rpms/xdg-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

20150715git snapshot

Browse Source
This commit is contained in:
Rex Dieter 2015-07-15 12:37:59 -05:00
parent c5cd8e8bb5
commit bf181b998d
14 changed files with 13 additions and 506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
/xdg-utils-1.1.0-rc2.tar.gz
/xdg-utils-1.1.0-rc3.tar.gz
/xdg-utils-1.1.0-20150715git.tar.gz

42
0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
View File

@ -1,42 +0,0 @@
From 0f06aadc8696f3e9234687bbc93b50a3f724b822 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Sun, 4 Jan 2015 16:21:09 -0600
Subject: [PATCH 1/5] xdg-screensaver should control X11's screensaver in xfce
as fallback (BR80089)
---
ChangeLog | 3 +++
scripts/xdg-screensaver.in | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 3399286..735fee7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
+ * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
+
2014-10-09 Rex Dieter <rdieter@fedoraproject.org>
* xdg-screensaver plasma5 support
diff --git a/scripts/xdg-screensaver.in b/scripts/xdg-screensaver.in
index 047d555..d9cb4d2 100644
--- a/scripts/xdg-screensaver.in
+++ b/scripts/xdg-screensaver.in
@@ -104,6 +104,10 @@ perform_action()
screensaver_xscreensaver "$1"
;;
+ xfce)
+ [ -n "$DISPLAY" ] && screensaver_xserver "$1"
+ ;;
+
'')
[ -n "$DISPLAY" ] && screensaver_xserver "$1"
;;
--
2.1.0

51
0002-xdg-open-command-injection-vulnerability-BR66670.patch
View File

@ -1,51 +0,0 @@
From 11a4bd44692f74a8b8b4615e44dc897c929ef1e5 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Mon, 5 Jan 2015 13:09:05 -0600
Subject: [PATCH 2/5] xdg-open: command injection vulnerability (BR66670)
---
ChangeLog | 3 +++
scripts/xdg-open.in | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 735fee7..e309517 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-01-05 Rex Dieter <rdieter@fedoraproject.org>
+ * xdg-open: command injection vulnerability (BR66670)
+
2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
* xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index 0145be3..9f01747 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -186,17 +186,17 @@ search_desktop_file()
# FIXME: Actually LC_MESSAGES should be used as described in
# http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
localised_name="'$(get_key "${file}" "Name")'"
- arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \
+ arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
-e 's*%i*'"$icon"'*g' \
-e 's*%c*'"$localised_name"'*g')"
if [ -x "$command_exec" ] ; then
if echo "$arguments" | grep -iq '%[fFuU]' ; then
echo START "$command_exec" "$arguments_exec"
- eval "$command_exec" "$arguments_exec"
+ eval "$command_exec" '$arguments_exec'
else
echo START "$command_exec" "$arguments_exec" "$arg"
- eval "$command_exec" "$arguments_exec" "$arg"
+ eval "$command_exec" '$arguments_exec' '$arg'
fi
if [ $? -eq 0 ]; then
--
2.1.0

47
0003-xdg-mime-dereference-symlinks-when-using-mimetype-or.patch
View File

@ -1,47 +0,0 @@
From ffa6e473fc95d1980b230195fecdafcd7193dca7 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Thu, 15 Jan 2015 09:16:38 -0600
Subject: [PATCH 3/5] xdg-mime: dereference symlinks when using mimetype or
file (BR39923)
---
ChangeLog | 3 +++
scripts/xdg-mime.in | 8 ++++----
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e309517..3c7b095 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-01-15 Reuben Thomas <rrt@sc3d.org>
+ * xdg-mime: dereference symlinks when using mimetype or file (BR39923)
+
2015-01-05 Rex Dieter <rdieter@fedoraproject.org>
* xdg-open: command injection vulnerability (BR66670)
diff --git a/scripts/xdg-mime.in b/scripts/xdg-mime.in
index 0290d77..80781c8 100644
--- a/scripts/xdg-mime.in
+++ b/scripts/xdg-mime.in
@@ -98,11 +98,11 @@ info_gnome()
info_generic()
{
if mimetype --version >/dev/null 2>&1; then
- DEBUG 1 "Running mimetype -b \"$1\""
- mimetype -b "$1"
+ DEBUG 1 "Running mimetype --brief --dereference \"$1\""
+ mimetype --brief --dereference "$1"
else
- DEBUG 1 "Running file --mime-type \"$1\""
- /usr/bin/file -b --mime-type "$1" 2> /dev/null
+ DEBUG 1 "Running file --brief --dereference --mime-type \"$1\""
+ /usr/bin/file --brief --dereference --mime-type "$1" 2> /dev/null
fi
if [ $? -eq 0 ]; then
--
2.1.0

