu.edu Sat Jul 18 14:44:21 2015 From: z1693060 at students.niu.edu (Abraham Baker) Date: Sat, 18 Jul 2015 07:44:21 -0500 Subject: SSL errors, no certificate? Message-ID: Hi, I switched over to qutebrowser from firefox, and so far everything works well except for a website that I access daily from an email list. When I click the link in the daily email, I get an error about 'this site contains ssl errors' and 'no certificates found'. When I set ssl-strict to false, the site loads but I am not automatically logged in as usual. This site works as expected in firefox. Could there be some certificate available to firefox (since I signed up for this daily email in FF)? Or is there some other setting I'm missing? -------------- next part -------------- An HTML attachment was scrubbed... URL: From z1693060 at students.niu.edu Sun Jul 19 14:07:31 2015 From: z1693060 at students.niu.edu (Abraham Baker) Date: Sun, 19 Jul 2015 07:07:31 -0500 Subject: Login language error? Message-ID: Hi, Another bug I'm experiencing in qute but not FF: when I try to log into my university's website, it always fails once with a message saying something like 'login failed since database does not support language selected'. I've tried setting accept-language to en, en-US, and ENG, but the message still appears. Not that bad of a problem, since the login works when I try again. Could it be due to not having set a user-agent? What setting/s are relevant in FF that I could compare the qutebrowser settings with? -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin at arp242.net Mon Jul 20 12:19:26 2015 From: martin at arp242.net (Martin Tournoij) Date: Mon, 20 Jul 2015 12:19:26 +0200 Subject: SSL errors, no certificate? In-Reply-To: References: Message-ID: <1437387566.65946.328032369.1B2FAE84@webmail.messagingengine.com> On Sat, Jul 18, 2015, at 14:44, Abraham Baker wrote: > Hi, > > I switched over to qutebrowser from firefox, and so far everything works > well except for a website that I access daily from an email list. > > When I click the link in the daily email, I get an error about 'this site > contains ssl errors' and 'no certificates found'. When I set ssl-strict to > false, the site loads but I am not automatically logged in as usual. This > site works as expected in firefox. > > Could there be some certificate available to firefox (since I signed up for > this daily email in FF)? Or is there some other setting I'm missing? If setting 'ssl-strict' to 'false' fixes the issue, then that means that either the certificate is not a very good certificate, or that the SSL/TLS connection the server offers isn't very good :-) It' rather difficult to say anything more specific about this, as you didn't mention which site is having problems ;-) There are a whole bunch of SSL test tools out there. Running one of those usually gives you a clue as to what's wrong. Here's a list: https://duckduckgo.com/?q=ssl%20test Martin From martin at arp242.net Mon Jul 20 12:21:32 2015 From: martin at arp242.net (Martin Tournoij) Date: Mon, 20 Jul 2015 12:21:32 +0200 Subject: Login language error? In-Reply-To: References: Message-ID: <1437387692.66172.328035657.4790E37A@webmail.messagingengine.com> On Sun, Jul 19, 2015, at 14:07, Abraham Baker wrote: > Hi, > > Another bug I'm experiencing in qute but not FF: when I try to log into my > university's website, it always fails once with a message saying something > like 'login failed since database does not support language selected'. > > I've tried setting accept-language to en, en-US, and ENG, but the message > still appears. Not that bad of a problem, since the login works when I try > again. > > Could it be due to not having set a user-agent? What setting/s are > relevant in FF that I could compare the qutebrowser settings with? Could be. This is a message generated on the server. I can't see this code and can't tell you why this message is being displayed... You can use this to see which headers are being sent: http://httpbin.org/headers Martin From z1693060 at students.niu.edu Mon Jul 20 22:21:28 2015 From: z1693060 at students.niu.edu (Abraham Baker) Date: Mon, 20 Jul 2015 15:21:28 -0500 Subject: Youtube (HTML5 player) doesn't go to fullscreen Message-ID: Hi, When I go to any youtube video and try to make it fullscreen, nothing happens. The button that increases the video size (by moving the 'next videos' bar) does work. F11 makes the WM UI go away (even though there's not much to it :), but it doesn't make the video fullscreen. (I'm using the Awesome WM with Arch, and I'm not using a compositor since I had issues with compton before) Is there some setting I forgot to set or a dependency I didn't install? I noticed during the Arch AUR git installation I had to install python-pypeg manually before makepkg -s would even run. