rpms/Terminal/devel CVE-2007-3770.patch, NONE, 1.1 Terminal.spec, 1.16, 1.17
Kevin Fenzi (kevin)
fedora-extras-commits at redhat.com
Tue Aug 14 21:19:44 UTC 2007
Author: kevin
Update of /cvs/extras/rpms/Terminal/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32732
Modified Files:
Terminal.spec
Added Files:
CVE-2007-3770.patch
Log Message:
Add patch for CVE-2007-3770.
Update License tag
CVE-2007-3770.patch:
--- NEW FILE CVE-2007-3770.patch ---
diff -Nur Terminal-0.2.6/helpers/balsa.desktop.in Terminal-0.2.6.patched/helpers/balsa.desktop.in
--- Terminal-0.2.6/helpers/balsa.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/balsa.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=balsa
X-Terminal-Category=MailReader
-X-Terminal-Command=%B -m "mailto:%u"
+X-Terminal-Command=%B -m mailto:%u
diff -Nur Terminal-0.2.6/helpers/epiphany.desktop.in Terminal-0.2.6.patched/helpers/epiphany.desktop.in
--- Terminal-0.2.6/helpers/epiphany.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/epiphany.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=epiphany;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/evolution.desktop.in Terminal-0.2.6.patched/helpers/evolution.desktop.in
--- Terminal-0.2.6/helpers/evolution.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/evolution.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B "mailto:%u"
+X-Terminal-Command=%B mailto:%u
diff -Nur Terminal-0.2.6/helpers/exo-open-browser.desktop.in Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in
--- Terminal-0.2.6/helpers/exo-open-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=exo-open
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B --launch WebBrowser "%u"
+X-Terminal-Command=%B --launch WebBrowser %u
diff -Nur Terminal-0.2.6/helpers/exo-open-mailer.desktop.in Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in
--- Terminal-0.2.6/helpers/exo-open-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=exo-open
X-Terminal-Category=MailReader
-X-Terminal-Command=%B --launch MailReader "%u"
+X-Terminal-Command=%B --launch MailReader %u
diff -Nur Terminal-0.2.6/helpers/firefox.desktop.in Terminal-0.2.6.patched/helpers/firefox.desktop.in
--- Terminal-0.2.6/helpers/firefox.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/firefox.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u\) || %B %u
diff -Nur Terminal-0.2.6/helpers/galeon.desktop.in Terminal-0.2.6.patched/helpers/galeon.desktop.in
--- Terminal-0.2.6/helpers/galeon.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/galeon.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=galeon;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/kmail.desktop.in Terminal-0.2.6.patched/helpers/kmail.desktop.in
--- Terminal-0.2.6/helpers/kmail.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/kmail.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=kmail;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/konqueror.desktop.in Terminal-0.2.6.patched/helpers/konqueror.desktop.in
--- Terminal-0.2.6/helpers/konqueror.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/konqueror.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,6 +5,6 @@
Type=Application
X-Terminal-Binaries=konqueror;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/lynx.desktop.in Terminal-0.2.6.patched/helpers/lynx.desktop.in
--- Terminal-0.2.6/helpers/lynx.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/lynx.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=lynx;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=Terminal -x %B "%u"
+X-Terminal-Command=Terminal -x %B %u
diff -Nur Terminal-0.2.6/helpers/mozilla-browser.desktop.in Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in
--- Terminal-0.2.6/helpers/mozilla-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
diff -Nur Terminal-0.2.6/helpers/mozilla-mailer.desktop.in Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in
--- Terminal-0.2.6/helpers/mozilla-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
+X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
diff -Nur Terminal-0.2.6/helpers/mutt.desktop.in Terminal-0.2.6.patched/helpers/mutt.desktop.in