48
0004-xdg-screensaver-Change-screensaver_freedesktop-s-int.patch
View File

@ -1,48 +0,0 @@
From 8e9fa9bcc85fd31d4548870aad27c0593f64c433 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Thu, 15 Jan 2015 10:09:43 -0600
Subject: [PATCH 4/5] xdg-screensaver: Change screensaver_freedesktop's
interpretation of GetActive (BR29859)
---
ChangeLog | 1 +
scripts/xdg-screensaver.in | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 3c7b095..fa90e70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
2015-01-15 Reuben Thomas <rrt@sc3d.org>
* xdg-mime: dereference symlinks when using mimetype or file (BR39923)
+ * xdg-screensaver: Change screensaver_freedesktop's interpretation of GetActive (BR29859)
2015-01-05 Rex Dieter <rdieter@fedoraproject.org>
* xdg-open: command injection vulnerability (BR66670)
diff --git a/scripts/xdg-screensaver.in b/scripts/xdg-screensaver.in
index d9cb4d2..579b80e 100644
--- a/scripts/xdg-screensaver.in
+++ b/scripts/xdg-screensaver.in
@@ -300,13 +300,13 @@ screensaver_freedesktop()
org.freedesktop.ScreenSaver.GetActive \
| grep boolean | cut -d ' ' -f 5`
result=$?
- if [ x"$status" = "xtrue" ]; then
+ if [ x"$status" = "xtrue" -o x"$status" = "xfalse" ]; then
echo "enabled"
- elif [ x"$status" = "xfalse" ]; then
- echo "disabled"
- else
+ elif [ x"$result" != "x0" ]; then
echo "ERROR: dbus org.freedesktop.ScreenSaver.GetActive returned '$status'" >&2
return 1
+ else
+ echo "disabled"
fi
;;
--
2.1.0

44
0005-xdg-open-better-fix-for-command-injection-vulnerabil.patch
View File

@ -1,44 +0,0 @@
From ab071beaabb62ceda3028dd5efa85e8057c29006 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Mon, 19 Jan 2015 05:18:57 -0600
Subject: [PATCH 5/5] xdg-open: better fix for command injection vulnerability
(BR66670)
---
ChangeLog | 3 +++
scripts/xdg-open.in | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index fa90e70..627df21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-01-19 Rex Dieter <rdieter@fedoraproject.org>
+ * xdg-open: better fix for command injection vulnerability (BR66670)
+
2015-01-15 Reuben Thomas <rrt@sc3d.org>
* xdg-mime: dereference symlinks when using mimetype or file (BR39923)
* xdg-screensaver: Change screensaver_freedesktop's interpretation of GetActive (BR29859)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index 9f01747..b6045f8 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -193,10 +193,10 @@ search_desktop_file()
if [ -x "$command_exec" ] ; then
if echo "$arguments" | grep -iq '%[fFuU]' ; then
echo START "$command_exec" "$arguments_exec"
- eval "$command_exec" '$arguments_exec'
+ eval "'$command_exec'" "'$arguments_exec'"
else
echo START "$command_exec" "$arguments_exec" "$arg"
- eval "$command_exec" '$arguments_exec' '$arg'
+ eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
fi
if [ $? -eq 0 ]; then
--
2.1.0

