Hello community, here is the log from the commit of package alacarte for openSUSE:Factory checked in at 2017-09-15 21:06:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/alacarte (Old) and /work/SRC/openSUSE:Factory/.alacarte.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "alacarte" Fri Sep 15 21:06:17 2017 rev:60 rq:526065 version:3.11.91 Changes: -------- --- /work/SRC/openSUSE:Factory/alacarte/alacarte.changes 2016-08-18 09:15:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.alacarte.new/alacarte.changes 2017-09-15 21:06:20.109573176 +0200 @@ -1,0 +2,7 @@ +Thu Sep 14 06:33:45 UTC 2017 - qzh...@suse.com + +- Added fix-bad-command-validation.patch which fix bad command + validation, backported from commit hash 665b471 and ca7d05c + (bsc#1057908, bgo#728372). + +------------------------------------------------------------------- New: ---- fix-bad-command-validation.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ alacarte.spec ++++++ --- /var/tmp/diff_new_pack.3aJv2y/_old 2017-09-15 21:06:21.081436736 +0200 +++ /var/tmp/diff_new_pack.3aJv2y/_new 2017-09-15 21:06:21.085436175 +0200 @@ -1,7 +1,7 @@ # # spec file for package alacarte # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ Source: http://download.gnome.org/sources/alacarte/3.11/%{name}-%{version}.tar.xz # PATCH-FIX-OPENSUSE alacarte-trans.patch bnc#947793 qz...@suse.org -- Fix untranslated messages Patch0: alacarte-trans.patch +# PATCH-FIX-UPSTREAM fix-bad-command-validation.patch bsc#1057908 bgo#728372 qzh...@suse.com -- Fix bad command validation +Patch1: fix-bad-command-validation.patch BuildRequires: fdupes BuildRequires: glib2-devel # Needed for the typelib() dependency parser @@ -55,6 +57,7 @@ %setup -q translation-update-upstream %patch0 -p1 +%patch1 -p1 %build %configure ++++++ alacarte-trans.patch ++++++ --- /var/tmp/diff_new_pack.3aJv2y/_old 2017-09-15 21:06:21.121431121 +0200 +++ /var/tmp/diff_new_pack.3aJv2y/_new 2017-09-15 21:06:21.121431121 +0200 @@ -1,7 +1,8 @@ -diff -Nura alacarte-3.10.0/Alacarte/ItemEditor.py alacarte-3.10.0.new/Alacarte/ItemEditor.py ---- alacarte-3.10.0/Alacarte/ItemEditor.py 2013-08-30 06:32:55.000000000 +0800 -+++ alacarte-3.10.0.new/Alacarte/ItemEditor.py 2015-11-30 21:19:06.812695811 +0800 -@@ -22,6 +22,8 @@ +Index: alacarte-3.11.91/Alacarte/ItemEditor.py +=================================================================== +--- alacarte-3.11.91.orig/Alacarte/ItemEditor.py ++++ alacarte-3.11.91/Alacarte/ItemEditor.py +@@ -22,6 +22,8 @@ import gi gi.require_version('Gtk', '3.0') from gi.repository import GLib, GObject, Gtk from Alacarte import config, util @@ -10,7 +11,7 @@ _ = gettext.gettext -@@ -101,6 +103,7 @@ +@@ -102,6 +104,7 @@ class ItemEditor(GObject.GObject): def __init__(self, parent, item_path): GObject.GObject.__init__(self) self.builder = Gtk.Builder() @@ -18,10 +19,11 @@ self.builder.add_from_file(os.path.join(config.pkgdatadir, self.ui_file)) self.dialog = self.builder.get_object('editor') -diff -Nura alacarte-3.10.0/data/alacarte.ui alacarte-3.10.0.new/data/alacarte.ui ---- alacarte-3.10.0/data/alacarte.ui 2013-09-03 21:23:58.000000000 +0800 -+++ alacarte-3.10.0.new/data/alacarte.ui 2015-11-30 21:20:08.224695811 +0800 -@@ -86,7 +86,7 @@ +Index: alacarte-3.11.91/data/alacarte.ui +=================================================================== +--- alacarte-3.11.91.orig/data/alacarte.ui ++++ alacarte-3.11.91/data/alacarte.ui +@@ -70,7 +70,7 @@ </child> <child> <object class="GtkButton" id="restore_button"> ++++++ fix-bad-command-validation.patch ++++++ diff --git a/Alacarte/ItemEditor.py b/Alacarte/ItemEditor.py index 9fd9faa..c5de30c 100644 --- a/Alacarte/ItemEditor.py +++ b/Alacarte/ItemEditor.py @@ -178,14 +178,22 @@ class LauncherEditor(ItemEditor): self.builder.get_object('icon-image')) self.builder.get_object('exec-browse').connect('clicked', self.pick_exec) - self.builder.get_object('name-entry').connect('changed', self.resync_validity) self.builder.get_object('exec-entry').connect('changed', self.resync_validity) + def exec_line_is_valid(self, exec_text): + try: + success, parsed = GLib.shell_parse_argv(exec_text) + # Make sure program (first part of the command) is in the path + command = parsed[0] + return (GLib.find_program_in_path(command) is not None) + except GLib.GError: + return False + def resync_validity(self, *args): name_text = self.builder.get_object('name-entry').get_text() exec_text = self.builder.get_object('exec-entry').get_text() - valid = (name_text != "" and GLib.find_program_in_path(exec_text) is not None) + valid = (name_text != "" and self.exec_line_is_valid(exec_text)) self.builder.get_object('ok').set_sensitive(valid) def load(self):