--- Terminal-0.2.6/helpers/mutt.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mutt.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=mutt;
X-Terminal-Category=MailReader
-X-Terminal-Command=Terminal -x %B "%u"
+X-Terminal-Command=Terminal -x %B %u
diff -Nur Terminal-0.2.6/helpers/opera-browser.desktop.in Terminal-0.2.6.patched/helpers/opera-browser.desktop.in
--- Terminal-0.2.6/helpers/opera-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/opera-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=opera;
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
diff -Nur Terminal-0.2.6/helpers/opera-mailer.desktop.in Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in
--- Terminal-0.2.6/helpers/opera-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=opera;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u"
+X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u
diff -Nur Terminal-0.2.6/helpers/sensible-browser.desktop.in Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in
--- Terminal-0.2.6/helpers/sensible-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=sensible-browser
X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/sylpheed-claws.desktop.in Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in
--- Terminal-0.2.6/helpers/sylpheed-claws.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -7,4 +7,4 @@
StartupNotify=true
X-Terminal-Binaries=sylpheed-claws;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B --compose "%u"
+X-Terminal-Command=%B --compose %u
diff -Nur Terminal-0.2.6/helpers/thunderbird.desktop.in Terminal-0.2.6.patched/helpers/thunderbird.desktop.in
--- Terminal-0.2.6/helpers/thunderbird.desktop.in 2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/thunderbird.desktop.in 2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
Type=Application
X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird;
X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
+X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
diff -Nur Terminal-0.2.6/terminal/terminal-helper.c Terminal-0.2.6.patched/terminal/terminal-helper.c
--- Terminal-0.2.6/terminal/terminal-helper.c 2007-01-20 16:30:51.000000000 +0200
+++ Terminal-0.2.6.patched/terminal/terminal-helper.c 2007-08-14 09:17:20.000000000 +0300
@@ -349,6 +349,8 @@
gchar *argv[4];
gchar *command;
gchar *t;
+ gchar *escaped;
+ gchar **parts;
guint n;
g_return_if_fail (TERMINAL_IS_HELPER (helper));
@@ -359,6 +361,12 @@
if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
++n;
+ parts = g_strsplit (uri, "$", 0);
+
+ escaped = g_shell_quote (g_strjoinv("\$", parts));
+
+ g_strfreev (parts);
+
if (n > 0)
{
command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1);
@@ -366,7 +374,7 @@
{
if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
{
- for (u = uri; *u != '\0'; )
+ for (u = escaped; *u != '\0'; )
*t++ = *u++;
s += 2;
}
@@ -379,9 +387,11 @@
}
else
{
- command = g_strconcat (helper->command, " ", uri, NULL);
+ command = g_strconcat (helper->command, " ", escaped, NULL);
}
+ g_free (escaped);
+
argv[0] = "/bin/sh";
argv[1] = "-c";
argv[2] = command;
Index: Terminal.spec
===================================================================
RCS file: /cvs/extras/rpms/Terminal/devel/Terminal.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- Terminal.spec 25 Mar 2007 03:37:11 -0000 1.16
+++ Terminal.spec 14 Aug 2007 21:19:12 -0000 1.17
@@ -1,10 +1,11 @@
Summary: X Terminal Emulator
Name: Terminal
Version: 0.2.6
-Release: 2%{?dist}
-License: GPL
+Release: 3%{?dist}
+License: GPLv2+
URL: http://terminal.os-cillation.com/
Source0: http://www.xfce.org/archive/xfce-4.4.0/src/Terminal-0.2.6.tar.bz2
+Patch1: CVE-2007-3770.patch
Group: User Interface/X
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: vte-devel
@@ -21,6 +22,7 @@
%prep
%setup -q
+%patch1 -p1 -b .cve-2007-3770
%build
%configure
@@ -60,6 +62,10 @@
%{_libexecdir}/TerminalHelp
%changelog
+* Tue Aug 14 2007 Kevin Fenzi <kevin at tummy.com> - 0.2.6-3
+- Add patch for CVE-2007-3770.
+- Update License tag
+
* Sat Mar 24 2007 Kevin Fenzi <kevin at tummy.com> - 0.2.6-2
- Fix unowned directories (#233787)
More information about the scm-commits
mailing list