Date: Saturday, September 16, 2017 @ 19:41:14 Author: jelle Revision: 258570
Add security patches Added: newsbeuter/trunk/newsbeuter-CVE-2017-12904.patch newsbeuter/trunk/remote-code-execution-podcast-name.patch ------------------------------------------+ newsbeuter-CVE-2017-12904.patch | 19 +++++++++++++++++++ remote-code-execution-podcast-name.patch | 28 ++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) Added: newsbeuter-CVE-2017-12904.patch =================================================================== --- newsbeuter-CVE-2017-12904.patch (rev 0) +++ newsbeuter-CVE-2017-12904.patch 2017-09-16 19:41:14 UTC (rev 258570) @@ -0,0 +1,19 @@ +diff -aur newsbeuter-r2.9/src/controller.cpp newsbeuter-r2.9.new/src/controller.cpp +--- newsbeuter-r2.9/src/controller.cpp 2015-02-19 11:56:59.000000000 +0100 ++++ newsbeuter-r2.9.new/src/controller.cpp 2017-09-16 21:33:14.568552568 +0200 +@@ -1275,9 +1275,11 @@ + std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd"); + bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive"); + if (bookmark_cmd.length() > 0) { +- std::string cmdline = utils::strprintf("%s '%s' %s %s", +- bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(), +- stfl::quote(title).c_str(), stfl::quote(description).c_str()); ++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'", ++ bookmark_cmd.c_str(), ++ utils::replace_all(url,"'", "%27").c_str(), ++ utils::replace_all(title,"'", "%27").c_str(), ++ utils::replace_all(description,"'", "%27").c_str()); + + LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str()); + +Only in newsbeuter-r2.9.new/src: .controller.cpp.swp Added: remote-code-execution-podcast-name.patch =================================================================== --- remote-code-execution-podcast-name.patch (rev 0) +++ remote-code-execution-podcast-name.patch 2017-09-16 19:41:14 UTC (rev 258570) @@ -0,0 +1,28 @@ +diff -aur newsbeuter-r2.9/src/pb_controller.cpp newsbeuter-r2.9.new/src/pb_controller.cpp +--- newsbeuter-r2.9/src/pb_controller.cpp 2015-02-19 11:56:59.000000000 +0100 ++++ newsbeuter-r2.9.new/src/pb_controller.cpp 2017-09-16 20:43:29.180683163 +0200 +@@ -306,9 +306,9 @@ + if (player == "") + return; + cmdline.append(player); +- cmdline.append(" \""); +- cmdline.append(utils::replace_all(file,"\"", "\\\"")); +- cmdline.append("\""); ++ cmdline.append(" \'"); ++ cmdline.append(utils::replace_all(file,"'", "%27")); ++ cmdline.append(" \'"); + stfl::reset(); + LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str()); + ::system(cmdline.c_str()); +diff -aur newsbeuter-r2.9/src/queueloader.cpp newsbeuter-r2.9.new/src/queueloader.cpp +--- newsbeuter-r2.9/src/queueloader.cpp 2015-02-19 11:56:59.000000000 +0100 ++++ newsbeuter-r2.9.new/src/queueloader.cpp 2017-09-16 20:47:01.884411680 +0200 +@@ -130,7 +130,7 @@ + strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t)); + fn.append(lbuf); + } else { +- fn.append(base); ++ fn.append(utils::replace_all(base, "'", "%27")); + } + return fn; + }