Hello community, here is the log from the commit of package xdg-utils for openSUSE:Factory checked in at 2018-05-25 21:35:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xdg-utils (Old) and /work/SRC/openSUSE:Factory/.xdg-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xdg-utils" Fri May 25 21:35:04 2018 rev:47 rq:611526 version:20180510 Changes: -------- --- /work/SRC/openSUSE:Factory/xdg-utils/xdg-utils.changes 2018-05-08 13:31:31.498143466 +0200 +++ /work/SRC/openSUSE:Factory/.xdg-utils.new/xdg-utils.changes 2018-05-25 21:35:06.756750367 +0200 @@ -0,0 +1,20 @@ +------------------------------------------------------------------- +Wed May 23 09:17:31 UTC 2018 - alarr...@suse.com + +- Update to version 20180510 (1.1.3): + * bump version, prep for 1.1.3 release + * xdg-open: use pcmanfm only if it is available (BR106161) + * Add Deepin Desktop Environment support. + * Avoid argument injection vulnerability in open_envvar() (CVE-2017-18266, + boo#1093086) + * xdg-settings: check_browser is broken under kde when just the binary + is specified (BR106343) + * xdg-open: Fixes LXQt behavior + * xdg-mime awk script syntax error (BR104298) + * Spelling fixes (BR103255) + * xdg-mime.1: Add missing period + * Fix tests for 1f8e58d51e6fb3f50f59ed2d8265f2f346ac68e6 + +- Drop fix-kde-browser-check.patch which is already included upstream + +------------------------------------------------------------------- Old: ---- fix-kde-browser-check.patch xdg-utils-20170508.tar.xz New: ---- xdg-utils-20180510.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xdg-utils.spec ++++++ --- /var/tmp/diff_new_pack.iPTaDk/_old 2018-05-25 21:35:07.656717796 +0200 +++ /var/tmp/diff_new_pack.iPTaDk/_new 2018-05-25 21:35:07.656717796 +0200 @@ -1,7 +1,7 @@ # # spec file for package xdg-utils # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: xdg-utils -Version: 20170508 +Version: 20180510 Release: 0 Summary: Utilities to uniformly interface desktop environments License: MIT @@ -31,7 +31,6 @@ Patch1: xdg-terminal-fix-gsettings.patch # PATCH-FIX-UPSTREAM xdg-terminal-fix-terminal--x-arg.patch fdo#93231 sor.ale...@meowr.ru -- https://bugs.freedesktop.org/show_bug.cgi?id=93231#c5 Patch3: xdg-terminal-fix-terminal--x-arg.patch -Patch4: fix-kde-browser-check.patch BuildRequires: make # for xmlto to be able to generate text from html BuildRequires: w3m ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.iPTaDk/_old 2018-05-25 21:35:07.720715480 +0200 +++ /var/tmp/diff_new_pack.iPTaDk/_new 2018-05-25 21:35:07.724715335 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://anongit.freedesktop.org/xdg/xdg-utils</param> - <param name="changesrevision">fb9ee8c69932feb716ad4db793a7941dd06b345c</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">159fc37075db2decf446f453fe1a796da6921aad</param></service></servicedata> \ No newline at end of file ++++++ xdg-utils-20170508.tar.xz -> xdg-utils-20180510.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/ChangeLog new/xdg-utils-20180510/ChangeLog --- old/xdg-utils-20170508/ChangeLog 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/ChangeLog 2018-05-10 17:02:31.000000000 +0200 @@ -1,5 +1,21 @@ === xdg-utils 1.1.3 === +2018-05-10 + * xdg-open: Add Deepin Desktop Environment support (BR106143) + * xdg-open: use pcmanfm only if it is available (BR106161) + +2018-05-09 + * xdg-open: Argument injection in xdg-open open_envvar (BR103807) + +2018-05-02 + * xdg-settings: check_browser is broken under kde when just the binary is specified (BR106343) + +2018-02-27 + * xdg-open: Fixes LXQt behavior (BR81674,BR103146) + +2017-12-18 + * xdg-mime awk script syntax error (BR104298) + === xdg-utils 1.1.2 === 2017-02-28 Rex Dieter <rdie...@fedoraproject.org> @@ -541,7 +557,7 @@ 2006-04-24 Kevin Krammer <kevin.kram...@gmx.at> * Applied patch provided by Benedikt Meurer <benedikt.meu...@unix-ag.uni-siegen.de> - to improve the compatability of the Makefile + to improve the compatibility of the Makefile * Added --title option to xdg-file-dialog * Applied another path by Benedikt to let xdg-file-dialog use zenity on GNOME and XFCE @@ -564,7 +580,7 @@ Currently only used in xdg-mime to gather feedback 2006-04-08 Kevin Krammer <kevin.kram...