GNU bug report logs - #74648
[PATCH] gnu: librewolf: Add %u to Exec option to open URLs.

Previous Next

Package: guix-patches;

Reported by: Roman Scherer <roman <at> burningswell.com>

Date: Mon, 2 Dec 2024 12:21:02 UTC

Severity: normal

Tags: patch

Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 74648 <at> debbugs.gnu.org (full text, mbox):

From: Roman Scherer <roman <at> burningswell.com>
To: Ian Eure <ian <at> retrospec.tv>
Cc: André Batista <nandre <at> riseup.net>,
 Mark H Weaver <mhw <at> netris.org>, Roman Scherer <roman <at> burningswell.com>,
 Jonathan Brielmaier <jonathan.brielmaier <at> web.de>, 74648 <at> debbugs.gnu.org
Subject: Re: [bug#74648] [PATCH] gnu: librewolf: Add %u to Exec option to
 open URLs.
Date: Tue, 03 Dec 2024 10:31:05 +0100

[Message part 1 (text/plain, inline)]
Ian Eure <ian <at> retrospec.tv> writes:

Ok, thanks for the summary Ian. Looking forward for the patch to be
applied.

Thanks, Roman.

> Hi Roman, André,
>
> Roman Scherer <roman <at> burningswell.com> writes:
>
>> André Batista <nandre <at> riseup.net> writes:
>>
>> Hi André,
>>
>> thanks for taking a look. So this is fixing a security issue? Which
>> one
>> exactly? Is it this one?
>>
>
> This isn’t a security issue, the concern was created in a change which
> also had security updates.  The current nature of the browser
> ecosystem means nearly every Firefox update contains security fixes,
> so presence of them isn’t a very useful signal.
>
>>
>>> Hi Roman,
>>>
>>> seg 02 dez 2024 às 13:20:20 (1733156420), roman <at> burningswell.com
>>> enviou:
>>>> * gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to
>>>> open URLs.
>>>>
>>>> Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
>>>> ---
>>>>  gnu/packages/librewolf.scm | 2 +-
>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/gnu/packages/librewolf.scm
>>>> b/gnu/packages/librewolf.scm
>>>> index 5d432cfad8..42d212e9f9 100644
>>>> --- a/gnu/packages/librewolf.scm
>>>> +++ b/gnu/packages/librewolf.scm
>>>> @@ -605,7 +605,7 @@ (define-public librewolf
>>>>                           (substitute* desktop-file
>>>>                             (("^Exec=@MOZ_APP_NAME@")
>>>>                              (string-append "Exec="
>>>> -                                           #$output
>>>> "/bin/librewolf"))
>>>> +                                           #$output
>>>> "/bin/librewolf %u"))
>>>>                             (("@MOZ_APP_DISPLAYNAME@")
>>>>
>>>
>>> This was its previous state and was removed on commit
>>> 280aa6b57d7b741a7d8b076e1afa3dff23569332. See also #74070.
>>>
>>> Copying Ian, who was the author of that change and has been
>>> maintaining
>>> Librewolf.
>>>
>
> The context behind this change is that Firefox used to ship a
> taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec
> line like this:
>
>    Exec=@MOZ_APP_NAME@ %u
>
> The Guix package would use that file, replacing the token with the
> path to the binary.  The presence of %u in the package definition is
> because the substitute* regexp is sloppy and replaces the whole line
> instead of @MOZ_APP_NAME@ only.  For reasons unknown to me, Firefox
> stopped shipping this file and deleted it from their repo. I looked
> around the repo and found
> toolkit/mozapps/installer/linux/rpm/mozilla.desktop, for the rpm
> package.  Its Exec line is:
>
>    Exec=@MOZ_APP_NAME@
>
> So I updated the package to use that, and the regexp to match.
>
> The patch in #74648 looks fine to me, and I think it should be pushed.
>
> Thanks,
>
>  — Ian

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 162 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.