30
0006-xdg-open-Improve-performance-of-get_key-function.patch
View File

@ -1,30 +0,0 @@
From 46e8421a238640d0a18d3fe856466c1d22aeadbf Mon Sep 17 00:00:00 2001
From: Alex Henrie <alexhenrie24@gmail.com>
Date: Sat, 17 Jan 2015 01:15:19 -0700
Subject: [PATCH 6/7] xdg-open: Improve performance of get_key function
---
scripts/xdg-open.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index b6045f8..ee2889e 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -57,11 +57,11 @@ get_key()
"["*)
desktop_entry=""
;;
- *)
+ "${key}="*)
# Only match Desktop Entry group
if [ -n "${desktop_entry}" ]
then
- echo "${line}" | grep -E "^${key}=" | cut -d= -f 2-
+ echo "${line}" | cut -d= -f 2-
fi
esac
done < "${file}"
--
2.1.0

24
0007-Add-changelog-for-prior-commit.patch
View File

@ -1,24 +0,0 @@
From e8ee3b18d16e41b95148111b920a0c8beed3ac6c Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Mon, 19 Jan 2015 05:37:34 -0600
Subject: [PATCH 7/7] Add changelog for prior commit
---
ChangeLog | 1 +
1 file changed, 1 insertion(+)
diff --git a/ChangeLog b/ChangeLog
index 627df21..9a01f82 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
2015-01-19 Rex Dieter <rdieter@fedoraproject.org>
* xdg-open: better fix for command injection vulnerability (BR66670)
+ * xdg-open is extremely slow because get_key executes grep unnecessarily (BR88524)
2015-01-15 Reuben Thomas <rrt@sc3d.org>
* xdg-mime: dereference symlinks when using mimetype or file (BR39923)
--
2.1.0

114
0008-xdg-open-safer-xdg-open-BR89130.patch
View File

@ -1,114 +0,0 @@
From 13d9b0cac97e438bf7dc06452ee7fb3480907d88 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Fri, 20 Feb 2015 15:54:46 -0600
Subject: [PATCH 8/8] xdg-open: safer xdg-open (BR89130)
inspired by patch from Vincent Bernat <bernat@debian.org>
---
ChangeLog | 3 +++
scripts/xdg-open.in | 65 ++++++++++++++++++++++++++++++++---------------------
2 files changed, 43 insertions(+), 25 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9a01f82..0c0ab97 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-02-20 Rex Dieter <rdieter@fedoraproject.org>
+ * xdg-open: safer xdg-open (BR89130), inspired by patch from Vincent Bernat <bernat@debian.org>
+
2015-01-19 Rex Dieter <rdieter@fedoraproject.org>
* xdg-open: better fix for command injection vulnerability (BR66670)
* xdg-open is extremely slow because get_key executes grep unnecessarily (BR88524)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index ee2889e..074ba6f 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -161,7 +161,7 @@ search_desktop_file()
{
local default="$1"
local dir="$2"
- local arg="$3"
+ local target="$3"
local file=""
# look for both vendor-app.desktop, vendor/app.desktop
@@ -174,34 +174,49 @@ search_desktop_file()
if [ -r "$file" ] ; then
command="$(get_key "${file}" "Exec" | first_word)"
command_exec=`which $command 2>/dev/null`
- arguments="$(get_key "${file}" "Exec" | last_word)"
- arg_one="`echo "$arg" | sed 's/[&*\\]/\\\\&/g'`"
icon="$(get_key "${file}" "Icon")"
- if [ "${icon}" != "" ]
- then
- icon="--icon '${icon}'"
- else
- icon="''"
- fi
# FIXME: Actually LC_MESSAGES should be used as described in
# http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
- localised_name="'$(get_key "${file}" "Name")'"
- arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
- -e 's*%i*'"$icon"'*g' \
- -e 's*%c*'"$localised_name"'*g')"
-
- if [ -x "$command_exec" ] ; then
- if echo "$arguments" | grep -iq '%[fFuU]' ; then
- echo START "$command_exec" "$arguments_exec"
- eval "'$command_exec'" "'$arguments_exec'"
- else
- echo START "$command_exec" "$arguments_exec" "$arg"
- eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
- fi
+ localised_name="$(get_key "${file}" "Name")"
+ set -- $(get_key "${file}" "Exec" | last_word)
+ # We need to replace any occurrence of "%f", "%F" and
+ # the like by the target file. We examine each
+ # argument and append the modified argument to the
+ # end then shift.
+ local args=$#
+ local replaced=0
+ while [ $args -gt 0 ]; do
+ case $1 in
+ %[c])
+ replaced=1
+ arg="${localised_name}"
+ shift
+ set -- "$@" "$arg"
+ ;;
+ %[fFuU])
+ replaced=1
+ arg="$(echo $target | sed 's/[&*\\]/\\\\&/g')"
+ shift
+ set -- "$@" "$arg"
+ ;;
+ %[i])
+ replaced=1
+ shift
+ set -- "$@" "--icon" "$icon"
+ ;;
+ *)
+ arg="$1"
+ shift
+ set -- "$@" "$arg"
+ ;;
+ esac
+ args=$(( $args - 1 ))
+ done
+ [ $replaced -eq 1 ] || set -- "$@" "$target"
+ "$command_exec" "$@"
- if [ $? -eq 0 ]; then
- exit_success
- fi
+ if [ $? -eq 0 ]; then
+ exit_success
fi
fi
--
1.9.3