@gmx.at> - * In case of $BROWSER being not avialable or empty, try a fixed list of well + * In case of $BROWSER being not available or empty, try a fixed list of well known browsers instead 2006-04-06 Kevin Krammer <kevin.kram...@gmx.at> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/autotests/t-xdg-mime-query-default.sh new/xdg-utils-20180510/autotests/t-xdg-mime-query-default.sh --- old/xdg-utils-20170508/autotests/t-xdg-mime-query-default.sh 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/autotests/t-xdg-mime-query-default.sh 2018-05-10 17:02:31.000000000 +0200 @@ -3,6 +3,8 @@ . ./test-lib.sh test_that_it reads \$XDG_CONFIG_HOME/mimeapps.list +mock mosaic # Default app should exist +mock_desktop_file mosaic mock_default_app x-scheme-handler/http mosaic handler=$(run generic xdg-mime query default x-scheme-handler/http) assert_equal mosaic.desktop "$handler" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/autotests/t-xdg-settings.sh new/xdg-utils-20180510/autotests/t-xdg-settings.sh --- old/xdg-utils-20170508/autotests/t-xdg-settings.sh 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/autotests/t-xdg-settings.sh 2018-05-10 17:02:31.000000000 +0200 @@ -12,12 +12,16 @@ for de in gnome3 cinnamon lxde mate generic; do test_that_it determines default browser from \ \$XDG_CONFIG_HOME/mimeapps.list in $de + mock mosaic # Default app should exist + mock_desktop_file mosaic mock_default_app x-scheme-handler/http mosaic assert_equal mosaic.desktop \ "$(run $de xdg-settings get default-web-browser)" test_that_it determines default URL handler from \ \$XDG_CONFIG_HOME/mimeapps.list in $de + mock footorrent # Default app should exist + mock_desktop_file footorrent mock_default_app x-scheme-handler/magnet footorrent assert_equal \ footorrent.desktop \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/desc/xdg-mime.xml new/xdg-utils-20180510/scripts/desc/xdg-mime.xml --- old/xdg-utils-20170508/scripts/desc/xdg-mime.xml 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/desc/xdg-mime.xml 2018-05-10 17:02:31.000000000 +0200 @@ -119,7 +119,7 @@ </simpara> <simpara> <replaceable>application</replaceable> is the desktop file - id of the application and has the form vendor-name.desktop + id of the application and has the form vendor-name.desktop. <replaceable>application</replaceable> must already be installed in the desktop menu before it can be made the default handler. The application's desktop file must list support for all the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/desc/xdg-settings.xml new/xdg-utils-20180510/scripts/desc/xdg-settings.xml --- old/xdg-utils-20170508/scripts/desc/xdg-settings.xml 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/desc/xdg-settings.xml 2018-05-10 17:02:31.000000000 +0200 @@ -114,7 +114,7 @@ <refsect1 id="properties"> <title>Properties</title> <para> - When using xdg-settings to get, check or set a destkop setting, properties + When using xdg-settings to get, check or set a desktop setting, properties and possibly sub-properties are used to specify the setting to be changed. </para> <para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-desktop-menu.in new/xdg-utils-20180510/scripts/xdg-desktop-menu.in --- old/xdg-utils-20170508/scripts/xdg-desktop-menu.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-desktop-menu.in 2018-05-10 17:02:31.000000000 +0200 @@ -394,7 +394,7 @@ case "$parm" in *.directory) if [ -n "$desktop_files" ] ; then - exit_failure_syntax "'$parm' must preceed any *.desktop file" + exit_failure_syntax "'$parm' must precede any *.desktop file" fi directory_files="$directory_files $parm" ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-mime.in new/xdg-utils-20180510/scripts/xdg-mime.in --- old/xdg-utils-20170508/scripts/xdg-mime.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-mime.in 2018-05-10 17:02:31.000000000 +0200 @@ -171,7 +171,7 @@ blanks++ suppress=1 } else if (associations && index($0, prefix) == 1) { - value=substr($0, length(prefix) + 1, length) + value=substr($0, length(prefix) + 1, length()) split(value, apps, ";") value=application ";" count=0 @@ -369,7 +369,7 @@ } else if (index($0, "[") == 1) { indefault=0 } else if (!found && indefault && index($0, prefix) == 1) { - print substr($0, length(prefix) +1, length) + print substr($0, length(prefix) +1, length()) found=1 } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-open.in new/xdg-utils-20180510/scripts/xdg-open.in --- old/xdg-utils-20170508/scripts/xdg-open.