forked from pool/xdg-utils
This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
9321af3988
commit
6cfabd42c6
63
CVE-2008-0386.diff
Normal file
63
CVE-2008-0386.diff
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
--- scripts/xdg-open
|
||||||
|
+++ scripts/xdg-open
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/bin/sh
|
||||||
|
+#!/bin/bash
|
||||||
|
#---------------------------------------------
|
||||||
|
# xdg-open
|
||||||
|
#
|
||||||
|
@@ -382,7 +382,8 @@ open_generic()
|
||||||
|
for browser in $BROWSER; do
|
||||||
|
if [ x"$browser" != x"" ]; then
|
||||||
|
|
||||||
|
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
||||||
|
+ IFS=' '
|
||||||
|
+ browser_with_arg=${browser//'%s'/"$1"}
|
||||||
|
|
||||||
|
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
||||||
|
else $browser_with_arg;
|
||||||
|
--- scripts/xdg-email
|
||||||
|
+++ scripts/xdg-email
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/bin/sh
|
||||||
|
+#!/bin/bash
|
||||||
|
#---------------------------------------------
|
||||||
|
# xdg-email
|
||||||
|
#
|
||||||
|
@@ -435,7 +435,8 @@ open_generic()
|
||||||
|
for browser in $BROWSER; do
|
||||||
|
if [ x"$browser" != x"" ]; then
|
||||||
|
|
||||||
|
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
||||||
|
+ IFS=' '
|
||||||
|
+ browser_with_arg=${browser//'%s'/"$1"}
|
||||||
|
|
||||||
|
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
||||||
|
else $browser_with_arg;
|
||||||
|
@@ -495,7 +496,7 @@ while [ $# -gt 0 ] ; do
|
||||||
|
exit_failure_syntax "email address argument missing for --to"
|
||||||
|
fi
|
||||||
|
url_encode "$1"
|
||||||
|
- options="${options}to=${result}&"
|
||||||
|
+ options="${options}to=${result}&"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
@@ -531,7 +532,7 @@ while [ $# -gt 0 ] ; do
|
||||||
|
exit_failure_syntax "text argument missing for --body option"
|
||||||
|
fi
|
||||||
|
url_encode "$1"
|
||||||
|
- options="${options}body=${result}&"
|
||||||
|
+ options="${options}body=${result}&"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
@@ -575,7 +576,7 @@ done
|
||||||
|
|
||||||
|
if [ -z "${mailto}" ] ; then
|
||||||
|
# TO address is optional
|
||||||
|
- mailto="mailto:?"
|
||||||
|
+ mailto="mailto:?"
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $mailto in
|
||||||
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 7 13:13:48 CET 2008 - dmueller@suse.de
|
||||||
|
|
||||||
|
- fix command injection (#bnc355061, CVE-2008-0386)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 22 14:25:40 CEST 2007 - stbinner@suse.de
|
Mon Oct 22 14:25:40 CEST 2007 - stbinner@suse.de
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package xdg-utils (Version 1.0.2)
|
# spec file for package xdg-utils (Version 1.0.2)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
# This file and all modifications and additions to the pristine
|
# This file and all modifications and additions to the pristine
|
||||||
# package are under the same license as the package itself.
|
# package are under the same license as the package itself.
|
||||||
#
|
#
|
||||||
@ -11,18 +11,19 @@
|
|||||||
# norootforbuild
|
# norootforbuild
|
||||||
|
|
||||||
Name: xdg-utils
|
Name: xdg-utils
|
||||||
BuildRequires: make xmlto
|
BuildRequires: make
|
||||||
License: X11/MIT
|
License: X11/MIT
|
||||||
Group: System/GUI/Other
|
Group: System/GUI/Other
|
||||||
Summary: Utilities to uniformly interface desktop environments
|
Summary: Utilities to uniformly interface desktop environments
|
||||||
Version: 1.0.2
|
Version: 1.0.2
|
||||||
Release: 1
|
Release: 36
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
Url: http://portland.freedesktop.org/
|
Url: http://portland.freedesktop.org/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Source0: %name-%{version}.tar.bz2
|
Source0: %name-%{version}.tar.bz2
|
||||||
Patch0: xdg-su.diff
|
Patch0: xdg-su.diff
|
||||||
Patch1: xfce-su.diff
|
Patch1: xfce-su.diff
|
||||||
|
Patch2: CVE-2008-0386.diff
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The xdg-utils package is a set of simple scripts that provide basic
|
The xdg-utils package is a set of simple scripts that provide basic
|
||||||
@ -45,6 +46,7 @@ these utilities work properly in their environment.
|
|||||||
%setup -q -n %name-%{version}
|
%setup -q -n %name-%{version}
|
||||||
%patch0
|
%patch0
|
||||||
%patch1
|
%patch1
|
||||||
|
%patch2
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure
|
%configure
|
||||||
@ -80,29 +82,32 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mandir}/man1/xdg-open.1.gz
|
%{_mandir}/man1/xdg-open.1.gz
|
||||||
%{_mandir}/man1/xdg-su.1.gz
|
%{_mandir}/man1/xdg-su.1.gz
|
||||||
%{_mandir}/man1/xdg-screensaver.1.gz
|
%{_mandir}/man1/xdg-screensaver.1.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Oct 22 2007 - stbinner@suse.de
|
* Thu Feb 07 2008 dmueller@suse.de
|
||||||
|
- fix command injection (#bnc355061, CVE-2008-0386)
|
||||||
|
* Mon Oct 22 2007 stbinner@suse.de
|
||||||
- update to 1.0.2:
|
- update to 1.0.2:
|
||||||
* SVG icons are not supported but doc still mentioned SVG
|
* SVG icons are not supported but doc still mentioned SVG
|
||||||
* xdg-email can now be used without any e-mail address
|
* xdg-email can now be used without any e-mail address
|
||||||
* do not use mktemp without arguments, it breaks on systems with
|
* do not use mktemp without arguments, it breaks on systems with
|
||||||
certain older versions of mktemp
|
certain older versions of mktemp
|
||||||
* Thu Sep 20 2007 - dmueller@suse.de
|
* Thu Sep 20 2007 dmueller@suse.de
|
||||||
- fix xdg-su outside KDE/GNOME (#309164)
|
- fix xdg-su outside KDE/GNOME (#309164)
|
||||||
* Thu Aug 30 2007 - dmueller@suse.de
|
* Thu Aug 30 2007 dmueller@suse.de
|
||||||
- fix xdg-su for XFCE (#304753)
|
- fix xdg-su for XFCE (#304753)
|
||||||
* Tue May 22 2007 - dmueller@suse.de
|
* Tue May 22 2007 dmueller@suse.de
|
||||||
- add xdg-su (#275937)
|
- add xdg-su (#275937)
|
||||||
* Mon Nov 06 2006 - dmueller@suse.de
|
* Mon Nov 06 2006 dmueller@suse.de
|
||||||
- update to 1.0.1:
|
- update to 1.0.1:
|
||||||
* Several shell syntax issues causing failures on Ubuntu 6.10
|
* Several shell syntax issues causing failures on Ubuntu 6.10
|
||||||
* Spurious output on stdout when running xdg-desktop-menu
|
* Spurious output on stdout when running xdg-desktop-menu
|
||||||
* Non-ascii mailto URI handling of xdg-email on non-UTF8 locales
|
* Non-ascii mailto URI handling of xdg-email on non-UTF8 locales
|
||||||
under KDE
|
under KDE
|
||||||
* Fri Oct 27 2006 - dmueller@suse.de
|
* Fri Oct 27 2006 dmueller@suse.de
|
||||||
- don't build as root
|
- don't build as root
|
||||||
* Wed Sep 27 2006 - dmueller@suse.de
|
* Wed Sep 27 2006 dmueller@suse.de
|
||||||
- update to 1.0rc1:
|
- update to 1.0rc1:
|
||||||
* for changes, see /usr/share/doc/packages/xdg-utils/ChangeLog
|
* for changes, see /usr/share/doc/packages/xdg-utils/ChangeLog
|
||||||
* Thu Jun 22 2006 - dmueller@suse.de
|
* Thu Jun 22 2006 dmueller@suse.de
|
||||||
- Initial package (TP1)
|
- Initial package (TP1)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user