[uzbl] Add patch to fix shell escaping

[Ben Boeckel]

commit 40b0d8edb578f4a14d74ec6d7677415d1d30ab8d
Author: Ben Boeckel <MathStuf at gmail.com>
Date:   Fri Aug 6 18:35:13 2010 -0400

    Add patch to fix shell escaping

 ...shell-interpret-SELECTED_URI-fixes-FS-240.patch |   25 ++++++++++++++++++++
 uzbl.spec                                          |    8 +++++-
 2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch b/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
new file mode 100644
index 0000000..bb8d9b9
--- /dev/null
+++ b/0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
@@ -0,0 +1,25 @@
+From 8fbe72f35afa9953c7b150c636fa26f182a9fce7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pawe=C5=82=20Zuzelski?= <pawelz at pld-linux.org>
+Date: Tue, 3 Aug 2010 09:25:10 +0200
+Subject: [PATCH] Don't shell-interpret \@SELECTED_URI (fixes FS#240)
+
+---
+ examples/config/config |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/examples/config/config b/examples/config/config
+index 3fe911c..b6d9fe3 100644
+--- a/examples/config/config
++++ b/examples/config/config
+@@ -173,7 +173,7 @@ set ebind     = @mode_bind global,-insert
+ # --- Mouse bindings ---------------------------------------------------------
+ 
+ # Middle click open in new window
+- at bind  <Button2>  = sh 'if [ "\@SELECTED_URI" ]; then uzbl-browser -u "\@SELECTED_URI"; else echo "uri $(xclip -o | sed s/\\\@/%40/g)" > $4; fi'
++ at bind  <Button2>  = sh 'if [ "$8" ]; then uzbl-browser -u "$8"; else echo "uri $(xclip -o | sed s/\\\@/%40/g)" > $4; fi' \@SELECTED_URI
+ 
+ # --- Keyboard bindings ------------------------------------------------------
+ 
+-- 
+1.7.2
+
diff --git a/uzbl.spec b/uzbl.spec
index 0b07308..9f7b5e1 100644
--- a/uzbl.spec
+++ b/uzbl.spec
@@ -4,7 +4,7 @@ Name:		uzbl
 Summary:	Lightweight WebKit browser following the UNIX philosophy
 Group:		Applications/Internet
 Version:	0
-Release:	0.15.20100626git%{uzblcommit}%{?dist}
+Release:	0.16.20100626git%{uzblcommit}%{?dist}
 License:	GPLv3
 URL:		http://www.uzbl.org
 # The source for this package was pulled from upstream's vcs.  Use the
@@ -17,6 +17,8 @@ URL:		http://www.uzbl.org
 Source0:	%{name}-%{uzblcommit}.tar.gz
 Source1:	%{name}.desktop
 Patch0:		%{name}-makefile.patch
+# Security bug (RHBZ#621965)
+Patch1:		0001-Don-t-shell-interpret-SELECTED_URI-fixes-FS-240.patch
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	webkitgtk-devel
@@ -76,6 +78,7 @@ multiple uzbl-browser instances without getting lost.
 %prep
 %setup -q -n %{name}-%{uzblcommit}
 %patch0 -p1
+%patch1 -p1
 
 mkdir -p icons/hicolor/32x32/apps
 mv examples/data/uzbl.png icons/hicolor/32x32/apps
@@ -136,6 +139,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_bindir}/uzbl-tabbed
 
 %changelog
+* Fri Aug 06 2010 Ben Boeckel <mathstuf at gmail.com> - 0-0.16.20100626gitafc0f873e
+- Add patch for shell escaping bug (BZ#621965)
+
 * Sat Jul 03 2010 Ben Boeckel <mathstuf at gmail.com> - 0-0.15.20100626gitafc0f873e
 - Rebuild against webkitgtk