Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=ff563c8fd6abcc56313cd47d41715af6996f6c80
commit ff563c8fd6abcc56313cd47d41715af6996f6c80 Author: Priyank <[EMAIL PROTECTED]> Date: Thu Sep 6 19:22:02 2007 +0530 terminal-0.2.6-2-i686 * added a patch from ubuntu to fix a security issue * closes #2256 diff --git a/source/xfce4/terminal/02_CVE-2007-3770.patch.diff b/source/xfce4/terminal/02_CVE-2007-3770.patch.diff new file mode 100644 index 0000000..5f16646 --- /dev/null +++ b/source/xfce4/terminal/02_CVE-2007-3770.patch.diff @@ -0,0 +1,206 @@ +diff -Nur xfce4-terminal-0.2.6/helpers/balsa.desktop.in xfce4-terminal-0.2.6.new/helpers/balsa.desktop.in +--- xfce4-terminal-0.2.6/helpers/balsa.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/balsa.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=balsa + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -m "mailto:%u"; ++X-Terminal-Command=%B -m mailto:%u +diff -Nur xfce4-terminal-0.2.6/helpers/epiphany.desktop.in xfce4-terminal-0.2.6.new/helpers/epiphany.desktop.in +--- xfce4-terminal-0.2.6/helpers/epiphany.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/epiphany.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=epiphany; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u +diff -Nur xfce4-terminal-0.2.6/helpers/evolution.desktop.in xfce4-terminal-0.2.6.new/helpers/evolution.desktop.in +--- xfce4-terminal-0.2.6/helpers/evolution.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/evolution.desktop.in 2007-08-13 10:32:15.316271487 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B "mailto:%u"; ++X-Terminal-Command=%B mailto:%u +diff -Nur xfce4-terminal-0.2.6/helpers/exo-open-browser.desktop.in xfce4-terminal-0.2.6.new/helpers/exo-open-browser.desktop.in +--- xfce4-terminal-0.2.6/helpers/exo-open-browser.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/exo-open-browser.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=exo-open + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B --launch WebBrowser "%u" ++X-Terminal-Command=%B --launch WebBrowser %u +diff -Nur xfce4-terminal-0.2.6/helpers/exo-open-mailer.desktop.in xfce4-terminal-0.2.6.new/helpers/exo-open-mailer.desktop.in +--- xfce4-terminal-0.2.6/helpers/exo-open-mailer.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/exo-open-mailer.desktop.in 2007-08-13 10:32:15.316271487 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=exo-open + X-Terminal-Category=MailReader +-X-Terminal-Command=%B --launch MailReader "%u" ++X-Terminal-Command=%B --launch MailReader %u +diff -Nur xfce4-terminal-0.2.6/helpers/firefox.desktop.in xfce4-terminal-0.2.6.new/helpers/firefox.desktop.in +--- xfce4-terminal-0.2.6/helpers/firefox.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/firefox.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u\) || %B %u +diff -Nur xfce4-terminal-0.2.6/helpers/galeon.desktop.in xfce4-terminal-0.2.6.new/helpers/galeon.desktop.in +--- xfce4-terminal-0.2.6/helpers/galeon.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/galeon.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=galeon; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u +diff -Nur xfce4-terminal-0.2.6/helpers/kmail.desktop.in xfce4-terminal-0.2.6.new/helpers/kmail.desktop.in +--- xfce4-terminal-0.2.6/helpers/kmail.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/kmail.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=kmail; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u +diff -Nur xfce4-terminal-0.2.6/helpers/konqueror.desktop.in xfce4-terminal-0.2.6.new/helpers/konqueror.desktop.in +--- xfce4-terminal-0.2.6/helpers/konqueror.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/konqueror.desktop.in 2007-08-13 10:32:19.804190841 -0700 +@@ -5,6 +5,4 @@ + Type=Application + X-Terminal-Binaries=konqueror; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" +- +- ++X-Terminal-Command=%B %u +diff -Nur xfce4-terminal-0.2.6/helpers/lynx.desktop.in xfce4-terminal-0.2.6.new/helpers/lynx.desktop.in +--- xfce4-terminal-0.2.6/helpers/lynx.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/lynx.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=lynx; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=Terminal -x %B "%u" ++X-Terminal-Command=Terminal -x %B %u +diff -Nur xfce4-terminal-0.2.6/helpers/mozilla-browser.desktop.in xfce4-terminal-0.2.6.new/helpers/mozilla-browser.desktop.in +--- xfce4-terminal-0.2.6/helpers/mozilla-browser.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/mozilla-browser.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u +diff -Nur xfce4-terminal-0.2.6/helpers/mozilla-mailer.desktop.in xfce4-terminal-0.2.6.new/helpers/mozilla-mailer.desktop.in +--- xfce4-terminal-0.2.6/helpers/mozilla-mailer.