diff options
author | Peter Volkov <pva@gentoo.org> | 2008-01-26 09:30:33 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2008-01-26 09:30:33 +0000 |
commit | ff693a32188609f5d4bed907d4eacef21731e53b (patch) | |
tree | bc9875d7668ac372f2518c7e12de880ef93f0d3b /x11-misc/xdg-utils/files | |
parent | Mask media-sound/gini for removal, open security bug and uncomplete ebuild. (diff) | |
download | gentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.tar.gz gentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.tar.bz2 gentoo-2-ff693a32188609f5d4bed907d4eacef21731e53b.zip |
Security commit straight to stable, fixed xdg-open/email URL arbitrary command execution (CVE-2008-0386), bug #207331.
(Portage version: 2.1.3.19, RepoMan options: --force)
Diffstat (limited to 'x11-misc/xdg-utils/files')
-rw-r--r-- | x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1 | 3 | ||||
-rw-r--r-- | x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch | 46 |
2 files changed, 49 insertions, 0 deletions
diff --git a/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1 b/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1 new file mode 100644 index 000000000000..f6212469f2cc --- /dev/null +++ b/x11-misc/xdg-utils/files/digest-xdg-utils-1.0.2-r1 @@ -0,0 +1,3 @@ +MD5 348a5b91dc66426505022c74a64b2940 xdg-utils-1.0.2.tgz 282262 +RMD160 344482917e8c780613ec20b103f8e51322540c04 xdg-utils-1.0.2.tgz 282262 +SHA256 21aeb7d16b2529b8d3975118f59eec09953e09f9a68d718159e98c90474b01ac xdg-utils-1.0.2.tgz 282262 diff --git a/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch b/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch new file mode 100644 index 000000000000..f3e0ed65c7be --- /dev/null +++ b/x11-misc/xdg-utils/files/xdg-utils-1.0.2-arb-comm-exec.patch @@ -0,0 +1,46 @@ +Miroslav Lichvar discovered that xdg-open allows for arbitrary command +execution in case the URL can not be handled by KDE, GNOME, XFCE or +mimeopen. + +https://bugs.gentoo.org/show_bug.cgi?id=207331 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0386 + +http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33&view=patch +http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37&view=patch + +--- xdg-open 2008/01/18 15:00:38 1.32 ++++ xdg-open 2008/01/24 20:24:51 1.33 +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + #--------------------------------------------- + # xdg-open + # +@@ -382,7 +382,8 @@ + for browser in $BROWSER; do + if [ x"$browser" != x"" ]; then + +- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#` ++ IFS=' ' ++ browser_with_arg=${browser//'%s'/"$1"} + + if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1"; + else $browser_with_arg; +--- xdg-email 2006/11/21 20:29:55 1.36 ++++ xdg-email 2008/01/24 20:24:50 1.37 +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + #--------------------------------------------- + # xdg-email + # +@@ -435,7 +435,8 @@ + for browser in $BROWSER; do + if [ x"$browser" != x"" ]; then + +- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#` ++ IFS=' ' ++ browser_with_arg=${browser//'%s'/"$1"} + + if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1"; + else $browser_with_arg; |