25
0009-one-more-s-arg-target-rename-fix-for-prior-commit.patch
View File

@ -1,25 +0,0 @@
From 8f5e1cd175662027ff96582e387078e85f088ffa Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@gmail.com>
Date: Sat, 21 Feb 2015 09:25:41 -0600
Subject: [PATCH 9/9] one more s/$arg/$target/ rename fix for prior commit
---
scripts/xdg-open.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index 074ba6f..678eae4 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -221,7 +221,7 @@ search_desktop_file()
fi
for d in $dir/*/; do
- [ -d "$d" ] && search_desktop_file "$default" "$d" "$arg"
+ [ -d "$d" ] && search_desktop_file "$default" "$d" "$target"
done
}
--
2.1.0

37
0010-xdg-mime-do-not-report-multiple-desktop-files-BR6032.patch
View File

@ -1,37 +0,0 @@
From e04f8065335e391f47b04513d395e02a7f13d56e Mon Sep 17 00:00:00 2001
From: Lionel Orry <lionel.orry@gmail.com>
Date: Wed, 13 Aug 2014 09:56:25 +0200
Subject: [PATCH 10/11] xdg-mime: do not report multiple desktop files
(BR60329)
since commit 050333e3, xdg-mime checks both defaults.list and
mimeinfo.cache. When a result is present in both files, it returns both
results separated by a space.
When this is the case, the desktop file name is made of the duplicated
filename and the following chain of executions does not work properly.
This commit tries to select the first found line before extracting the
desktop file name.
Signed-off-by: Lionel Orry <lionel.orry@gmail.com>
---
scripts/xdg-mime.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/xdg-mime.in b/scripts/xdg-mime.in
index 80781c8..74cadfa 100644
--- a/scripts/xdg-mime.in
+++ b/scripts/xdg-mime.in
@@ -383,7 +383,7 @@ defapp_generic()
for x in `echo "$xdg_system_dirs" | sed 's/:/ /g'`; do
for prefix in "$XDG_MENU_PREFIX" ""; do
DEBUG 2 "Checking $x/applications/${prefix}defaults.list and $x/applications/${prefix}mimeinfo.cache"
- trader_result=`grep "$MIME=" $x/applications/${prefix}defaults.list $x/applications/${prefix}mimeinfo.cache 2> /dev/null | cut -d '=' -f 2 | cut -d ';' -f 1`
+ trader_result=`grep "$MIME=" $x/applications/${prefix}defaults.list $x/applications/${prefix}mimeinfo.cache 2> /dev/null | head -n 1 | cut -d '=' -f 2 | cut -d ';' -f 1`
if [ -n "$trader_result" ] ; then
echo $trader_result
exit_success
--
2.1.0

