Put electronVersion back (#287 )

seems letting electron builder take it from the dependencies confuses the keytar build process
v1.9.7
2026-01-18 12:29:34 -05:00 · 2021-12-13 16:01:53 +00:00 · 2021-12-13 15:44:56 +00:00 · 2021-12-13 15:44:56 +00:00 · 2021-12-13 15:35:27 +00:00
4 changed files with 56 additions and 29 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+Changes in [1.9.7](https://github.com/vector-im/element-desktop/releases/tag/v1.9.7) (2021-12-13)
+=================================================================================================
+
+ * Security release with updated version of Olm to fix https://matrix.org/blog/2021/12/03/pre-disclosure-upcoming-security-release-of-libolm-and-matrix-js-sdk
+ * Fix a crash on logout
+
 Changes in [1.9.6](https://github.com/vector-im/element-desktop/releases/tag/v1.9.6) (2021-12-06)
 =================================================================================================

--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "element-desktop",
  "productName": "Element",
  "main": "lib/electron-main.js",
-  "version": "1.9.6",
+  "version": "1.9.7",
  "description": "A feature-rich client for Matrix.org",
  "author": "Element",
  "repository": {
@@ -83,7 +83,7 @@
  },
  "build": {
    "appId": "im.riot.app",
-    "electronVersion": "13.5.1",
+    "electronVersion": "13.5.2",
    "files": [
      "package.json",
      {
--- a/src/protocol.ts
+++ b/src/protocol.ts
@@ -19,7 +19,7 @@ import { URL } from "url";
 import path from "path";
 import fs from "fs";

-const PROTOCOL = "element://";
+const PROTOCOL = "element:";
 const SEARCH_PARAM = "element-desktop-ssoid";
 const STORE_FILE_NAME = "sso-sessions.json";

@@ -28,8 +28,28 @@ const storePath = path.join(app.getPath("userData"), STORE_FILE_NAME);

 function processUrl(url: string): void {
    if (!global.mainWindow) return;
-    console.log("Handling link: ", url);
-    global.mainWindow.loadURL(url.replace(PROTOCOL, "vector://"));
+
+    const parsed = new URL(url);
+    // sanity check: we only register for the one protocol, so we shouldn't
+    // be getting anything else unless the user is forcing a URL to open
+    // with the Element app.
+    if (parsed.protocol !== PROTOCOL) {
+        console.log("Ignoring unexpected protocol: ", parsed.protocol);
+        return;
+    }
+
+    const urlToLoad = new URL("vector://vector/webapp/");
+    // ignore anything other than the search (used for SSO login redirect)
+    // and the hash (for general element deep links)
+    // There's no reason to allow anything else, particularly other paths,
+    // since this would allow things like the internal jitsi wrapper to
+    // be loaded, which would get the app stuck on that page and generally
+    // be a bit strange and confusing.
+    urlToLoad.search = parsed.search;
+    urlToLoad.hash = parsed.hash;
+
+    console.log("Opening URL: ", urlToLoad.href);
+    global.mainWindow.loadURL(urlToLoad.href);
 }

 function readStore(): object {
@@ -62,10 +82,10 @@ export function recordSSOSession(sessionID: string): void {

 export function getProfileFromDeeplink(args): string | undefined {
    // check if we are passed a profile in the SSO callback url
-    const deeplinkUrl = args.find(arg => arg.startsWith('element://'));
+    const deeplinkUrl = args.find(arg => arg.startsWith(PROTOCOL + '//'));
    if (deeplinkUrl && deeplinkUrl.includes(SEARCH_PARAM)) {
        const parsedUrl = new URL(deeplinkUrl);
-        if (parsedUrl.protocol === 'element:') {
+        if (parsedUrl.protocol === PROTOCOL) {
            const ssoID = parsedUrl.searchParams.get(SEARCH_PARAM);
            const store = readStore();
            console.log("Forwarding to profile: ", store[ssoID]);
@@ -96,7 +116,7 @@ export function protocolInit(): void {
        // Protocol handler for win32/Linux
        app.on('second-instance', (ev, commandLine) => {
            const url = commandLine[commandLine.length - 1];
-            if (!url.startsWith(PROTOCOL)) return;
+            if (!url.startsWith(PROTOCOL + '//')) return;
            processUrl(url);
        });
    }
--- a/yarn.lock
+++ b/yarn.lock
@@ -142,9 +142,9 @@
    ajv-keywords "^3.4.1"

 "@electron/get@^1.0.1":
-  version "1.13.0"
-  resolved "https://registry.yarnpkg.com/@electron/get/-/get-1.13.0.tgz#95c6bcaff4f9a505ea46792424f451efea89228c"
-  integrity sha512-+SjZhRuRo+STTO1Fdhzqnv9D2ZhjxXP6egsJ9kiO8dtP68cDx7dFCwWi64dlMQV7sWcfW1OYCW4wviEBzmRsfQ==
+  version "1.13.1"
+  resolved "https://registry.yarnpkg.com/@electron/get/-/get-1.13.1.tgz#42a0aa62fd1189638bd966e23effaebb16108368"
+  integrity sha512-U5vkXDZ9DwXtkPqlB45tfYnnYBN8PePp1z/XDCupnSpdrxT8/ThCv9WCwPLf9oqiSGZTkH6dx2jDUPuoXpjkcA==
  dependencies:
    debug "^4.1.1"
    env-paths "^2.2.0"
@@ -154,7 +154,7 @@
    semver "^6.2.0"
    sumchecker "^3.0.1"
  optionalDependencies:
-    global-agent "^2.0.2"
+    global-agent "^3.0.0"
    global-tunnel-ng "^2.7.1"

