Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 4a739220a298
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 39f9b468687b
Choose a head ref
  • 2 commits
  • 5 files changed
  • 4 contributors

Commits on Jan 10, 2020

  1. firefoxPackages.tor-browser*, tor-browser-bundle: remove 

    These are all based on firefox versions with known vulnerabilities
exploited in the wild.

We seriously shouldn't ship this in nixpkgs, especially not for
sensitive applications as the Tor Browser.

`tor-browser-bundle` is just a wrapper around
`firefoxPackages.tor-browser`, so let's remove it too.

`tor-browser-bundle-bin` is the much safer bet, which is individually
downloaded from `dist.torproject.org` and just `patchelf`-ed locally to
work on NixOS.

Co-Authored-By: Alyssa Ross <hi@alyssa.is>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
Co-Authored-By: Graham Christensen <graham@grahamc.com>
    @flokli @alyssais
    @andir @grahamc
    4 people committed Jan 10, 2020
    Copy the full SHA
    1efaa03 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #77452 from flokli/tor-remove-insecure 

    firefoxPackages.tor-browser*, tor-browser-bundle: remove
    @flokli
    flokli committed Jan 10, 2020
    Copy the full SHA
    39f9b46 View commit details
    Browse the repository at this point in the history