pull in latest commits

2015-01-05 13:15:47 -06:00 · 2015-01-05 13:15:47 -06:00 · 67498050c1
commit 67498050c1
parent f80509adb1
3 changed files with 99 additions and 1 deletions
--- a/0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
+++ b/0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
@ -0,0 +1,42 @@
+From 0f06aadc8696f3e9234687bbc93b50a3f724b822 Mon Sep 17 00:00:00 2001
+From: Rex Dieter <rdieter@math.unl.edu>
+Date: Sun, 4 Jan 2015 16:21:09 -0600
+Subject: [PATCH 1/2] xdg-screensaver should control X11's screensaver in xfce
+ as fallback (BR80089)
+
+---
+ ChangeLog                  | 3 +++
+ scripts/xdg-screensaver.in | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 3399286..735fee7 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -1,5 +1,8 @@
+ === xdg-utils 1.1.x ===
+ 
+2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
+   * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
+
+ 2014-10-09 Rex Dieter <rdieter@fedoraproject.org>
+    * xdg-screensaver plasma5 support
+ 
+diff --git a/scripts/xdg-screensaver.in b/scripts/xdg-screensaver.in
+index 047d555..d9cb4d2 100644
+--- a/scripts/xdg-screensaver.in
+++ b/scripts/xdg-screensaver.in
+@@ -104,6 +104,10 @@ perform_action()
+       screensaver_xscreensaver "$1"
+       ;;
+ 
+    xfce)
+      [ -n "$DISPLAY" ] && screensaver_xserver "$1"
+      ;;
+
+     '')
+       [ -n "$DISPLAY" ] && screensaver_xserver "$1"
+       ;;
+-- 
+1.9.3
+
--- a/0002-xdg-open-command-injection-vulnerability-BR66670.patch
+++ b/0002-xdg-open-command-injection-vulnerability-BR66670.patch
@ -0,0 +1,51 @@
+From 11a4bd44692f74a8b8b4615e44dc897c929ef1e5 Mon Sep 17 00:00:00 2001
+From: Rex Dieter <rdieter@math.unl.edu>
+Date: Mon, 5 Jan 2015 13:09:05 -0600
+Subject: [PATCH 2/2] xdg-open: command injection vulnerability (BR66670)
+
+---
+ ChangeLog           | 3 +++
+ scripts/xdg-open.in | 6 +++---
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 735fee7..e309517 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -1,5 +1,8 @@
+ === xdg-utils 1.1.x ===
+ 
+2015-01-05 Rex Dieter <rdieter@fedoraproject.org>
+   * xdg-open: command injection vulnerability (BR66670)
+
+ 2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
+    * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
+ 
+diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
+index 0145be3..9f01747 100644
+--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
+@@ -186,17 +186,17 @@ search_desktop_file()
+         # FIXME: Actually LC_MESSAGES should be used as described in
+         # http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
+         localised_name="'$(get_key "${file}" "Name")'"
+-        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \
+        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
+                                                   -e 's*%i*'"$icon"'*g' \
+                                                   -e 's*%c*'"$localised_name"'*g')"
+ 
+         if [ -x "$command_exec" ] ; then
+             if echo "$arguments" | grep -iq '%[fFuU]' ; then
+                 echo START "$command_exec" "$arguments_exec"
+-                eval "$command_exec" "$arguments_exec"
+                eval "$command_exec" '$arguments_exec'
+             else
+                 echo START "$command_exec" "$arguments_exec" "$arg"
+-                eval "$command_exec" "$arguments_exec" "$arg"
+                eval "$command_exec" '$arguments_exec' '$arg'
+             fi
+ 
+             if [ $? -eq 0 ]; then
+-- 
+1.9.3
+
--- a/xdg-utils.spec
+++ b/xdg-utils.spec
@ -4,7 +4,7 @@
 Summary: Basic desktop integration functions 
 Name:    xdg-utils
 Version: 1.1.0
-Release: 0.32.%{pre}%{?dist}
+Release: 0.33.%{pre}%{?dist}

 URL:     http://portland.freedesktop.org/ 
 %if 0%{?pre:1}
@ -16,6 +16,8 @@ Source0: http://portland.freedesktop.org/download/xdg-utils-%{version}%{?pre:-%{
 License: MIT 

 ## upstream patches
+Patch1: 0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
+Patch2: 0002-xdg-open-command-injection-vulnerability-BR66670.patch

 # make sure BuildArch comes *after* patches, to ensure %%autosetup works right
 # http://bugzilla.redhat.com/1084309
@ -90,6 +92,9 @@ make install DESTDIR=%{buildroot}


 %changelog
+* Mon Jan 05 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.33.rc3
+- pull in latest commits
+
 * Sat Jan 03 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.32.rc3
 - xdg-utils-1.1.0-rc3