Gentoo Archives: gentoo-dev

From: "Ulrich Müller" <ulm@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [PATCH] desktop.eclass: Sanitize filename of desktop entry.
Date: Wed, 25 Mar 2020 08:24:32
Message-Id: ud090zvte@gentoo.org
make_desktop_entry() extracts the first component of the filename from
the Exec key in the desktop entry. This can however include arguments
which will end up in the filename. For example, www-client/links has
"Exec=links -g %u", resulting in links_-g_%u-links-2.desktop as the
name of the file.

The current extraction pattern originates from this CVS commit:
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/eclass/eutils.eclass?r1=1.271&r2=1.272
with the commit message "scrub exec filename in case someone does
something silly like pass the fullpath to a binary".

Before that commit, anything after a space in Exec would have been
removed. Restore that behaviour, and in addition use only the
executable's basename.

While at it, get rid of the sed call and handle everything in bash.

Signed-off-by: Ulrich Müller <ulm@g.o>
---
 eclass/desktop.eclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/eclass/desktop.eclass b/eclass/desktop.eclass
index 6fc72ab8ec03..f310f210dfba 100644
--- a/eclass/desktop.eclass
+++ b/eclass/desktop.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # @ECLASS: desktop.eclass
@@ -162,8 +162,8 @@ make_desktop_entry() {
 	else
 		local desktop_name="${PN}-${slot}"
 	fi
-	local desktop="${T}/$(echo ${exec} | sed 's:[[:space:]/:]:_:g')-${desktop_name}.desktop"
-	#local desktop=${T}/${exec%% *:-${desktop_name}}.desktop
+	local desktop="${exec%%[[:space:]]*}"
+	desktop="${T}/${desktop##*/}-${desktop_name}.desktop"
 
 	# Don't append another ";" when a valid category value is provided.
 	type=${type%;}${type:+;}
-- 
2.26.0

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies