summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2008-01-26 09:30:33 +0000
committerPeter Volkov <pva@gentoo.org>2008-01-26 09:30:33 +0000
commitff693a32188609f5d4bed907d4eacef21731e53b (patch)
treebc9875d7668ac372f2518c7e12de880ef93f0d3b /x11-misc/xdg-utils/files
parentMask media-sound/gini for removal, open security bug and uncomplete ebuild. (diff)
downloadgentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.tar.gz
gentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.tar.bz2
gentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.zip
Security commit straight to stable, fixed xdg-open/email URL arbitrary command execution (CVE-2008-0386), bug #207331.
(Portage version: 2.1.3.19, RepoMan options: --force)
Diffstat (limited to 'x11-misc/xdg-utils/files')
-rw-r--r--x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r13
-rw-r--r--x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch46
2 files changed, 49 insertions, 0 deletions
diff --git a/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1 b/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1
new file mode 100644
index 000000000000..f6212469f2cc
--- /dev/null
+++ b/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1
@@ -0,0 +1,3 @@
+MD5 348a5b91dc66426505022c74a64b2940 xdg-utils-1.0.2.tgz 282262
+RMD160 344482917e8c780613ec20b103f8e51322540c04 xdg-utils-1.0.2.tgz 282262
+SHA256 21aeb7d16b2529b8d3975118f59eec09953e09f9a68d718159e98c90474b01ac xdg-utils-1.0.2.tgz 282262
diff --git a/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch b/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch
new file mode 100644
index 000000000000..f3e0ed65c7be
--- /dev/null
+++ b/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch
@@ -0,0 +1,46 @@
+Miroslav Lichvar discovered that xdg-open allows for arbitrary command
+execution in case the URL can not be handled by KDE, GNOME, XFCE or
+mimeopen.
+
+https://bugs.gentoo.org/show_bug.cgi?id=207331
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0386
+
+http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33&view=patch
+http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37&view=patch
+
+--- xdg-open 2008/01/18 15:00:38 1.32
++++ xdg-open 2008/01/24 20:24:51 1.33
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ #---------------------------------------------
+ # xdg-open
+ #
+@@ -382,7 +382,8 @@
+ for browser in $BROWSER; do
+ if [ x"$browser" != x"" ]; then
+
+- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
++ IFS=' '
++ browser_with_arg=${browser//'%s'/"$1"}
+
+ if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
+ else $browser_with_arg;
+--- xdg-email 2006/11/21 20:29:55 1.36
++++ xdg-email 2008/01/24 20:24:50 1.37
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ #---------------------------------------------
+ # xdg-email
+ #
+@@ -435,7 +435,8 @@
+ for browser in $BROWSER; do
+ if [ x"$browser" != x"" ]; then
+
+- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
++ IFS=' '
++ browser_with_arg=${browser//'%s'/"$1"}
+
+ if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
+ else $browser_with_arg;