Date: Saturday, September 16, 2017 @ 19:41:14
Author: jelle
Revision: 258570
Add security patches
Added:
newsbeuter/trunk/newsbeuter-CVE-2017-12904.patch
newsbeuter/trunk/remote-code-execution-podcast-name.patch
------------------------------------------+
newsbeuter-CVE-2017-12904.patch | 19 +++++++++++++++++++
remote-code-execution-podcast-name.patch | 28 ++++++++++++++++++++++++++++
2 files changed, 47 insertions(+)
Added: newsbeuter-CVE-2017-12904.patch
===================================================================
--- newsbeuter-CVE-2017-12904.patch (rev 0)
+++ newsbeuter-CVE-2017-12904.patch 2017-09-16 19:41:14 UTC (rev 258570)
@@ -0,0 +1,19 @@
+diff -aur newsbeuter-r2.9/src/controller.cpp
newsbeuter-r2.9.new/src/controller.cpp
+--- newsbeuter-r2.9/src/controller.cpp 2015-02-19 11:56:59.000000000 +0100
++++ newsbeuter-r2.9.new/src/controller.cpp 2017-09-16 21:33:14.568552568
+0200
+@@ -1275,9 +1275,11 @@
+ std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
+ bool is_interactive =
cfg.get_configvalue_as_bool("bookmark-interactive");
+ if (bookmark_cmd.length() > 0) {
+- std::string cmdline = utils::strprintf("%s '%s' %s %s",
+- bookmark_cmd.c_str(),
utils::replace_all(url,"'", "%27").c_str(),
+-
stfl::quote(title).c_str(), stfl::quote(description).c_str());
++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
++ bookmark_cmd.c_str(),
++
utils::replace_all(url,"'", "%27").c_str(),
++
utils::replace_all(title,"'", "%27").c_str(),
++
utils::replace_all(description,"'", "%27").c_str());
+
+ LOG(LOG_DEBUG, "controller::bookmark: cmd = %s",
cmdline.c_str());
+
+Only in newsbeuter-r2.9.new/src: .controller.cpp.swp
Added: remote-code-execution-podcast-name.patch
===================================================================
--- remote-code-execution-podcast-name.patch (rev 0)
+++ remote-code-execution-podcast-name.patch 2017-09-16 19:41:14 UTC (rev
258570)
@@ -0,0 +1,28 @@
+diff -aur newsbeuter-r2.9/src/pb_controller.cpp
newsbeuter-r2.9.new/src/pb_controller.cpp
+--- newsbeuter-r2.9/src/pb_controller.cpp 2015-02-19 11:56:59.000000000
+0100
++++ newsbeuter-r2.9.new/src/pb_controller.cpp 2017-09-16 20:43:29.180683163
+0200
+@@ -306,9 +306,9 @@
+ if (player == "")
+ return;
+ cmdline.append(player);
+- cmdline.append(" \"");
+- cmdline.append(utils::replace_all(file,"\"", "\\\""));
+- cmdline.append("\"");
++ cmdline.append(" \'");
++ cmdline.append(utils::replace_all(file,"'", "%27"));
++ cmdline.append(" \'");
+ stfl::reset();
+ LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'",
cmdline.c_str());
+ ::system(cmdline.c_str());
+diff -aur newsbeuter-r2.9/src/queueloader.cpp
newsbeuter-r2.9.new/src/queueloader.cpp
+--- newsbeuter-r2.9/src/queueloader.cpp 2015-02-19 11:56:59.000000000
+0100
++++ newsbeuter-r2.9.new/src/queueloader.cpp 2017-09-16 20:47:01.884411680
+0200
+@@ -130,7 +130,7 @@
+ strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown",
localtime(&t));
+ fn.append(lbuf);
+ } else {
+- fn.append(base);
++ fn.append(utils::replace_all(base, "'", "%27"));
+ }
+ return fn;
+ }
