Bug#950319: libreoffice: filename replacements in mime entries for mailcap must not be quoted within the given command
Hi,
Am 17.12.20 um 00:48 schrieb Marriott NZ:
> Unfortunately no progress yet on #928037, but I wanted to add here some info from related bug reports.
>
> 1) There is a Lintian test for this specific problem:
> https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html
> Package libreoffice and 40 more, currently trigger the warning.
> The test was introduced in Lintian 2.42.0, 19 Dec 2019.
> The bug report requesting the test dates back to 17 Feb 1999:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=33486
I know and saw that one, and as long as there isn't a *definitive*
answer am continuing what I am doing already: ignoring it.
Or is lintians tag is a distro-wide decision? I don't take that for a
given since they introduce bogus tags all the time .oO ( "breakout-link" )
> 2) The problem has already been discussed in old bugs, usually reaching the conclusion that %-escapes should *not* be quoted in the rules:
*usually*?
> Unfortunately they decided not to document anything because "I would like to avoid divergence with other platforms":
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=90483#30
Fair point, IMHO.
> As a result, many years later, every piece of Debian concerning mailcap is still a vector for arbitrary command execution, while package maintainers have no way of knowing what to do, and bug reports keep resurrecting like zombies (my #928037 is a duplicate of 10yo #90483).
As we see here, too.
> 3) Thunderbird doesn't use the %-expansion in the rules at all.
> The parsing function extracts what it thinks is the "executable name" and returns just that.
>
> https://hg.mozilla.org/mozilla-central/file/661f0d8ae4c44db58e668c831b555dbc038b77d0/uriloader/exthandler/unix/nsOSHelperAppService.cpp
>
> From function UnescapeCommand:
> "UnescapeCommand really needs some work -- it should actually do some unescaping"
> From function GetHandlerAndDescriptionFromMailcapFile:
> // XXX ugly hack. Just grab the executable name
> ...
> // XXX End ugly hack
>
> I don't know about Evolution.
>
That would be important info - and please don't forget mutt et al.
Regards,
Rene
Reply to: