Qutebrowser

Fixed

- Segmentation fault introduced in v1.8.2 when a tab gets closed immediately
after it has finished loading (e.g. with certain login flows).

Changed

- Windows/macOS releases now ship with Qt 5.12.6. This includes security fixes
up to Chromium 77.0.3865.120 plus a security fix for CVE-2019-13720 from
Chromium 78.

Fixed

- Unbinding keys via `config.bind(key, None)` accidentally worked in
v1.7.0 but raises an exception in v1.8.0. It now works again, but is
deprecated and shows an error. Note that `:config-py-write` did write
such invalid lines before v1.8.0, so existing config files might need
adjustments.
- The `readability-js` userscript now handles encodings correctly (which it
didn't before for some websites).
- <Shift-Insert> can now be used to paste text starting with a hyphen.
- Following hints via the number keypad now works properly again.
- Errors while reading the state file are now displayed instead of causing a
crash.
- Crash when using `:debug-log-level` without a console attached.
- Downloads are now hidden properly when the browser is in fullscreen mode.
- Crash when setting `colors.webpage.bg` to an empty value with QtWebKit.
- Crash when the history database file is not a proper sqlite database.
- Workaround for missing/broken error pages on Debian.
- A deprecation warning (caused by pywin32) about the imp module on Windows is
now hidden.

- No code changes - this release only repackages the Windows/macOS
releases due to issues with the v1.8.0 release.
- Updated dependencies for Windows/macOS releases:
* macOS and Windows releases now ship with Qt/QtWebEngine 5.12.5. Those
are based on Chromium 69.0.3497.128 with security fixes up to Chromium
76.0.3809.87.
* Qt 5.13 couldn't be used yet due to various bugs in Qt 5.13.0 and .1.

**The Windows/macOS releases were pulled because of issues with the bundled Qt versions. Use the v1.8.1 release there instead.**

Added

- New userscripts:
* `readability-js` which uses Mozilla's node.js readability library.
* `qute-bitwarden` which integrates the Bitwarden CLI.

Changed

- Updated dependencies for Windows/macOS releases:
* macOS releases now ship with Qt 5.13.0 and QtWebEngine 5.13.1. Those are
based on Chromium 73.0.3683.105 with security fixes up to Chromium 76.0.3809.87.
* Windows releases now ship with Qt/QtWebEngine 5.12.5. Those are based on
Chromium 69.0.3497.128 with security fixes up to Chromium 76.0.3809.87.
* Those specific combinations were chosen due to various issues with newer Qt
releases. Hopefully, those will be unified again with Qt 5.13.2.
- The statusbar text for passthrough mode now shows all configured bindings to
leave the mode, not only one.
- When `:config-source` is used with a relative filename, the file is now
searched in the config directory instead of the current working directory.
- HTML5 inputs with date/time types now enter insert mode when selected.
- `dictcli.py` now shows where dictionaries are installed to and complains when
running it as root if doing so would result in a wrong installation path.
- The Makefile now can also run `setup.py build` when invoked without a target.
- Changes to userscripts:
* qute-pass: Don't run `pass` if only a username is requested.
* qute-pass: Support private domains like `myrouter.local`.
* readability: Improved CSS styling.
- Performance improvements in various areas:
* Loading config files
* Typing without any completion matches
* General keyboard handling
* Scrolling
- `:version` now shows details about the loaded autoconfig.yml/config.py.
- Hosts are now additionally looked up including their ports in netrc files.
- With Qt 5.10 or newer, qutebrowser now doesn't force software rendering with
Nouveau drivers anymore. However, QtWebEngine/Chromium still do so.
- The XSS Auditor is now disabled by default (`content.xss_auditing` =
`false`). This reflects a similar change in Chromium, see
their [XSS Auditor Design Document](https://www.chromium.org/developers/design-documents/xss-auditor) for details.

Fixed

- `:config-write-py` now correctly writes `config.unbind(...)` lines (instead
of `config.bind(..., None)`) when unbinding a default keybinding.
- Prevent repeat keyup events for JavaScript when a key is held down.
- The Makefile now rebuilds the manpage correctly.
- `~/.config/qutebrowser/blocked-hosts` can now also contain /etc/hosts-like
lines, not just simple hostnames.
- Restored compatibility with Jinja2 2.8 (e.g. used on Debian Stretch or Ubuntu
16.04 LTS).
- Fixed implicit type conversion warning with Python 3.8.
- The desktop file now sets `StartupWMClass` correctly, so the qutebrowser icon
is no longer shown twice in the Gnome dock when pinned.
- Bindings involving keys which need the AltGr key now work properly.
- Fixed crash (caused by a Qt bug) when typing characters above the Unicode BMP
(such as certain emoji or CJK characters).
- `dictcli.py` now works properly again.
- Shift can now be used while typing hint keystrings, which e.g. allows typing
number hints on French keyboards.
- With rapid hinting in number mode, backspace now edits the filter text after
following a hint.
- A certain type of error ("locking protocol") while initializing sqlite now
isn't handled as crash anymore.
- Crash when showing a permission request in certain scenarios.

Removed

- At least Python 3.5.2 is now required to run qutebrowser, support for 3.5.0
and 3.5.1 was dropped.

