Message ID | dd246aacd5131efa0133601d89dc0f63479ab035.1733138991.git.roman@burningswell.com |
---|---|
State | New |
Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B81B427BBEA; Mon, 2 Dec 2024 12:21:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9920227BBE2 for <patchwork@mira.cbaines.net>; Mon, 2 Dec 2024 12:21:14 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1tI5QJ-0005IZ-Vw; Mon, 02 Dec 2024 07:21:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tI5QH-0005II-H0 for guix-patches@gnu.org; Mon, 02 Dec 2024 07:21:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tI5QH-0002Y2-4l for guix-patches@gnu.org; Mon, 02 Dec 2024 07:21:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=q2cgxl3Ra5/F6CaezX3xku/AcZpU7mY7D7Ndn9P+LQo=; b=QZsWklIBj/+70rnWXdOIjBdpt4HkcR4j4yQJtSwV3ZjGwxSJpz2HLAQ0Csmy8/JL8kBQCA6+mDYAnzQ1ikNwtrZPrKfpOu9AtMnq0Ucs4qs65CtDTOWq1qqv8aVVeJYG/83XNbz4tzjoewJSQD8A+OZRR9U1F0MUClyfUUBWYIqkyO7Ht1VOkapSxAsiNrQLheXQO7olj2hbpmm26rkhzt0NWNJXEk+JBIKUXIK6C5Oca8LZA8ODUpIlSe1GR4YGnGMtH7ad94sFDpQzzh7iGkfIj8nyAxrnNBkb7gRCFyRihKi3pQf/qXEadqmEcyQg1eQpr4IiZmXC5sK9VylaxQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tI5QE-0004pi-51; Mon, 02 Dec 2024 07:21:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs. Resent-From: Roman Scherer <roman@burningswell.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: nandre@riseup.net, clement@lassieur.org, jonathan.brielmaier@web.de, mhw@netris.org, guix-patches@gnu.org Resent-Date: Mon, 02 Dec 2024 12:21:02 +0000 Resent-Message-ID: <handler.74648.B.173314203718526@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74648 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74648@debbugs.gnu.org Cc: Roman Scherer <roman@burningswell.com>, =?utf-8?b?QW5kcsOp?= Batista <nandre@riseup.net>, =?utf-8?q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>, Jonathan Brielmaier <jonathan.brielmaier@web.de>, Mark H Weaver <mhw@netris.org> X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: =?utf-8?b?QW5kcsOp?= Batista <nandre@riseup.net>, =?utf-8?q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>, Jonathan Brielmaier <jonathan.brielmaier@web.de>, Mark H Weaver <mhw@netris.org> Received: via spool by submit@debbugs.gnu.org id=B.173314203718526 (code B ref -1); Mon, 02 Dec 2024 12:21:02 +0000 Received: (at submit) by debbugs.gnu.org; 2 Dec 2024 12:20:37 +0000 Received: from localhost ([127.0.0.1]:54555 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1tI5Pp-0004ok-Db for submit@debbugs.gnu.org; Mon, 02 Dec 2024 07:20:37 -0500 Received: from lists.gnu.org ([209.51.188.17]:58928) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <roman@burningswell.com>) id 1tI5Po-0004od-4U for submit@debbugs.gnu.org; Mon, 02 Dec 2024 07:20:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <roman@burningswell.com>) id 1tI5Pn-0004yP-6R for guix-patches@gnu.org; Mon, 02 Dec 2024 07:20:35 -0500 Received: from mail-lj1-x235.google.com ([2a00:1450:4864:20::235]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <roman@burningswell.com>) id 1tI5Pi-0002EW-Ph for guix-patches@gnu.org; Mon, 02 Dec 2024 07:20:33 -0500 Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2ffdbc0c103so56253301fa.3 for <guix-patches@gnu.org>; Mon, 02 Dec 2024 04:20:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burningswell-com.20230601.gappssmtp.com; s=20230601; t=1733142026; x=1733746826; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=q2cgxl3Ra5/F6CaezX3xku/AcZpU7mY7D7Ndn9P+LQo=; b=2lR1lX1IXdov5QGYtj0mUCiZL05xh4B9FQMmyhotoVVQgI5N3nORFKPn8qK04vRiKt AKii31F7r4Ra5D5jAWtXfaoaKVJ66Q4XjCUL3dBJTAH5SPXAT6IwZNB0rrWovcXh5yie yHwSkKcqs/46Fp59oH3s+zQC3ErvUX0wmv+jMdWPRG8qB9hKhkokmmSZKDXJEVlvFfD3 YXIfapQiP3/jOLAtyFvs6vxOyr1sYld/s4NSJsJQnZjr0yjSgwA9UK7LVc2M8q5qIj/n 8gyzPRkZj5SByf7kNCKqvM8uHu6ZadRxXGqshg+WSCsoM46cVegcm1qQO5w0kv93xZ2M 1UsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733142026; x=1733746826; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=q2cgxl3Ra5/F6CaezX3xku/AcZpU7mY7D7Ndn9P+LQo=; b=PBhCFxvI/7H5RP8d4dzO0OS16mqPr4gYPvKYB7zyqrJ+rWfLZkSRooZpyMSHo+22BK bw6RGDJqZjngVAyaWyPlqXdFZyIVA7WOF/EMpRKHxn1GCbbaRwo9ouWwZTEg2F66BZYE