* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
@ 2024-12-02 12:20 Roman Scherer
2024-12-02 14:31 ` André Batista
0 siblings, 1 reply; 4+ messages in thread
From: Roman Scherer @ 2024-12-02 12:20 UTC (permalink / raw)
To: 74648
Cc: Roman Scherer, André Batista, Clément Lassieur,
Jonathan Brielmaier, Mark H Weaver
* gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
---
gnu/packages/librewolf.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 5d432cfad8..42d212e9f9 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -605,7 +605,7 @@ (define-public librewolf
(substitute* desktop-file
(("^Exec=@MOZ_APP_NAME@")
(string-append "Exec="
- #$output "/bin/librewolf"))
+ #$output "/bin/librewolf %u"))
(("@MOZ_APP_DISPLAYNAME@")
"LibreWolf")
(("@MOZ_APP_REMOTINGNAME@")
base-commit: 2756c660fb2d9e2fe3e1fd0898e4d7038c8273c7
--
2.46.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer
@ 2024-12-02 14:31 ` André Batista
2024-12-02 15:29 ` Roman Scherer
0 siblings, 1 reply; 4+ messages in thread
From: André Batista @ 2024-12-02 14:31 UTC (permalink / raw)
To: Roman Scherer; +Cc: Mark H Weaver, Jonathan Brielmaier, 74648, Ian Eure
Hi Roman,
seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou:
> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
>
> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
> ---
> gnu/packages/librewolf.scm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
> index 5d432cfad8..42d212e9f9 100644
> --- a/gnu/packages/librewolf.scm
> +++ b/gnu/packages/librewolf.scm
> @@ -605,7 +605,7 @@ (define-public librewolf
> (substitute* desktop-file
> (("^Exec=@MOZ_APP_NAME@")
> (string-append "Exec="
> - #$output "/bin/librewolf"))
> + #$output "/bin/librewolf %u"))
> (("@MOZ_APP_DISPLAYNAME@")
>
This was its previous state and was removed on commit
280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
Copying Ian, who was the author of that change and has been maintaining
Librewolf.
Cheers!
^ permalink raw reply [flat|nested] 4+ messages in thread* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 14:31 ` André Batista
@ 2024-12-02 15:29 ` Roman Scherer
2024-12-02 16:30 ` Ian Eure
0 siblings, 1 reply; 4+ messages in thread
From: Roman Scherer @ 2024-12-02 15:29 UTC (permalink / raw)
To: André Batista
Cc: Mark H Weaver, Roman Scherer, Jonathan Brielmaier, 74648,
Ian Eure
[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]
André Batista <nandre@riseup.net> writes:
Hi André,
thanks for taking a look. So this is fixing a security issue? Which one
exactly? Is it this one?
CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
Are we planning todo the same for Icecat? If so, could we have a variant
of the browsers in Guix that are less hardened, and would allow opening
URLs?
I'm using Slack via Flatpack and not being able to open URLs from there
or other applications with my browser is a bit tedious.
Roman
> Hi Roman,
>
> seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou:
>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
>>
>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>> ---
>> gnu/packages/librewolf.scm | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
>> index 5d432cfad8..42d212e9f9 100644
>> --- a/gnu/packages/librewolf.scm
>> +++ b/gnu/packages/librewolf.scm
>> @@ -605,7 +605,7 @@ (define-public librewolf
>> (substitute* desktop-file
>> (("^Exec=@MOZ_APP_NAME@")
>> (string-append "Exec="
>> - #$output "/bin/librewolf"))
>> + #$output "/bin/librewolf %u"))
>> (("@MOZ_APP_DISPLAYNAME@")
>>
>
> This was its previous state and was removed on commit
> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>
> Copying Ian, who was the author of that change and has been maintaining
> Librewolf.
>
> Cheers!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 15:29 ` Roman Scherer
@ 2024-12-02 16:30 ` Ian Eure
0 siblings, 0 replies; 4+ messages in thread
From: Ian Eure @ 2024-12-02 16:30 UTC (permalink / raw)
To: Roman Scherer
Cc: André Batista, Mark H Weaver, Jonathan Brielmaier, 74648
Hi Roman, André,
Roman Scherer <roman@burningswell.com> writes:
> André Batista <nandre@riseup.net> writes:
>
> Hi André,
>
> thanks for taking a look. So this is fixing a security issue?
> Which one
> exactly? Is it this one?
>
This isn’t a security issue, the concern was created in a change
which also had security updates. The current nature of the
browser ecosystem means nearly every Firefox update contains
security fixes, so presence of them isn’t a very useful signal.
>
>> Hi Roman,
>>
>> seg 02 dez 2024 às 13:20:20 (1733156420),
>> roman@burningswell.com enviou:
>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec
>>> option to open URLs.
>>>
>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>>> ---
>>> gnu/packages/librewolf.scm | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/gnu/packages/librewolf.scm
>>> b/gnu/packages/librewolf.scm
>>> index 5d432cfad8..42d212e9f9 100644
>>> --- a/gnu/packages/librewolf.scm
>>> +++ b/gnu/packages/librewolf.scm
>>> @@ -605,7 +605,7 @@ (define-public librewolf
>>> (substitute* desktop-file
>>> (("^Exec=@MOZ_APP_NAME@")
>>> (string-append "Exec="
>>> - #$output
>>> "/bin/librewolf"))
>>> + #$output
>>> "/bin/librewolf %u"))
>>> (("@MOZ_APP_DISPLAYNAME@")
>>>
>>
>> This was its previous state and was removed on commit
>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>>
>> Copying Ian, who was the author of that change and has been
>> maintaining
>> Librewolf.
>>
The context behind this change is that Firefox used to ship a
taskcluster/docker/firefox-snap/firefox.desktop file which had an
Exec line like this:
Exec=@MOZ_APP_NAME@ %u
The Guix package would use that file, replacing the token with the
path to the binary. The presence of %u in the package definition
is because the substitute* regexp is sloppy and replaces the whole
line instead of @MOZ_APP_NAME@ only. For reasons unknown to me,
Firefox stopped shipping this file and deleted it from their repo.
I looked around the repo and found
toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm
package. Its Exec line is:
Exec=@MOZ_APP_NAME@
So I updated the package to use that, and the regexp to match.
The patch in #74648 looks fine to me, and I think it should be
pushed.
Thanks,
— Ian
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-12-02 16:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer
2024-12-02 14:31 ` André Batista
2024-12-02 15:29 ` Roman Scherer
2024-12-02 16:30 ` Ian Eure
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).