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/mozilla-mailer.desktop.in 2007-08-13 10:32:15.316271487 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"; ++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u +diff -Nur xfce4-terminal-0.2.6/helpers/mutt.desktop.in xfce4-terminal-0.2.6.new/helpers/mutt.desktop.in +--- xfce4-terminal-0.2.6/helpers/mutt.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/mutt.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mutt; + X-Terminal-Category=MailReader +-X-Terminal-Command=Terminal -x %B "%u" ++X-Terminal-Command=Terminal -x %B %u +diff -Nur xfce4-terminal-0.2.6/helpers/opera-browser.desktop.in xfce4-terminal-0.2.6.new/helpers/opera-browser.desktop.in +--- xfce4-terminal-0.2.6/helpers/opera-browser.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/opera-browser.desktop.in 2007-08-13 10:32:15.316271487 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=opera; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u +diff -Nur xfce4-terminal-0.2.6/helpers/opera-mailer.desktop.in xfce4-terminal-0.2.6.new/helpers/opera-mailer.desktop.in +--- xfce4-terminal-0.2.6/helpers/opera-mailer.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/opera-mailer.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=opera; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u"; ++X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u +diff -Nur xfce4-terminal-0.2.6/helpers/sensible-browser.desktop.in xfce4-terminal-0.2.6.new/helpers/sensible-browser.desktop.in +--- xfce4-terminal-0.2.6/helpers/sensible-browser.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/sensible-browser.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=sensible-browser + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u +diff -Nur xfce4-terminal-0.2.6/helpers/sylpheed-claws.desktop.in xfce4-terminal-0.2.6.new/helpers/sylpheed-claws.desktop.in +--- xfce4-terminal-0.2.6/helpers/sylpheed-claws.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/sylpheed-claws.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -7,4 +7,4 @@ + StartupNotify=true + X-Terminal-Binaries=sylpheed-claws; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B --compose "%u" ++X-Terminal-Command=%B --compose %u +diff -Nur xfce4-terminal-0.2.6/helpers/thunderbird.desktop.in xfce4-terminal-0.2.6.new/helpers/thunderbird.desktop.in +--- xfce4-terminal-0.2.6/helpers/thunderbird.desktop.in 2007-01-20 06:30:46.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/helpers/thunderbird.desktop.in 2007-08-13 10:32:15.320271415 -0700 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"; ++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u +diff -Nur xfce4-terminal-0.2.6/terminal/terminal-helper.c xfce4-terminal-0.2.6.new/terminal/terminal-helper.c +--- xfce4-terminal-0.2.6/terminal/terminal-helper.c 2007-01-20 06:30:51.000000000 -0800 ++++ xfce4-terminal-0.2.6.new/terminal/terminal-helper.c 2007-08-13 10:32:15.324271343 -0700 +@@ -349,6 +349,7 @@ + gchar *argv[4]; + gchar *command; + gchar *t; ++ gchar *escaped; + guint n; + + g_return_if_fail (TERMINAL_IS_HELPER (helper)); +@@ -359,6 +360,8 @@ + if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u') + ++n; + ++ escaped = g_shell_quote (uri); ++ + if (n > 0) + { + command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1); +@@ -366,7 +369,7 @@ + { + if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u') + { +- for (u = uri; *u != '\0'; ) ++ for (u = escaped; *u != '\0'; ) + *t++ = *u++; + s += 2; + } +@@ -379,9 +382,11 @@ + } + else + { +- command = g_strconcat (helper->command, " ", uri, NULL); ++ command = g_strconcat (helper->command, " ", escaped, NULL); + } + ++ g_free (escaped); ++ + argv[0] = "/bin/sh"; + argv[1] = "-c"; + argv[2] = command; diff --git a/source/xfce4/terminal/FrugalBuild b/source/xfce4/terminal/FrugalBuild index 0fdd9c2..b8439c1 100644 --- a/source/xfce4/terminal/FrugalBuild +++ b/source/xfce4/terminal/FrugalBuild @@ -4,9 +4,9 @@ pkgname=terminal _F_xfce_name=Terminal pkgver=0.2.6 -pkgrel=1 +pkgrel=2 pkgdesc="A modern virtual terminal emulator for Xfce." -makedepends=('xfce4-dev-tools>=4.4.0' 'intltool') +makedepends=('xfce4-dev-tools>=4.4.0' 'intltool') depends=('libexo>=0.3.2' 'vte' 'dbus-glib>=0.71') groups=('xfce4' 'xfce4-core') archs=('i686' 'x86_64') @@ -14,6 +14,8 @@ _F_gnome_iconcache="y" options=('scriptlet') Finclude xfce4 gnome-scriptlet _F_cd_path="$_F_xfce_name-$pkgver" -sha1sums=('8851179492c4768a1a53d2424d7a7c8b1a873c58') +source=(${source} 02_CVE-2007-3770.patch.diff) +sha1sums=('8851179492c4768a1a53d2424d7a7c8b1a873c58' \ + '8b2aeb8cbd0dd6e1bb88a38ae205a0249625095e') # optimization OK _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
