* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
@ 2024-12-02 12:20 Roman Scherer
2024-12-02 14:31 ` André Batista
2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher
0 siblings, 2 replies; 6+ messages in thread
From: Roman Scherer @ 2024-12-02 12:20 UTC (permalink / raw)
To: 74648
Cc: Roman Scherer, André Batista, Clément Lassieur,
Jonathan Brielmaier, Mark H Weaver
* gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
---
gnu/packages/librewolf.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 5d432cfad8..42d212e9f9 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -605,7 +605,7 @@ (define-public librewolf
(substitute* desktop-file
(("^Exec=@MOZ_APP_NAME@")
(string-append "Exec="
- #$output "/bin/librewolf"))
+ #$output "/bin/librewolf %u"))
(("@MOZ_APP_DISPLAYNAME@")
"LibreWolf")
(("@MOZ_APP_REMOTINGNAME@")
base-commit: 2756c660fb2d9e2fe3e1fd0898e4d7038c8273c7
--
2.46.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer
@ 2024-12-02 14:31 ` André Batista
2024-12-02 15:29 ` Roman Scherer
2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher
1 sibling, 1 reply; 6+ messages in thread
From: André Batista @ 2024-12-02 14:31 UTC (permalink / raw)
To: Roman Scherer; +Cc: Mark H Weaver, Jonathan Brielmaier, 74648, Ian Eure
Hi Roman,
seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou:
> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
>
> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
> ---
> gnu/packages/librewolf.scm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
> index 5d432cfad8..42d212e9f9 100644
> --- a/gnu/packages/librewolf.scm
> +++ b/gnu/packages/librewolf.scm
> @@ -605,7 +605,7 @@ (define-public librewolf
> (substitute* desktop-file
> (("^Exec=@MOZ_APP_NAME@")
> (string-append "Exec="
> - #$output "/bin/librewolf"))
> + #$output "/bin/librewolf %u"))
> (("@MOZ_APP_DISPLAYNAME@")
>
This was its previous state and was removed on commit
280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
Copying Ian, who was the author of that change and has been maintaining
Librewolf.
Cheers!
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 14:31 ` André Batista
@ 2024-12-02 15:29 ` Roman Scherer
2024-12-02 16:30 ` Ian Eure
0 siblings, 1 reply; 6+ messages in thread
From: Roman Scherer @ 2024-12-02 15:29 UTC (permalink / raw)
To: André Batista
Cc: Mark H Weaver, Roman Scherer, Jonathan Brielmaier, 74648,
Ian Eure
[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]
André Batista <nandre@riseup.net> writes:
Hi André,
thanks for taking a look. So this is fixing a security issue? Which one
exactly? Is it this one?
CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
Are we planning todo the same for Icecat? If so, could we have a variant
of the browsers in Guix that are less hardened, and would allow opening
URLs?
I'm using Slack via Flatpack and not being able to open URLs from there
or other applications with my browser is a bit tedious.
Roman
> Hi Roman,
>
> seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou:
>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs.
>>
>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>> ---
>> gnu/packages/librewolf.scm | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
>> index 5d432cfad8..42d212e9f9 100644
>> --- a/gnu/packages/librewolf.scm
>> +++ b/gnu/packages/librewolf.scm
>> @@ -605,7 +605,7 @@ (define-public librewolf
>> (substitute* desktop-file
>> (("^Exec=@MOZ_APP_NAME@")
>> (string-append "Exec="
>> - #$output "/bin/librewolf"))
>> + #$output "/bin/librewolf %u"))
>> (("@MOZ_APP_DISPLAYNAME@")
>>
>
> This was its previous state and was removed on commit
> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>
> Copying Ian, who was the author of that change and has been maintaining
> Librewolf.
>
> Cheers!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 15:29 ` Roman Scherer
@ 2024-12-02 16:30 ` Ian Eure
2024-12-03 9:31 ` Roman Scherer
0 siblings, 1 reply; 6+ messages in thread
From: Ian Eure @ 2024-12-02 16:30 UTC (permalink / raw)
To: Roman Scherer
Cc: André Batista, Mark H Weaver, Jonathan Brielmaier, 74648
Hi Roman, André,
Roman Scherer <roman@burningswell.com> writes:
> André Batista <nandre@riseup.net> writes:
>
> Hi André,
>
> thanks for taking a look. So this is fixing a security issue?
> Which one
> exactly? Is it this one?
>
This isn’t a security issue, the concern was created in a change
which also had security updates. The current nature of the
browser ecosystem means nearly every Firefox update contains
security fixes, so presence of them isn’t a very useful signal.
>
>> Hi Roman,
>>
>> seg 02 dez 2024 às 13:20:20 (1733156420),
>> roman@burningswell.com enviou:
>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec
>>> option to open URLs.