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-open.in 2018-05-10 17:02:31.000000000 +0200 @@ -142,6 +142,21 @@ fi } +open_dde() +{ + if dde-open -version >/dev/null 2>&1; then + dde-open "$1" + else + open_generic "$1" + fi + + if [ $? -eq 0 ]; then + exit_success + else + exit_failure_operation_failed + fi +} + open_gnome3() { if gio help open 2>/dev/null 1>&2; then @@ -351,6 +366,11 @@ fi } +has_single_argument() +{ + test $# = 1 +} + open_envvar() { local oldifs="$IFS" @@ -365,7 +385,10 @@ fi if echo "$browser" | grep -q %s; then - $(printf "$browser" "$1") + # Avoid argument injection. + # See https://bugs.freedesktop.org/show_bug.cgi?id=103807 + # URIs don't have IFS characters spaces anyway. + has_single_argument $1 && $(printf "$browser" "$1") else $browser "$1" fi @@ -426,8 +449,9 @@ open_lxde() { + # pcmanfm only knows how to handle file:// urls and filepaths, it seems. - if is_file_url_or_path "$1"; then + if pcmanfm --help >/dev/null 2>&1 -a is_file_url_or_path "$1"; then local file="$(file_url_to_path "$1")" # handle relative paths @@ -447,6 +471,11 @@ fi } +open_lxqt() +{ + open_generic "$1" +} + [ x"$1" != x"" ] || exit_failure_syntax url= @@ -495,6 +524,10 @@ open_kde "$url" ;; + dde) + open_dde "$url" + ;; + gnome3|cinnamon) open_gnome3 "$url" ;; @@ -511,10 +544,14 @@ open_xfce "$url" ;; - lxde|lxqt) + lxde) open_lxde "$url" ;; + lxqt) + open_lxqt "$url" + ;; + enlightenment) open_enlightenment "$url" ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-screensaver.in new/xdg-utils-20180510/scripts/xdg-screensaver.in --- old/xdg-utils-20170508/scripts/xdg-screensaver.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-screensaver.in 2018-05-10 17:02:31.000000000 +0200 @@ -583,7 +583,7 @@ { # DBUS interface for mate-screensaver # This is same as gnome's for now but may change in the future as MATE -# does not follow gnome's developement necessarily. +# does not follow gnome's development necessarily. case "$1" in suspend) screensaver_suspend_loop \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-settings.in new/xdg-utils-20180510/scripts/xdg-settings.in --- old/xdg-utils-20170508/scripts/xdg-settings.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-settings.in 2018-05-10 17:02:31.000000000 +0200 @@ -226,6 +226,14 @@ fi browser="`read_kde_browser`" binary="`resolve_kde_browser`" + + # The browser may contain a relative entry to the binary starting with ! + if [ x"!" == x"${browser:0:1}" ]; then + # get the full path + browser="`binary_to_desktop_file ${browser:1}`" + binary="`desktop_file_to_binary $browser`" + fi + # Because KDE will use the handler for MIME type text/html if this value # is empty, we allow either the empty string or a match to $check here. if [ x"$binary" != x -a x"$binary" != x"$check" ]; then @@ -575,16 +583,23 @@ fi if [ x"$1" = "mailto" ]; then binary="`read_kde_config emaildefaults PROFILE_Default EmailClient`" + # The field may contain a relative entry to the binary starting with ! + if [ x"!" == x"${binary:0:1}" ]; then + # get the full path + desktop_file="`binary_to_desktop_file ${binary:1}`" + binary="`desktop_file_to_binary $desktop_file`" + fi + if [ x"$binary" != x"$check" ]; then + echo no + exit_success + fi + else + handler="`get_browser_mime x-scheme-handler/$1`" + binary="`desktop_file_to_binary "$handler"`" if [ x"$binary" != x"$check" ]; then echo no exit_success fi - fi - handler="`get_browser_mime x-scheme-handler/$1`" - binary="`desktop_file_to_binary "$handler"`" - if [ x"$binary" != x"$check" ]; then - echo no - exit_success fi echo yes exit_success diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/scripts/xdg-utils-common.in new/xdg-utils-20180510/scripts/xdg-utils-common.in --- old/xdg-utils-20170508/scripts/xdg-utils-common.in 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/scripts/xdg-utils-common.in 2018-05-10 17:02:31.000000000 +0200 @@ -245,7 +245,7 @@ ;; --version) - echo "@NAME@ 1.1.2+" + echo "@NAME@ 1.1.3" exit_success ;; esac @@ -288,6 +288,10 @@ KDE) DE=kde; ;; + # Deepin Desktop Environments + DEEPIN|Deepin|deepin) + DE=dde; + ;; LXDE) DE=lxde; ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/README