 "@electron/universal@1.0.5":
@@ -758,9 +758,9 @@
  integrity sha512-WiFf2izl01P1CpeY8WqFAeKWwByMueBEkND38EcN8N68qb0aDG3oIS1P5MhAX5kUdr469qRyqsY/MjanLjsFbQ==

 "@types/node@^14.6.2":
-  version "14.17.21"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-14.17.21.tgz#6359d8cf73481e312a43886fa50afc70ce5592c6"
-  integrity sha512-zv8ukKci1mrILYiQOwGSV4FpkZhyxQtuFWGya2GujWg+zVAeRQ4qbaMmWp9vb9889CFA8JECH7lkwCL6Ygg8kA==
+  version "14.18.0"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-14.18.0.tgz#98df2397f6936bfbff4f089e40e06fa5dd88d32a"
+  integrity sha512-0GeIl2kmVMXEnx8tg1SlG6Gg8vkqirrW752KqolYo1PHevhhZN3bhJ67qHj+bQaINhX0Ra3TlWwRvMCd9iEfNQ==

 "@types/plist@^3.0.1":
  version "3.0.2"
@@ -1613,11 +1613,6 @@ console-control-strings@^1.0.0, console-control-strings@~1.1.0:
  resolved "https://registry.yarnpkg.com/console-control-strings/-/console-control-strings-1.1.0.tgz#3d7cf4464db6446ea644bf4b39507f9851008e8e"
  integrity sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=

-core-js@^3.6.5:
-  version "3.18.2"
-  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.18.2.tgz#63a551e8a29f305cd4123754846e65896619ba5b"
-  integrity sha512-zNhPOUoSgoizoSQFdX1MeZO16ORRb9FFQLts8gSYbZU5FcgXhp24iMWMxnOQo5uIaIG7/6FA/IqJPwev1o9ZXQ==
-
 core-util-is@1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
@@ -1708,7 +1703,7 @@ debounce-fn@^4.0.0:
  dependencies:
    mimic-fn "^3.0.0"

-debug@4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2:
+debug@4, debug@^4.0.1, debug@^4.3.1, debug@^4.3.2:
  version "4.3.2"
  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b"
  integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==
@@ -1729,6 +1724,13 @@ debug@^3.2.6:
  dependencies:
    ms "^2.1.1"

+debug@^4.1.0, debug@^4.1.1:
+  version "4.3.3"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.3.tgz#04266e0b70a98d4462e6e288e38259213332b664"
+  integrity sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==
+  dependencies:
+    ms "2.1.2"
+
 decompress-response@^3.3.0:
  version "3.3.0"
  resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-3.3.0.tgz#80a4dd323748384bfa248083622aedec982adff3"
@@ -1961,9 +1963,9 @@ electron-window-state@^5.0.3:
    mkdirp "^0.5.1"

 electron@13.5:
-  version "13.5.1"
-  resolved "https://registry.yarnpkg.com/electron/-/electron-13.5.1.tgz#76c02c39be228532f886a170b472cbd3d93f0d0f"
-  integrity sha512-ZyxhIhmdaeE3xiIGObf0zqEyCyuIDqZQBv9NKX8w5FNzGm87j4qR0H1+GQg6vz+cA1Nnv1x175Zvimzc0/UwEQ==
+  version "13.5.2"
+  resolved "https://registry.yarnpkg.com/electron/-/electron-13.5.2.tgz#5c5826e58a5e12bb5ca8047b789d07b45260ecbc"
+  integrity sha512-CPakwDpy5m8dL0383F5uJboQcVtn9bT/+6/wdDKo8LuTUO9aER1TF41v7feZgZW2c+UwoGPWa814ElSQ3qta2A==
  dependencies:
    "@electron/get" "^1.0.1"
    "@types/node" "^14.6.2"
@@ -2499,13 +2501,12 @@ glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
    once "^1.3.0"
    path-is-absolute "^1.0.0"

-global-agent@^2.0.2:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/global-agent/-/global-agent-2.2.0.tgz#566331b0646e6bf79429a16877685c4a1fbf76dc"
-  integrity sha512-+20KpaW6DDLqhG7JDiJpD1JvNvb8ts+TNl7BPOYcURqCrXqnN1Vf+XVOrkKJAFPqfX+oEhsdzOj1hLWkBTdNJg==
+global-agent@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/global-agent/-/global-agent-3.0.0.tgz#ae7cd31bd3583b93c5a16437a1afe27cc33a1ab6"
+  integrity sha512-PT6XReJ+D07JvGoxQMkT6qji/jVNfX/h364XHZOWeRzy64sSFr+xJ5OX7LI3b4MPQzdL4H8Y8M0xzPpsVMwA8Q==
  dependencies:
    boolean "^3.0.1"
-    core-js "^3.6.5"
    es6-error "^4.1.1"
    matcher "^3.0.0"
    roarr "^2.15.3"
Author	SHA1	Message	Date
David Baker	6e28c141ab	Put electronVersion back (#287 ) seems letting electron builder take it from the dependencies confuses the keytar build process	2021-12-13 16:01:53 +00:00
RiotRobot	846a8df9a6	v1.9.7	2021-12-13 15:44:56 +00:00
RiotRobot	eb8429ae9d	Prepare changelog for v1.9.7	2021-12-13 15:44:56 +00:00
David Baker	89b1e39b80	Merge pull request from GHSA-mjrg-9f8r-h3m7 * Patch part 1: remove electronVersion We no longer need to specify electronVersion at all since electron is now in devDependencies. Removing it means electron can be updated the same way as any other dependency. * Only allow main app page to be opened via URL We previously allowed any URL to be opened in the main electron window. Allow only the main app page, as commented. * use exact equals * Make url logic clearer	2021-12-13 15:35:27 +00:00