>>>
>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>>> ---
>>> gnu/packages/librewolf.scm | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/gnu/packages/librewolf.scm
>>> b/gnu/packages/librewolf.scm
>>> index 5d432cfad8..42d212e9f9 100644
>>> --- a/gnu/packages/librewolf.scm
>>> +++ b/gnu/packages/librewolf.scm
>>> @@ -605,7 +605,7 @@ (define-public librewolf
>>> (substitute* desktop-file
>>> (("^Exec=@MOZ_APP_NAME@")
>>> (string-append "Exec="
>>> - #$output
>>> "/bin/librewolf"))
>>> + #$output
>>> "/bin/librewolf %u"))
>>> (("@MOZ_APP_DISPLAYNAME@")
>>>
>>
>> This was its previous state and was removed on commit
>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>>
>> Copying Ian, who was the author of that change and has been
>> maintaining
>> Librewolf.
>>
The context behind this change is that Firefox used to ship a
taskcluster/docker/firefox-snap/firefox.desktop file which had an
Exec line like this:
Exec=@MOZ_APP_NAME@ %u
The Guix package would use that file, replacing the token with the
path to the binary. The presence of %u in the package definition
is because the substitute* regexp is sloppy and replaces the whole
line instead of @MOZ_APP_NAME@ only. For reasons unknown to me,
Firefox stopped shipping this file and deleted it from their repo.
I looked around the repo and found
toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm
package. Its Exec line is:
Exec=@MOZ_APP_NAME@
So I updated the package to use that, and the regexp to match.
The patch in #74648 looks fine to me, and I think it should be
pushed.
Thanks,
— Ian
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 16:30 ` Ian Eure
@ 2024-12-03 9:31 ` Roman Scherer
0 siblings, 0 replies; 6+ messages in thread
From: Roman Scherer @ 2024-12-03 9:31 UTC (permalink / raw)
To: Ian Eure
Cc: André Batista, Mark H Weaver, Roman Scherer,
Jonathan Brielmaier, 74648
[-- Attachment #1: Type: text/plain, Size: 2829 bytes --]
Ian Eure <ian@retrospec.tv> writes:
Ok, thanks for the summary Ian. Looking forward for the patch to be
applied.
Thanks, Roman.
> Hi Roman, André,
>
> Roman Scherer <roman@burningswell.com> writes:
>
>> André Batista <nandre@riseup.net> writes:
>>
>> Hi André,
>>
>> thanks for taking a look. So this is fixing a security issue? Which
>> one
>> exactly? Is it this one?
>>
>
> This isn’t a security issue, the concern was created in a change which
> also had security updates. The current nature of the browser
> ecosystem means nearly every Firefox update contains security fixes,
> so presence of them isn’t a very useful signal.
>
>>
>>> Hi Roman,
>>>
>>> seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com
>>> enviou:
>>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to
>>>> open URLs.
>>>>
>>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>>>> ---
>>>> gnu/packages/librewolf.scm | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/gnu/packages/librewolf.scm
>>>> b/gnu/packages/librewolf.scm
>>>> index 5d432cfad8..42d212e9f9 100644
>>>> --- a/gnu/packages/librewolf.scm
>>>> +++ b/gnu/packages/librewolf.scm
>>>> @@ -605,7 +605,7 @@ (define-public librewolf
>>>> (substitute* desktop-file
>>>> (("^Exec=@MOZ_APP_NAME@")
>>>> (string-append "Exec="
>>>> - #$output
>>>> "/bin/librewolf"))
>>>> + #$output
>>>> "/bin/librewolf %u"))
>>>> (("@MOZ_APP_DISPLAYNAME@")
>>>>
>>>
>>> This was its previous state and was removed on commit
>>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>>>
>>> Copying Ian, who was the author of that change and has been
>>> maintaining
>>> Librewolf.
>>>
>
> The context behind this change is that Firefox used to ship a
> taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec
> line like this:
>
> Exec=@MOZ_APP_NAME@ %u
>
> The Guix package would use that file, replacing the token with the
> path to the binary. The presence of %u in the package definition is
> because the substitute* regexp is sloppy and replaces the whole line
> instead of @MOZ_APP_NAME@ only. For reasons unknown to me, Firefox
> stopped shipping this file and deleted it from their repo. I looked
> around the repo and found
> toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm
> package. Its Exec line is:
>
> Exec=@MOZ_APP_NAME@
>
> So I updated the package to use that, and the regexp to match.
>
> The patch in #74648 looks fine to me, and I think it should be pushed.
>
> Thanks,
>
> — Ian
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#74648: [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer
2024-12-02 14:31 ` André Batista
@ 2024-12-11 20:29 ` Sharlatan Hellseher
1 sibling, 0 replies; 6+ messages in thread
From: Sharlatan Hellseher @ 2024-12-11 20:29 UTC (permalink / raw)
To: 74648-done
[-- Attachment #1: Type: text/plain, Size: 105 bytes --]
Hi,
Pushed with updated commit message as
dc2df5b86942e70c4d9f24533f6609153e9b2889 to master.
--
Oleg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-12-11 20:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-02 12:20 [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs Roman Scherer
2024-12-02 14:31 ` André Batista
2024-12-02 15:29 ` Roman Scherer
2024-12-02 16:30 ` Ian Eure
2024-12-03 9:31 ` Roman Scherer
2024-12-11 20:29 ` bug#74648: " Sharlatan Hellseher
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.