new/xdg-utils-20180510/tests/README --- old/xdg-utils-20170508/tests/README 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/README 2018-05-10 17:02:31.000000000 +0200 @@ -18,7 +18,7 @@ See xdg-test.log for details. NOT OK! -FAIL indicates (not suprisingly) a test failure. +FAIL indicates (not surprisingly) a test failure. NORESULT indicates that the test prerequisites failed for some reason. (e.g. the install phase of an uninstall test failed) UNTESTED means that something needed was not found. This is fine and should @@ -26,7 +26,7 @@ (e.g. test requires root, but we are not running as root) NOTE: The test runner makes guesses about appropriate values of XDG_TEST_DIR - and PATH. These values can be overriden explicitly. + and PATH. These values can be overridden explicitly. To run tests individually, or as smaller groups do something like diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/debug/t.extraout new/xdg-utils-20180510/tests/debug/t.extraout --- old/xdg-utils-20170508/tests/debug/t.extraout 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/debug/t.extraout 2018-05-10 17:02:31.000000000 +0200 @@ -4,7 +4,7 @@ . "$XDG_TEST_DIR/include/testcontrol.sh" test_extraout() { -test_start "$FUNCNAME: verify functionallity of assert_nostdout" +test_start "$FUNCNAME: verify functionality of assert_nostdout" test_procedure diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/debug/t.interactive new/xdg-utils-20180510/tests/debug/t.interactive --- old/xdg-utils-20170508/tests/debug/t.interactive 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/debug/t.interactive 2018-05-10 17:02:31.000000000 +0200 @@ -4,7 +4,7 @@ . "$XDG_TEST_DIR/include/testcontrol.sh" test_interactive() { -test_start "$FUNCNAME: verify functionallity of assert_interactive" +test_start "$FUNCNAME: verify functionality of assert_interactive" test_procedure diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/doc_gen.pl new/xdg-utils-20180510/tests/doc_gen.pl --- old/xdg-utils-20170508/tests/doc_gen.pl 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/doc_gen.pl 2018-05-10 17:02:31.000000000 +0200 @@ -102,7 +102,7 @@ } #find initilization elsif ( m/test_init/ ) { - print HTM "<h2>Depencencies</h2>\n"; + print HTM "<h2>Dependencies</h2>\n"; $state = 'INIT'; next; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/include/testassertions.sh new/xdg-utils-20180510/tests/include/testassertions.sh --- old/xdg-utils-20170508/tests/include/testassertions.sh 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/include/testassertions.sh 2018-05-10 17:02:31.000000000 +0200 @@ -5,7 +5,7 @@ . "$XDG_TEST_DIR/include/testfuncs.sh" ## NOTE: Documentation is generated AUTOMATICALLY from this file -## Function usage must immediately follow function delcaration +## Function usage must immediately follow function declaration assert_exit() { # execute command (saving output) and check exit code @@ -41,7 +41,7 @@ } assert_interactive() { -# Useage: +# Usage: # assert_interactive {msg} [y|n|C|s varname] # # msg is the text to print. @@ -122,7 +122,7 @@ assert_file() { -# Assert the existance of an exact filename +# Assert the existence of an exact filename # Usage: assert_file FILE if [ ! -e "$1" ] ; then test_fail "'$1' does not exist" @@ -140,7 +140,7 @@ } assert_nofile() { -# Assert the non existance of an exact filename. +# Assert the non existence of an exact filename. # Opposite of 'assert_file' if [ -e "$1" ] ; then test_fail "'$1' exists." @@ -339,7 +339,7 @@ varname="$1" file="$2" if [ -z "$varname" ] ; then - echo "TEST SYNAX ERROR: get_unique_name requries a variable name" + echo "TEST SYNAX ERROR: get_unique_name requires a variable name" exit 255 fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20170508/tests/testrun new/xdg-utils-20180510/tests/testrun --- old/xdg-utils-20170508/tests/testrun 2017-05-08 14:34:29.000000000 +0200 +++ new/xdg-utils-20180510/tests/testrun 2018-05-10 17:02:31.000000000 +0200 @@ -123,7 +123,7 @@ else SUCMD=`which sudo 2>/dev/null` echo "Running ${SUCMD-su} for system tests." - echo "Please enter an apropriate password if requested." + echo "Please enter an appropriate password if requested." fi # Note if sudo is not found, $SUCMD will be blank, so run su directly. # We cannot assume su works since systems like Ubuntu require sudo