GNU bug report logs - #74648
[PATCH] gnu: librewolf: Add %u to Exec option to open URLs.

Previous Next

Package: guix-patches;

Reported by: Roman Scherer <roman <at> burningswell.com>

Date: Mon, 2 Dec 2024 12:21:02 UTC

Severity: normal

Tags: patch

Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ian Eure <ian <at> retrospec.tv>
To: Roman Scherer <roman <at> burningswell.com>
Cc: André Batista <nandre <at> riseup.net>, Mark H Weaver <mhw <at> netris.org>, Jonathan Brielmaier <jonathan.brielmaier <at> web.de>, 74648 <at> debbugs.gnu.org
Subject: [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to open URLs.
Date: Mon, 02 Dec 2024 08:30:12 -0800

Hi Roman, André,

Roman Scherer <roman <at> burningswell.com> writes:

> André Batista <nandre <at> riseup.net> writes:
>
> Hi André,
>
> thanks for taking a look. So this is fixing a security issue? 
> Which one
> exactly? Is it this one?
>

This isn’t a security issue, the concern was created in a change 
which also had security updates.  The current nature of the 
browser ecosystem means nearly every Firefox update contains 
security fixes, so presence of them isn’t a very useful signal.

>
>> Hi Roman,
>>
>> seg 02 dez 2024 às 13:20:20 (1733156420), 
>> roman <at> burningswell.com enviou:
>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec 
>>> option to open URLs.
>>>
>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>>> ---
>>>  gnu/packages/librewolf.scm | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/gnu/packages/librewolf.scm 
>>> b/gnu/packages/librewolf.scm
>>> index 5d432cfad8..42d212e9f9 100644
>>> --- a/gnu/packages/librewolf.scm
>>> +++ b/gnu/packages/librewolf.scm
>>> @@ -605,7 +605,7 @@ (define-public librewolf
>>>                           (substitute* desktop-file
>>>                             (("^Exec=@MOZ_APP_NAME@")
>>>                              (string-append "Exec="
>>> -                                           #$output 
>>> "/bin/librewolf"))
>>> +                                           #$output 
>>> "/bin/librewolf %u"))
>>>                             (("@MOZ_APP_DISPLAYNAME@")
>>>
>>
>> This was its previous state and was removed on commit
>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>>
>> Copying Ian, who was the author of that change and has been 
>> maintaining
>> Librewolf.
>>

The context behind this change is that Firefox used to ship a 
taskcluster/docker/firefox-snap/firefox.desktop file which had an 
Exec line like this:

   Exec=@MOZ_APP_NAME@ %u

The Guix package would use that file, replacing the token with the 
path to the binary.  The presence of %u in the package definition 
is because the substitute* regexp is sloppy and replaces the whole 
line instead of @MOZ_APP_NAME@ only.  For reasons unknown to me, 
Firefox stopped shipping this file and deleted it from their repo. 
I looked around the repo and found 
toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm 
package.  Its Exec line is:

   Exec=@MOZ_APP_NAME@

So I updated the package to use that, and the regexp to match.

The patch in #74648 looks fine to me, and I think it should be 
pushed.

Thanks,

 — Ian
This bug report was last modified 162 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.