[uzbl] Add patch to fix shell escaping
Ben Boeckel
mathstuf at fedoraproject.org
Fri Aug 6 22:46:53 UTC 2010
commit 40b0d8edb578f4a14d74ec6d7677415d1d30ab8d
Author: Ben Boeckel <MathStuf at gmail.com>
Date: Fri Aug 6 18:35:13 2010 -0400
Add patch to fix shell escaping
...shell-interpret-SELECTED_URI-fixes-FS-240.patch | 25 ++++++++++++++++++++
uzbl.spec | 8 +++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch b/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
new file mode 100644
index 0000000..bb8d9b9
--- /dev/null
+++ b/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
@@ -0,0 +1,25 @@
+From 8fbe72f35afa9953c7b150c636fa26f182a9fce7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pawe=C5=82=20Zuzelski?= <pawelz at pld-linux.org>
+Date: Tue, 3 Aug 2010 09:25:10 +0200
+Subject: [PATCH] Don't shell-interpret \@SELECTED_URI (fixes FS#240)
+
+---
+ examples/config/config | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/examples/config/config b/examples/config/config
+index 3fe911c..b6d9fe3 100644
+--- a/examples/config/config
++++ b/examples/config/config
+@@ -173,7 +173,7 @@ set ebind = @mode_bind global,-insert
+ # --- Mouse bindings ---------------------------------------------------------
+
+ # Middle click open in new window
+- at bind <Button2> = sh 'if [ "\@SELECTED_URI" ]; then uzbl-browser -u "\@SELECTED_URI"; else echo "uri $(xclip -o | sed s/\\\@/%40/g)" > $4; fi'
++ at bind <Button2> = sh 'if [ "$8" ]; then uzbl-browser -u "$8"; else echo "uri $(xclip -o | sed s/\\\@/%40/g)" > $4; fi' \@SELECTED_URI
+
+ # --- Keyboard bindings ------------------------------------------------------
+
+--
+1.7.2
+
diff --git a/uzbl.spec b/uzbl.spec
index 0b07308..9f7b5e1 100644
--- a/uzbl.spec
+++ b/uzbl.spec
@@ -4,7 +4,7 @@ Name: uzbl
Summary: Lightweight WebKit browser following the UNIX philosophy
Group: Applications/Internet
Version: 0
-Release: 0.15.20100626git%{uzblcommit}%{?dist}
+Release: 0.16.20100626git%{uzblcommit}%{?dist}
License: GPLv3
URL: http://www.uzbl.org
# The source for this package was pulled from upstream's vcs. Use the
@@ -17,6 +17,8 @@ URL: http://www.uzbl.org
Source0: %{name}-%{uzblcommit}.tar.gz
Source1: %{name}.desktop
Patch0: %{name}-makefile.patch
+# Security bug (RHBZ#621965)
+Patch1: 0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: webkitgtk-devel
@@ -76,6 +78,7 @@ multiple uzbl-browser instances without getting lost.
%prep
%setup -q -n %{name}-%{uzblcommit}
%patch0 -p1
+%patch1 -p1
mkdir -p icons/hicolor/32x32/apps
mv examples/data/uzbl.png icons/hicolor/32x32/apps
@@ -136,6 +139,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_bindir}/uzbl-tabbed
%changelog
+* Fri Aug 06 2010 Ben Boeckel <mathstuf at gmail.com> - 0-0.16.20100626gitafc0f873e
+- Add patch for shell escaping bug (BZ#621965)
+
* Sat Jul 03 2010 Ben Boeckel <mathstuf at gmail.com> - 0-0.15.20100626gitafc0f873e
- Rebuild against webkitgtk
More information about the scm-commits
mailing list