47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
Fix for #429513: CVE-2008-0386 xdg-open allows to execute arbitrary commands
|
|
|
|
From upstream:
|
|
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open.in?r1=1.17&r2=1.18
|
|
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33
|
|
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25
|
|
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37
|
|
|
|
diff -urp xdg-utils-1.0.2.orig/scripts/xdg-email xdg-utils-1.0.2/scripts/xdg-email
|
|
--- xdg-utils-1.0.2.orig/scripts/xdg-email 2007-06-24 21:58:04.000000000 +0200
|
|
+++ xdg-utils-1.0.2/scripts/xdg-email 2008-01-25 15:17:51.000000000 +0100
|
|
@@ -1,4 +1,4 @@
|
|
-#!/bin/sh
|
|
+#!/bin/bash
|
|
#---------------------------------------------
|
|
# xdg-email
|
|
#
|
|
@@ -435,7 +435,8 @@ open_generic()
|
|
for browser in $BROWSER; do
|
|
if [ x"$browser" != x"" ]; then
|
|
|
|
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
|
+ IFS=' '
|
|
+ browser_with_arg=${browser//'%s'/"$1"}
|
|
|
|
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
|
else $browser_with_arg;
|
|
diff -urp xdg-utils-1.0.2.orig/scripts/xdg-open xdg-utils-1.0.2/scripts/xdg-open
|
|
--- xdg-utils-1.0.2.orig/scripts/xdg-open 2008-01-25 15:16:43.000000000 +0100
|
|
+++ xdg-utils-1.0.2/scripts/xdg-open 2008-01-25 15:17:54.000000000 +0100
|
|
@@ -1,4 +1,4 @@
|
|
-#!/bin/sh
|
|
+#!/bin/bash
|
|
#---------------------------------------------
|
|
# xdg-open
|
|
#
|
|
@@ -371,7 +371,8 @@ open_generic()
|
|
for browser in $BROWSER; do
|
|
if [ x"$browser" != x"" ]; then
|
|
|
|
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
|
|
+ IFS=' '
|
|
+ browser_with_arg=${browser//'%s'/"$1"}
|
|
|
|
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
|
|
else $browser_with_arg;
|