Added

- New settings:
* `colors.tabs.pinned.*` to control colors of pinned tabs.
* `hints.leave_on_load` which allows disabling leaving of hint mode when a
new page is loaded.
* `colors.completion.item.selected.match.fg` which allows configuring the
text color for the matching text in the currently selected completion item.
* `tabs.undo_stack_size` to limit how many undo entries are kept for closed tabs.
- New commands:
* `:reverse-selection` (`o` in caret mode) to swap the stationary/moving ends
of a selection.
- New commandline replacements:
* `{url:domain}`, `{url:auth}`, `{url:scheme}`, `{url:username}`,
`{url:password}`, `{url:host}`, `{url:port}`, `{url:path}`, `{url:query}`
for the respective parts of the current URL.
* `{title}` for the current page title.
- The `{title}` field in `tabs.title.format`, `tabs.title.format_pinned` and
`window.title_format` got renamed to `{current_title}` (mirroring
`{current_url}`) in order to not conflict with the new `{title}` commandline
replacement.
- New `delete` target for `:hint` which removes the hinted element from
the DOM.
- New `--config-py` commandline argument to use a custom `config.py` file.
- Qt 5.13: Support for notifications (shown via system tray).

Changed

- Updated dependencies for Windows/macOS releases:
- PyQt5 5.12.3 / PyQtWebEngine 5.12.1
- Qt 5.12.4, which includes security fixes up to Chromium 74.0.3729.157
- Python 3.7.4
- OpenSSL 1.1.1
- Note: This release includes Qt 5.12.4 instead of Qt 5.13.0 due to
[QTBUG-76913](https://bugreports.qt.io/browse/QTBUG-76913) causing frequent
segfaults with Qt 5.13. After Qt 5.13.1 is released, qutebrowser v1.8.0
will be released with an updated Qt.
- Completely revamped Windows installer which allows installing without admin
permissions and allows setting qutebrowser as default browser.
- The desktop file `qutebrowser.desktop` is now renamed to
`org.qutebrowser.qutebrowser.desktop`.
- Pinned tabs now always show a favicon (even if the site doesn't provide one)
when shrinking.
- Setting `downloads.location.directory` now changes the directory displayed in
the download prompt even if `downloads.location.remember` is set.
- The `yank` command gained a new `inline` argument, which allows to e.g. use
`:yank inline [{title}]({url})`.
- Duplicate consecutive history entries with the same URL are now ignored.
- More detailed error messages when spawning a process failed.
- The `content.pdfjs` setting now supports domain patterns.
- Improved process status output with `:spawn -o`.
- The `colors.tabs.bar.bg` setting is now of type `QssColor` and thus supports
gradients.
- The `:fullscreen` command now understands a new `--enter` flag which
causes it to always enter fullscreen instead of toggling the current
state.
- `--debug-flag stack` is now needed to show stack traces on renderer process
crashes.
- `--debug-flag chromium` can be used to easily turn on verbose Chromium logging.
- For runtime data (such as the IPC socket), a proper runtime path is now used
on BSD; only macOS/Windows continue to use the temporary directory.
- PDF.js is now also searched in `/app/share/pdf.js/` (for Flatpak)
- Permission prompts can now be answered with `Y` (`:prompt-accept --save yes`)
and `N` (`:prompt-accept --save no`) to save the answer as a per-domain
setting.
- `content.dns_prefetch` is now turned off by default, as it causes crashes
inside QtWebEngine.
- The (still unofficial) interceptor plugin API now contains `resource_type`
for a request and allows redirecting requests.
- `:bookmark-remove` now shows a message for consistency with `:bookmark-add`.
- Very early segfaults are now also caught by the crash handler.
- The appdata XML now contains proper release information and an (empty) OARS
content rating.
- Improved Linux distribution detection.
- Qt 5.13: Request filtering now happens in the UI rather than IO thread.
- Qt 5.13: Support for PDFium (Chromium's PDF viewer) is disabled for now so
that PDFs can still be downloaded (or shown with PDF.js) properly.
- Various performance improvements (e.g. for showing hints or the :open
completion).

Deprecated

- `:yank markdown` got deprecated, as `:yank inline [{title}]({url})` can now
be used instead.

Fixed

- Various QtWebEngine load signals are now handled differently, which should
fix issues with insert mode being left while typing on sites like Google
Translate.
- Race condition causing a colored statusbar in normal mode when
entering/exiting caret mode quickly.
- Using `100%` for a hue in a `hsv(...)` config value now corresponds to 359
(rather than 255), matching the fixed behavior in Qt 5.13.
- Chaining commands with `;;` used to abort with some failing commands. It now
runs the second command no matter whether the first one succeeded or not.
- Handling of profiles and private windows (and resulting crashes with Qt
5.12.2).
- Fixes for corner-cases when using `:navigate increment/decrement`.
- The type for the `colors.hints.match.fg` setting was changed to `QtColor`.
Gradients were never supported for this setting, and with this change, values
like `rgb(0, 0, 0)` now work as well.
- Permission prompts now show a properly normalized URL with QtWebKit.
- Crash on start when PyQt was built without SSL support with Qt >= 5.12.
- Minor memory leaks.

Fixed

- Crash when hinting and changing/closing the tab before hints are displayed.
- Crash on redirects with Qt 5.13.
- Hide bogus `AA_ShareOpenGLContexts` warning with Qt 5.12.4.
- Workaround for renderer process crashes with Qt 5.12.4. If you're unable to update, you can remove `~/.cache/qutebrowser` for the same result.