forked from pool/xdg-utils
This commit is contained in:
parent
9321af3988
commit
6cfabd42c6
63
CVE-2008-0386.diff
Normal file
63
CVE-2008-0386.diff
Normal file
@ -0,0 +1,63 @@
|
||||
--- scripts/xdg-open
|
||||
+++ scripts/xdg-open
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/bin/sh
|
||||
+#!/bin/bash
|
||||
#---------------------------------------------
|
||||
# xdg-open
|
||||
#
|
||||
@@ -382,7 +382,8 @@ open_generic()
|
||||
for browser in $BROWSER; do
|
||||
if [ x"$browser" != x"" ]; then
|
||||
|
||||
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
||||
+ IFS=' '
|
||||
+ browser_with_arg=${browser//'%s'/"$1"}
|
||||
|
||||
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
||||
else $browser_with_arg;
|
||||
--- scripts/xdg-email
|
||||
+++ scripts/xdg-email
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/bin/sh
|
||||
+#!/bin/bash
|
||||
#---------------------------------------------
|
||||
# xdg-email
|
||||
#
|
||||
@@ -435,7 +435,8 @@ open_generic()
|
||||
for browser in $BROWSER; do
|
||||
if [ x"$browser" != x"" ]; then
|
||||
|
||||
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
||||
+ IFS=' '
|
||||
+ browser_with_arg=${browser//'%s'/"$1"}
|
||||
|
||||
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
||||
else $browser_with_arg;
|
||||
@@ -495,7 +496,7 @@ while [ $# -gt 0 ] ; do
|
||||
exit_failure_syntax "email address argument missing for --to"
|
||||
fi
|
||||
url_encode "$1"
|
||||
- options="${options}to=${result}&"
|
||||
+ options="${options}to=${result}&"
|
||||
shift
|
||||
;;
|
||||
|
||||
@@ -531,7 +532,7 @@ while [ $# -gt 0 ] ; do
|
||||
exit_failure_syntax "text argument missing for --body option"
|
||||
fi
|
||||
url_encode "$1"
|
||||
- options="${options}body=${result}&"
|
||||
+ options="${options}body=${result}&"
|
||||
shift
|
||||
;;
|
||||
|
||||
@@ -575,7 +576,7 @@ done
|
||||
|
||||
if [ -z "${mailto}" ] ; then
|
||||
# TO address is optional
|
||||
- mailto="mailto:?"
|
||||
+ mailto="mailto:?"
|
||||
fi
|
||||
|
||||
case $mailto in
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 7 13:13:48 CET 2008 - dmueller@suse.de
|
||||
|
||||
- fix command injection (#bnc355061, CVE-2008-0386)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 22 14:25:40 CEST 2007 - stbinner@suse.de
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package xdg-utils (Version 1.0.2)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -11,18 +11,19 @@
|
||||
# norootforbuild
|
||||
|
||||
Name: xdg-utils
|
||||
BuildRequires: make xmlto
|
||||
BuildRequires: make
|
||||
License: X11/MIT
|
||||
Group: System/GUI/Other
|
||||
Summary: Utilities to uniformly interface desktop environments
|
||||
Version: 1.0.2
|
||||
Release: 1
|
||||
Release: 36
|
||||
BuildArch: noarch
|
||||
Url: http://portland.freedesktop.org/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Source0: %name-%{version}.tar.bz2
|
||||
Patch0: xdg-su.diff
|
||||
Patch1: xfce-su.diff
|
||||
Patch2: CVE-2008-0386.diff
|
||||
|
||||
%description
|
||||
The xdg-utils package is a set of simple scripts that provide basic
|
||||
@ -45,6 +46,7 @@ these utilities work properly in their environment.
|
||||
%setup -q -n %name-%{version}
|
||||
%patch0
|
||||
%patch1
|
||||
%patch2
|
||||
|
||||
%build
|
||||
%configure
|
||||
@ -80,29 +82,32 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man1/xdg-open.1.gz
|
||||
%{_mandir}/man1/xdg-su.1.gz
|
||||
%{_mandir}/man1/xdg-screensaver.1.gz
|
||||
|
||||
%changelog
|
||||
* Mon Oct 22 2007 - stbinner@suse.de
|
||||
* Thu Feb 07 2008 dmueller@suse.de
|
||||
- fix command injection (#bnc355061, CVE-2008-0386)
|
||||
* Mon Oct 22 2007 stbinner@suse.de
|
||||
- update to 1.0.2:
|
||||
* SVG icons are not supported but doc still mentioned SVG
|
||||
* xdg-email can now be used without any e-mail address
|
||||
* do not use mktemp without arguments, it breaks on systems with
|
||||
certain older versions of mktemp
|
||||
* Thu Sep 20 2007 - dmueller@suse.de
|
||||
* Thu Sep 20 2007 dmueller@suse.de
|
||||
- fix xdg-su outside KDE/GNOME (#309164)
|
||||
* Thu Aug 30 2007 - dmueller@suse.de
|
||||
* Thu Aug 30 2007 dmueller@suse.de
|
||||
- fix xdg-su for XFCE (#304753)
|
||||
* Tue May 22 2007 - dmueller@suse.de
|
||||
* Tue May 22 2007 dmueller@suse.de
|
||||
- add xdg-su (#275937)
|
||||
* Mon Nov 06 2006 - dmueller@suse.de
|
||||
* Mon Nov 06 2006 dmueller@suse.de
|
||||
- update to 1.0.1:
|
||||
* Several shell syntax issues causing failures on Ubuntu 6.10
|
||||
* Spurious output on stdout when running xdg-desktop-menu
|
||||
* Non-ascii mailto URI handling of xdg-email on non-UTF8 locales
|
||||
under KDE
|
||||
* Fri Oct 27 2006 - dmueller@suse.de
|
||||
* Fri Oct 27 2006 dmueller@suse.de
|
||||
- don't build as root
|
||||
* Wed Sep 27 2006 - dmueller@suse.de
|
||||
* Wed Sep 27 2006 dmueller@suse.de
|
||||
- update to 1.0rc1:
|
||||
* for changes, see /usr/share/doc/packages/xdg-utils/ChangeLog
|
||||
* Thu Jun 22 2006 - dmueller@suse.de
|
||||
* Thu Jun 22 2006 dmueller@suse.de
|
||||
- Initial package (TP1)
|
||||
|
Loading…
Reference in New Issue
Block a user