commit papers for openSUSE:Factory

Sat, 23 May 2026 14:23:43 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package papers for openSUSE:Factory checked 
in at 2026-05-23 23:22:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/papers (Old)
 and      /work/SRC/openSUSE:Factory/.papers.new.2084 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "papers"

Sat May 23 23:22:59 2026 rev:17 rq:1354485 version:50.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/papers/papers.changes    2026-04-14 
17:50:21.804608679 +0200
+++ /work/SRC/openSUSE:Factory/.papers.new.2084/papers.changes  2026-05-23 
23:23:16.942681935 +0200
@@ -1,0 +2,6 @@
+Wed May 20 17:43:42 UTC 2026 - Michael Gorse <[email protected]>
+
+- Add papers-CVE-2026-46529.patch: escape link arguments before
+  spawning a new process (bsc#1265880 CVE-2026-46529).
+
+-------------------------------------------------------------------

New:
----
  papers-CVE-2026-46529.patch

----------(New B)----------
  New:
- Add papers-CVE-2026-46529.patch: escape link arguments before
  spawning a new process (bsc#1265880 CVE-2026-46529).
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ papers.spec ++++++
--- /var/tmp/diff_new_pack.uwadZe/_old  2026-05-23 23:23:17.806717208 +0200
+++ /var/tmp/diff_new_pack.uwadZe/_new  2026-05-23 23:23:17.806717208 +0200
@@ -31,6 +31,8 @@
 Source0:        %{name}-%{version}.tar.xz
 Source1:        vendor.tar.xz
 Source2:        %{name}-test-data-0.tar.xz
+# PATCH-FIX-UPSTREAM papers-CVE-2026-46529.patch bsc#1265880 [email protected] 
-- escape link arguments before spawning a new process.
+Patch2:         papers-CVE-2026-46529.patch
 BuildRequires:  blueprint-compiler
 BuildRequires:  cargo-packaging
 BuildRequires:  desktop-file-utils
@@ -140,7 +142,7 @@
 %lang_package
 
 %prep
-%autosetup -a1
+%autosetup -a1 -p1
 tar -xf %{SOURCE2} --strip-components=1 -C test-data
 
 %build

++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.uwadZe/_old  2026-05-23 23:23:17.846718841 +0200
+++ /var/tmp/diff_new_pack.uwadZe/_new  2026-05-23 23:23:17.850719004 +0200
@@ -1,6 +1,6 @@
-mtime: 1775844115
-commit: 2e0c6c9a8a0805945cfa1524bf8b78361cf3bc5a291adc870b6080fb1b5bda3a
+mtime: 1779318293
+commit: cafa6099575f9f60215cd0b5a3bd1d82c237d5e5a54f2fa05df64d0914274c43
 url: https://src.opensuse.org/GNOME/papers
-revision: 2e0c6c9a8a0805945cfa1524bf8b78361cf3bc5a291adc870b6080fb1b5bda3a
+revision: cafa6099575f9f60215cd0b5a3bd1d82c237d5e5a54f2fa05df64d0914274c43
 projectscmsync: https://src.opensuse.org/GNOME/_ObsPrj
 

++++++ build.specials.obscpio ++++++

++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore      1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore      2026-05-21 01:04:53.000000000 +0200
@@ -0,0 +1,5 @@
+*.obscpio
+*.osc
+_build.*
+.pbuild
+osc-collab.*

++++++ papers-CVE-2026-46529.patch ++++++
>From 1b82bf627b4d8b414a57b55a9095e6d361799d6c Mon Sep 17 00:00:00 2001
From: Lucas Baudin <[email protected]>
Date: Sat, 16 May 2026 00:25:31 +0200
Subject: [PATCH] shell: escape link arguments before spawning a new process

---
 shell/src/application.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/shell/src/application.rs b/shell/src/application.rs
index f0b9b2887..f12c20308 100644
--- a/shell/src/application.rs
+++ b/shell/src/application.rs
@@ -494,7 +494,12 @@ pub fn spawn(file: Option<&gio::File>, dest: 
Option<&LinkDest>, mode: Option<Win
                 match dest.dest_type() {
                     LinkDestType::PageLabel => {
                         cmd.push_str(" --page-label=");
-                        cmd.push_str(&dest.page_label().unwrap_or_default());
+                        cmd.push_str(
+                            
glib::shell_quote(dest.page_label().unwrap_or_default())
+                                .as_os_str()
+                                .to_str()
+                                .unwrap_or_default(),
+                        );
                     }
                     LinkDestType::Page
                     | LinkDestType::Xyz
@@ -506,7 +511,12 @@ pub fn spawn(file: Option<&gio::File>, dest: 
Option<&LinkDest>, mode: Option<Win
                     }
                     LinkDestType::Named => {
                         cmd.push_str(" --named-dest=");
-                        cmd.push_str(&dest.named_dest().unwrap_or_default())
+                        cmd.push_str(
+                            
glib::shell_quote(dest.named_dest().unwrap_or_default())
+                                .as_os_str()
+                                .to_str()
+                                .unwrap_or_default(),
+                        );
                     }
                     _ => (),
                 }
-- 
2.54.0

Reply via email to