From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: Re: texmaker, Qt and Chromium Date: Sat, 8 Oct 2016 23:53:56 +0200 Message-ID: <20161008235356.231b240b@scratchpost.org> References: <877f9kufxx.fsf@elephly.net> <871szrurco.fsf@elephly.net> <87oa2u8r1t.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37857) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bszZF-0001ph-0z for guix-devel@gnu.org; Sat, 08 Oct 2016 17:54:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bszZA-0001bK-1m for guix-devel@gnu.org; Sat, 08 Oct 2016 17:54:04 -0400 In-Reply-To: <87oa2u8r1t.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Roel Janssen Cc: guix-devel On Sat, 08 Oct 2016 23:35:53 +0200 Roel Janssen wrote: > Ouch. I was the one who submitted the package when the Qt modules > weren't unbundled yet (I guess). Ah. There are two calls QDesktopServices::openUrl commented out. You can put them back in and remove the instantiations of the Browser class right above (if you patch carefully, you actually change very little). It works. If you want you can also send your patch upstream and everyone will have a little better security. Maybe it makes it into the next release of texmaker. > What's next? Throw the calibre package out of the window too because > it's broken for GNU Guix users? calibre had bad security problems [1] in the past (and also fixed them badly) and I wouldn't use it outside a VM. I can't speak on what Guix does, of course. I'm just pointing out that these happen to be two packages where using them is not wise. [1] https://bugs.launchpad.net/calibre/+cve