25
0011-add-ChangeLog-entry-for-previous-commit.patch
View File

@ -1,25 +0,0 @@
From bed791793af46ccb69107b95af87862335d4a702 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@gmail.com>
Date: Tue, 24 Feb 2015 10:29:04 -0600
Subject: [PATCH 11/11] add ChangeLog entry for previous commit
---
ChangeLog | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 0c0ab97..6f6097a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
=== xdg-utils 1.1.x ===
+2015-02-24 Lionel Orry <lionel.orry@gmail.com>
+ * xdg-mime: do not report multiple desktop files (BR60329)
+
2015-02-20 Rex Dieter <rdieter@fedoraproject.org>
* xdg-open: safer xdg-open (BR89130), inspired by patch from Vincent Bernat <bernat@debian.org>
--
2.1.0

2
sources
View File

@ -1 +1 @@
617ef5f9872ab5b148ad4717bc9012f5 xdg-utils-1.1.0-rc3.tar.gz
880bf1926f5df8424303be2f56057b62 xdg-utils-1.1.0-20150715git.tar.gz

28
xdg-utils.spec
View File

@ -1,32 +1,23 @@
%define pre rc3
#define prerelease rc3
%define snap 20150715git
Summary: Basic desktop integration functions
Name: xdg-utils
Version: 1.1.0
Release: 0.40.%{pre}%{?dist}
Release: 0.41.%{snap}%{?dist}
URL: http://portland.freedesktop.org/
%if 0%{?pre:1}
Source0: http://people.freedesktop.org/~rdieter/xdg-utils/xdg-utils-%{version}%{?pre:-%{pre}}.tar.gz
Source1: xdg-utils-git_checkout.sh
%if 0%{?snap:1}
Source0: xdg-utils-1.1.0-%{snap}.tar.gz
%else
Source0: http://portland.freedesktop.org/download/xdg-utils-%{version}%{?pre:-%{pre}}.tar.gz
Source0: http://people.freedesktop.org/~rdieter/xdg-utils/xdg-utils-%{version}%{?prerelease:-%{prerelease}}.tar.gz
%endif
#Source0: http://portland.freedesktop.org/download/xdg-utils-%{version}%{?prerelease:-%{prerelease}}.tar.gz
Source1: xdg-utils-git_checkout.sh
License: MIT
## upstream patches
Patch1: 0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
Patch2: 0002-xdg-open-command-injection-vulnerability-BR66670.patch
Patch3: 0003-xdg-mime-dereference-symlinks-when-using-mimetype-or.patch
Patch4: 0004-xdg-screensaver-Change-screensaver_freedesktop-s-int.patch
Patch5: 0005-xdg-open-better-fix-for-command-injection-vulnerabil.patch
Patch6: 0006-xdg-open-Improve-performance-of-get_key-function.patch
Patch7: 0007-Add-changelog-for-prior-commit.patch
Patch8: 0008-xdg-open-safer-xdg-open-BR89130.patch
Patch9: 0009-one-more-s-arg-target-rename-fix-for-prior-commit.patch
Patch10: 0010-xdg-mime-do-not-report-multiple-desktop-files-BR6032.patch
Patch11: 0011-add-ChangeLog-entry-for-previous-commit.patch
# make sure BuildArch comes *after* patches, to ensure %%autosetup works right
# http://bugzilla.redhat.com/1084309
@ -101,6 +92,9 @@ make install DESTDIR=%{buildroot}
%changelog
* Wed Jul 15 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.41.20150715git
- 20150715git snapshot
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-0.40.rc3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild