* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. @ 2024-12-02 12:20 Roman Scherer 2024-12-02 14:31 ` André Batista 2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher 0 siblings, 2 replies; 6+ messages in thread From: Roman Scherer @ 2024-12-02 12:20 UTC (permalink / raw) To: 74648 Cc: Roman Scherer, André Batista, Clément Lassieur, Jonathan Brielmaier, Mark H Weaver * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd --- gnu/packages/librewolf.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 5d432cfad8..42d212e9f9 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -605,7 +605,7 @@ (define-public librewolf (substitute* desktop-file (("^Exec=@MOZ_APP_NAME@") (string-append "Exec=" - #$output "/bin/librewolf")) + #$output "/bin/librewolf %u")) (("@MOZ_APP_DISPLAYNAME@") "LibreWolf") (("@MOZ_APP_REMOTINGNAME@") base-commit: 2756c660fb2d9e2fe3e1fd0898e4d7038c8273c7 -- 2.46.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. 2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer @ 2024-12-02 14:31 ` André Batista 2024-12-02 15:29 ` Roman Scherer 2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher 1 sibling, 1 reply; 6+ messages in thread From: André Batista @ 2024-12-02 14:31 UTC (permalink / raw) To: Roman Scherer; +Cc: Mark H Weaver, Jonathan Brielmaier, 74648, Ian Eure Hi Roman, seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou: > * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. > > Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd > --- > gnu/packages/librewolf.scm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm > index 5d432cfad8..42d212e9f9 100644 > --- a/gnu/packages/librewolf.scm > +++ b/gnu/packages/librewolf.scm > @@ -605,7 +605,7 @@ (define-public librewolf > (substitute* desktop-file > (("^Exec=@MOZ_APP_NAME@") > (string-append "Exec=" > - #$output "/bin/librewolf")) > + #$output "/bin/librewolf %u")) > (("@MOZ_APP_DISPLAYNAME@") > This was its previous state and was removed on commit 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. Copying Ian, who was the author of that change and has been maintaining Librewolf. Cheers! ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. 2024-12-02 14:31 ` André Batista @ 2024-12-02 15:29 ` Roman Scherer 2024-12-02 16:30 ` Ian Eure 0 siblings, 1 reply; 6+ messages in thread From: Roman Scherer @ 2024-12-02 15:29 UTC (permalink / raw) To: André Batista Cc: Mark H Weaver, Roman Scherer, Jonathan Brielmaier, 74648, Ian Eure [-- Attachment #1: Type: text/plain, Size: 1724 bytes --] André Batista <nandre@riseup.net> writes: Hi André, thanks for taking a look. So this is fixing a security issue? Which one exactly? Is it this one? CVE-2024-10462: Origin of permission prompt could be spoofed by long URL Are we planning todo the same for Icecat? If so, could we have a variant of the browsers in Guix that are less hardened, and would allow opening URLs? I'm using Slack via Flatpack and not being able to open URLs from there or other applications with my browser is a bit tedious. Roman > Hi Roman, > > seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou: >> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. >> >> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >> --- >> gnu/packages/librewolf.scm | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm >> index 5d432cfad8..42d212e9f9 100644 >> --- a/gnu/packages/librewolf.scm >> +++ b/gnu/packages/librewolf.scm >> @@ -605,7 +605,7 @@ (define-public librewolf >> (substitute* desktop-file >> (("^Exec=@MOZ_APP_NAME@") >> (string-append "Exec=" >> - #$output "/bin/librewolf")) >> + #$output "/bin/librewolf %u")) >> (("@MOZ_APP_DISPLAYNAME@") >> > > This was its previous state and was removed on commit > 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. > > Copying Ian, who was the author of that change and has been maintaining > Librewolf. > > Cheers! [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 519 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. 2024-12-02 15:29 ` Roman Scherer @ 2024-12-02 16:30 ` Ian Eure 2024-12-03 9:31 ` Roman Scherer 0 siblings, 1 reply; 6+ messages in thread From: Ian Eure @ 2024-12-02 16:30 UTC (permalink / raw) To: Roman Scherer Cc: André Batista, Mark H Weaver, Jonathan Brielmaier, 74648 Hi Roman, André, Roman Scherer <roman@burningswell.com> writes: > André Batista <nandre@riseup.net> writes: > > Hi André, > > thanks for taking a look. So this is fixing a security issue? > Which one > exactly? Is it this one? > This isn’t a security issue, the concern was created in a change which also had security updates. The current nature of the browser ecosystem means nearly every Firefox update contains security fixes, so presence of them isn’t a very useful signal. > >> Hi Roman, >> >> seg 02 dez 2024 às 13:20:20 (1733156420), >> roman@burningswell.com enviou: >>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec >>> option to open URLs. >>> >>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >>> --- >>> gnu/packages/librewolf.scm | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/gnu/packages/librewolf.scm >>> b/gnu/packages/librewolf.scm >>> index 5d432cfad8..42d212e9f9 100644 >>> --- a/gnu/packages/librewolf.scm >>> +++ b/gnu/packages/librewolf.scm >>> @@ -605,7 +605,7 @@ (define-public librewolf >>> (substitute* desktop-file >>> (("^Exec=@MOZ_APP_NAME@") >>> (string-append "Exec=" >>> - #$output >>> "/bin/librewolf")) >>> + #$output >>> "/bin/librewolf %u")) >>> (("@MOZ_APP_DISPLAYNAME@") >>> >> >> This was its previous state and was removed on commit >> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. >> >> Copying Ian, who was the author of that change and has been >> maintaining >> Librewolf. >> The context behind this change is that Firefox used to ship a taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec line like this: Exec=@MOZ_APP_NAME@ %u The Guix package would use that file, replacing the token with the path to the binary. The presence of %u in the package definition is because the substitute* regexp is sloppy and replaces the whole line instead of @MOZ_APP_NAME@ only. For reasons unknown to me, Firefox stopped shipping this file and deleted it from their repo. I looked around the repo and found toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm package. Its Exec line is: Exec=@MOZ_APP_NAME@ So I updated the package to use that, and the regexp to match. The patch in #74648 looks fine to me, and I think it should be pushed. Thanks, — Ian ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. 2024-12-02 16:30 ` Ian Eure @ 2024-12-03 9:31 ` Roman Scherer 0 siblings, 0 replies; 6+ messages in thread From: Roman Scherer @ 2024-12-03 9:31 UTC (permalink / raw) To: Ian Eure Cc: André Batista, Mark H Weaver, Roman Scherer, Jonathan Brielmaier, 74648 [-- Attachment #1: Type: text/plain, Size: 2829 bytes --] Ian Eure <ian@retrospec.tv> writes: Ok, thanks for the summary Ian. Looking forward for the patch to be applied. Thanks, Roman. > Hi Roman, André, > > Roman Scherer <roman@burningswell.com> writes: > >> André Batista <nandre@riseup.net> writes: >> >> Hi André, >> >> thanks for taking a look. So this is fixing a security issue? Which >> one >> exactly? Is it this one? >> > > This isn’t a security issue, the concern was created in a change which > also had security updates. The current nature of the browser > ecosystem means nearly every Firefox update contains security fixes, > so presence of them isn’t a very useful signal. > >> >>> Hi Roman, >>> >>> seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com >>> enviou: >>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to >>>> open URLs. >>>> >>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >>>> --- >>>> gnu/packages/librewolf.scm | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/gnu/packages/librewolf.scm >>>> b/gnu/packages/librewolf.scm >>>> index 5d432cfad8..42d212e9f9 100644 >>>> --- a/gnu/packages/librewolf.scm >>>> +++ b/gnu/packages/librewolf.scm >>>> @@ -605,7 +605,7 @@ (define-public librewolf >>>> (substitute* desktop-file >>>> (("^Exec=@MOZ_APP_NAME@") >>>> (string-append "Exec=" >>>> - #$output >>>> "/bin/librewolf")) >>>> + #$output >>>> "/bin/librewolf %u")) >>>> (("@MOZ_APP_DISPLAYNAME@") >>>> >>> >>> This was its previous state and was removed on commit >>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. >>> >>> Copying Ian, who was the author of that change and has been >>> maintaining >>> Librewolf. >>> > > The context behind this change is that Firefox used to ship a > taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec > line like this: > > Exec=@MOZ_APP_NAME@ %u > > The Guix package would use that file, replacing the token with the > path to the binary. The presence of %u in the package definition is > because the substitute* regexp is sloppy and replaces the whole line > instead of @MOZ_APP_NAME@ only. For reasons unknown to me, Firefox > stopped shipping this file and deleted it from their repo. I looked > around the repo and found > toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm > package. Its Exec line is: > > Exec=@MOZ_APP_NAME@ > > So I updated the package to use that, and the regexp to match. > > The patch in #74648 looks fine to me, and I think it should be pushed. > > Thanks, > > — Ian [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 519 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#74648: [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. 2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer 2024-12-02 14:31 ` André Batista @ 2024-12-11 20:29 ` Sharlatan Hellseher 1 sibling, 0 replies; 6+ messages in thread From: Sharlatan Hellseher @ 2024-12-11 20:29 UTC (permalink / raw) To: 74648-done [-- Attachment #1: Type: text/plain, Size: 105 bytes --] Hi, Pushed with updated commit message as dc2df5b86942e70c4d9f24533f6609153e9b2889 to master. -- Oleg [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-12-11 20:31 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer 2024-12-02 14:31 ` André Batista 2024-12-02 15:29 ` Roman Scherer 2024-12-02 16:30 ` Ian Eure 2024-12-03 9:31 ` Roman Scherer 2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).