iI5c9nR9LguMOSbBpkVI1KRd2GmvgPv0xL3Pa+FRY8MRa4yGVmokv57p/C3QH9e3wvA5 tWfrFrZSdvg7O3vuZO+Y/K0hR0P04Pz/MCoQReirRBiyv9+b7ZfKRnrodMUMQVHDx+BP d73JJ6y7LAIh6v049lVGBEfQYkGL7xH572hKHh/ZebwZXS80WVXYx3bK7wu6yEYoJSWr k5SQ== X-Gm-Message-State: AOJu0Yxh+XeSRtQW7yplxfmKUJtcWerEYJ2fqNiQhZMabeofXrh0tJVo QgyBLg1OYQPlqTBMqxEiIJdy/gUmDiEa3hthiGNwSZ5fVxrRcpnPqOxjaoJZY3+aCDclQWnt3G1 Q X-Gm-Gg: ASbGncvH6/gzunyULgTiDfdzNhPmuEwX4OsFZf2LwEebz3h6NQKvsKc7QuOOaVxJaWu 3cgRFV1y/YCc57vRh+3/FzT/nBAWcDOa6MxZKDUtGAKeUX84NMMMADAIGHQYCG7Lhdj0nF07Uh8 ou8zoNwmjC38XS3FjLE4te1FdLRa97lRFsDgpWf396GXYEh9BIZYFAd0hOaFEfdTyz/iKMd2Lrg vXb1SNbw7cVmcKYZGUzVGhWtCZB6ZSu5yMU6/aRmkUbJLCFzFTinOLJLOPScODpVChBsSImIqpi wnybcxnctr0qFNY= X-Google-Smtp-Source: AGHT+IErXQ1ib/62eLhAsc11RtpESb2L3NuN1TblFLlAzc6pa4GgggVHd7jTJ9JM3WgEfVSCKHnrzQ== X-Received: by 2002:a2e:a547:0:b0:2fa:d7ea:a219 with SMTP id 38308e7fff4ca-2ffd60dbf6fmr142252721fa.37.1733142026398; Mon, 02 Dec 2024 04:20:26 -0800 (PST) Received: from precision.. (tmo-087-218.customers.d1-online.com. [80.187.87.218]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa5999734ccsm501974766b.204.2024.12.02.04.20.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 04:20:25 -0800 (PST) From: Roman Scherer <roman@burningswell.com> Date: Mon, 2 Dec 2024 13:20:20 +0100 Message-ID: <dd246aacd5131efa0133601d89dc0f63479ab035.1733138991.git.roman@burningswell.com> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: none client-ip=2a00:1450:4864:20::235; envelope-from=roman@burningswell.com; helo=mail-lj1-x235.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
Series |
[bug#74648] gnu: librewolf: Add %u to Exec option to open URLs.
|
|
Commit Message
Roman Scherer
Dec. 2, 2024, 12:20 p.m. UTC
* gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd --- gnu/packages/librewolf.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) base-commit: 2756c660fb2d9e2fe3e1fd0898e4d7038c8273c7
Comments
Hi Roman, seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou: > * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. > > Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd > --- > gnu/packages/librewolf.scm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm > index 5d432cfad8..42d212e9f9 100644 > --- a/gnu/packages/librewolf.scm > +++ b/gnu/packages/librewolf.scm > @@ -605,7 +605,7 @@ (define-public librewolf > (substitute* desktop-file > (("^Exec=@MOZ_APP_NAME@") > (string-append "Exec=" > - #$output "/bin/librewolf")) > + #$output "/bin/librewolf %u")) > (("@MOZ_APP_DISPLAYNAME@") > This was its previous state and was removed on commit 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. Copying Ian, who was the author of that change and has been maintaining Librewolf. Cheers!
André Batista <nandre@riseup.net> writes: Hi André, thanks for taking a look. So this is fixing a security issue? Which one exactly? Is it this one? CVE-2024-10462: Origin of permission prompt could be spoofed by long URL Are we planning todo the same for Icecat? If so, could we have a variant of the browsers in Guix that are less hardened, and would allow opening URLs? I'm using Slack via Flatpack and not being able to open URLs from there or other applications with my browser is a bit tedious. Roman > Hi Roman, > > seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com enviou: >> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open URLs. >> >> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >> --- >> gnu/packages/librewolf.scm | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm >> index 5d432cfad8..42d212e9f9 100644 >> --- a/gnu/packages/librewolf.scm >> +++ b/gnu/packages/librewolf.scm >> @@ -605,7 +605,7 @@ (define-public librewolf >> (substitute* desktop-file >> (("^Exec=@MOZ_APP_NAME@") >> (string-append "Exec=" >> - #$output "/bin/librewolf")) >> + #$output "/bin/librewolf %u")) >> (("@MOZ_APP_DISPLAYNAME@") >> > > This was its previous state and was removed on commit > 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. > > Copying Ian, who was the author of that change and has been maintaining > Librewolf. > > Cheers!
Hi Roman, André, Roman Scherer <roman@burningswell.com> writes: > André Batista <nandre@riseup.net> writes: > > Hi André, > > thanks for taking a look. So this is fixing a security issue? > Which one > exactly? Is it this one? > This isn’t a security issue, the concern was created in a change which also had security updates. The current nature of the browser ecosystem means nearly every Firefox update contains security fixes, so presence of them isn’t a very useful signal. > >> Hi Roman, >> >> seg 02 dez 2024 às 13:20:20 (1733156420), >> roman@burningswell.com enviou: >>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec >>> option to open URLs. >>> >>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >>> --- >>> gnu/packages/librewolf.scm | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/gnu/packages/librewolf.scm >>> b/gnu/packages/librewolf.scm >>> index 5d432cfad8..42d212e9f9 100644 >>> --- a/gnu/packages/librewolf.scm >>> +++ b/gnu/packages/librewolf.scm >>> @@ -605,7 +605,7 @@ (define-public librewolf >>> (substitute* desktop-file >>> (("^Exec=@MOZ_APP_NAME@") >>> (string-append "Exec=" >>> - #$output >>> "/bin/librewolf")) >>> + #$output >>> "/bin/librewolf %u")) >>> (("@MOZ_APP_DISPLAYNAME@") >>> >> >> This was its previous state and was removed on commit >> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. >> >> Copying Ian, who was the author of that change and has been >> maintaining >> Librewolf. >> The context behind this change is that Firefox used to ship a taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec line like this: Exec=@MOZ_APP_NAME@ %u The Guix package would use that file, replacing the token with the path to the binary. The presence of %u in the package definition is because the substitute* regexp is sloppy and replaces the whole line instead of @MOZ_APP_NAME@ only. For reasons unknown to me, Firefox stopped shipping this file and deleted it from their repo. I looked around the repo and found toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm package. Its Exec line is: Exec=@MOZ_APP_NAME@ So I updated the package to use that, and the regexp to match. The patch in #74648 looks fine to me, and I think it should be pushed. Thanks, — Ian
Ian Eure <ian@retrospec.tv> writes: Ok, thanks for the summary Ian. Looking forward for the patch to be applied. Thanks, Roman. > Hi Roman, André, > > Roman Scherer <roman@burningswell.com> writes: > >> André Batista <nandre@riseup.net> writes: >> >> Hi André, >> >> thanks for taking a look. So this is fixing a security issue? Which >> one >> exactly? Is it this one? >> > > This isn’t a security issue, the concern was created in a change which > also had security updates. The current nature of the browser > ecosystem means nearly every Firefox update contains security fixes, > so presence of them isn’t a very useful signal. > >> >>> Hi Roman, >>> >>> seg 02 dez 2024 às 13:20:20 (1733156420), roman@burningswell.com >>> enviou: >>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to >>>> open URLs. >>>> >>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd >>>> --- >>>> gnu/packages/librewolf.scm | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/gnu/packages/librewolf.scm >>>> b/gnu/packages/librewolf.scm >>>> index 5d432cfad8..42d212e9f9 100644 >>>> --- a/gnu/packages/librewolf.scm >>>> +++ b/gnu/packages/librewolf.scm >>>> @@ -605,7 +605,7 @@ (define-public librewolf >>>> (substitute* desktop-file >>>> (("^Exec=@MOZ_APP_NAME@") >>>> (string-append "Exec=" >>>> - #$output >>>> "/bin/librewolf")) >>>> + #$output >>>> "/bin/librewolf %u")) >>>> (("@MOZ_APP_DISPLAYNAME@") >>>> >>> >>> This was its previous state and was removed on commit >>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070. >>> >>> Copying Ian, who was the author of that change and has been >>> maintaining >>> Librewolf. >>> > > The context behind this change is that Firefox used to ship a > taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec > line like this: > > Exec=@MOZ_APP_NAME@ %u > > The Guix package would use that file, replacing the token with the > path to the binary. The presence of %u in the package definition is > because the substitute* regexp is sloppy and replaces the whole line > instead of @MOZ_APP_NAME@ only. For reasons unknown to me, Firefox > stopped shipping this file and deleted it from their repo. I looked > around the repo and found > toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm > package. Its Exec line is: > > Exec=@MOZ_APP_NAME@ > > So I updated the package to use that, and the regexp to match. > > The patch in #74648 looks fine to me, and I think it should be pushed. > > Thanks, > > — Ian
Hi, Pushed with updated commit message as dc2df5b86942e70c4d9f24533f6609153e9b2889 to master. -- Oleg
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 5d432cfad8..42d212e9f9 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -605,7 +605,7 @@ (define-public librewolf (substitute* desktop-file (("^Exec=@MOZ_APP_NAME@") (string-append "Exec=" - #$output "/bin/librewolf")) + #$output "/bin/librewolf %u")) (("@MOZ_APP_DISPLAYNAME@") "LibreWolf") (("@MOZ_APP_REMOTINGNAME@")