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shaggytwodope at teknik.io Mon Jul 20 22:35:52 2015 From: shaggytwodope at teknik.io (John Jenkins) Date: Mon, 20 Jul 2015 13:35:52 -0700 Subject: Youtube (HTML5 player) doesn't go to fullscreen In-Reply-To: References: Message-ID: <20150720203552.GA16361@caritas> On Mon, Jul 20, 2015 at 03:21:28PM -0500, Abraham Baker wrote: > Hi, > > When I go to any youtube video and try to make it fullscreen, nothing > happens. The button that increases the video size (by moving the 'next > videos' bar) does work. > > F11 makes the WM UI go away (even though there's not much to it :), but it > doesn't make the video fullscreen. (I'm using the Awesome WM with Arch, > and I'm not using a compositor since I had issues with compton before) > > Is there some setting I forgot to set or a dependency I didn't install? I > noticed during the Arch AUR git installation I had to install python-pypeg > manually before makepkg -s would even run. This is a known bug/issue in qtwebkit. https://github.com/The-Compiler/qutebrowser/issues/350 -- John "ShaggyTwoDope" Jenkins -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: not available URL: From z1693060 at students.niu.edu Tue Jul 21 00:03:48 2015 From: z1693060 at students.niu.edu (Abraham Baker) Date: Mon, 20 Jul 2015 17:03:48 -0500 Subject: Youtube (HTML5 player) doesn't go to fullscreen In-Reply-To: <20150720203552.GA16361@caritas> References: <20150720203552.GA16361@caritas> Message-ID: Any chance fullscreen might be included in future versions of qtwebkit? On Mon, Jul 20, 2015 at 3:35 PM, John Jenkins wrote: > On Mon, Jul 20, 2015 at 03:21:28PM -0500, Abraham Baker wrote: > > Hi, > > > > When I go to any youtube video and try to make it fullscreen, nothing > > happens. The button that increases the video size (by moving the 'next > > videos' bar) does work. > > > > F11 makes the WM UI go away (even though there's not much to it :), but > it > > doesn't make the video fullscreen. (I'm using the Awesome WM with Arch, > > and I'm not using a compositor since I had issues with compton before) > > > > Is there some setting I forgot to set or a dependency I didn't install? > I > > noticed during the Arch AUR git installation I had to install > python-pypeg > > manually before makepkg -s would even run. > This is a known bug/issue in qtwebkit. > https://github.com/The-Compiler/qutebrowser/issues/350 > -- > John "ShaggyTwoDope" Jenkins > -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at seir.ch Tue Jul 21 00:21:31 2015 From: me at seir.ch (Rudi Seitz) Date: Tue, 21 Jul 2015 00:21:31 +0200 Subject: Youtube (HTML5 player) doesn't go to fullscreen In-Reply-To: References: <20150720203552.GA16361@caritas> Message-ID: <20150721002131.a685475a5cbb7b67ca241d3b@seir.ch> > On Mon, 20 Jul 2015 17:03:48 -0500 > Abraham Baker wrote: > > Any chance fullscreen might be included in future versions of qtwebkit? Hardly; the Qt developers are focussing on the Qt WebEngine. "[..] While we no longer will do any feature development in Qt WebKit, the existing version will continue to be available [..]" Source: https://blog.qt.io/blog/2013/09/12/introducing-the-qt-webengine/ But fortunately, sooner or later, qutebrowser will make the transition to the new web rendering engine. -- Powered by schokokeks.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: not available URL: From me at the-compiler.org Tue Jul 21 09:51:25 2015 From: me at the-compiler.org (Florian Bruhin) Date: Tue, 21 Jul 2015 09:51:25 +0200 Subject: Youtube (HTML5 player) doesn't go to fullscreen In-Reply-To: References: Message-ID: <20150721075124.GU18503@tonks> * Abraham Baker [2015-07-20 15:21:28 -0500]: > When I go to any youtube video and try to make it fullscreen, nothing > happens. The button that increases the video size (by moving the 'next > videos' bar) does work. As others have mentioned, that's a missing feature in QtWebKit. I recommend binding a key to open videos in a real video player like mpv - see the FAQ[1] (9.) for details. [1] https://github.com/The-Compiler/qutebrowser/blob/master/FAQ.asciidoc > I noticed during the Arch AUR git installation I had to install > python-pypeg manually before makepkg -s would even run. That's because that's an AUR package as well, and makepkg doesn't know about the AUR. When using an AUR helper[2], that should resolve this dependency for you. [2] https://wiki.archlinux.org/index.php/AUR_Helpers Florian -- http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From z1693060 at students.niu.edu Tue Jul 21 14:37:35 2015 From: z1693060 at students.niu.edu (Abraham Baker) Date: Tue, 21 Jul 2015 07:37:35 -0500 Subject: Youtube (HTML5 player) doesn't go to fullscreen In-Reply-To: <20150721075124.GU18503@tonks> References: <20150721075124.GU18503@tonks> Message-ID: The mpv solution works perfectly! Thanks! I think that actually works better than the native fullscreen because I could tile several borderless videos and make a video wall if I wanted to :) On Tue, Jul 21, 2015 at 2:51 AM, Florian Bruhin wrote: > * Abraham Baker [2015-07-20 15:21:28 -0500]: > > When I go to any youtube video and try to make it fullscreen, nothing > > happens. The button that increases the video size (by moving the 'next > > videos' bar) does work. > > As others have mentioned, that's a missing feature in QtWebKit. > > I recommend binding a key to open videos in a real video player like > mpv - see the FAQ[1] (9.) for details. > > [1] https://github.com/The-Compiler/qutebrowser/blob/master/FAQ.asciidoc > > > I noticed during the Arch AUR git installation I had to install > > python-pypeg manually before makepkg -s would even run. > > That's because that's an AUR package as well, and makepkg doesn't know > about the AUR. When using an AUR helper[2], that should resolve this > dependency for you. > > [2] https://wiki.archlinux.org/index.php/AUR_Helpers > > Florian > > -- > http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP) > GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc > I love long mails! | http://email.is-not-s.ms/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: