[Pkg-xfce-commits] r1590 - in desktop/branches: . etch-security etch-security/xfce4-terminal/debian etch-security/xfce4-terminal/debian/patches

huggie at alioth.debian.org huggie at alioth.debian.org
Thu Feb 7 13:35:45 UTC 2008 

Author: huggie
Date: 2008-02-07 13:35:45 +0000 (Thu, 07 Feb 2008)
New Revision: 1590

Added:
   desktop/branches/etch-security/
   desktop/branches/etch-security/xfce4-terminal/
   desktop/branches/etch-security/xfce4-terminal/debian/patches/01_CVE-2007-3770.patch
Modified:
   desktop/branches/etch-security/xfce4-terminal/debian/changelog
Log:
Copy r889 of xfce4-terminal into etch security and add the security
changelog and patch so we have a copy of this.


Copied: desktop/branches/etch-security/xfce4-terminal (from rev 889, goodies/xfce4-terminal)

Modified: desktop/branches/etch-security/xfce4-terminal/debian/changelog
===================================================================
--- goodies/xfce4-terminal/debian/changelog	2006-09-29 11:34:19 UTC (rev 889)
+++ desktop/branches/etch-security/xfce4-terminal/debian/changelog	2008-02-07 13:35:45 UTC (rev 1590)
@@ -1,3 +1,11 @@
+xfce4-terminal (0.2.5.6rc1-2etch1) stable-security; urgency=high
+
+  * Non-maintainer upload by The Security Team.
+  * Fix security problem in URL handling code thanks to Darren Salt.
+    [CVE-2007-3770]
+
+ -- Steve Kemp <skx at debian.org>  Sat, 20 Oct 2007 19:34:21 +0000
+
 xfce4-terminal (0.2.5.6rc1-2) unstable; urgency=low
 
   * debian/control: bumped exo build-dep to 4.4rc1 to fix FTBFS.

Added: desktop/branches/etch-security/xfce4-terminal/debian/patches/01_CVE-2007-3770.patch
===================================================================
--- desktop/branches/etch-security/xfce4-terminal/debian/patches/01_CVE-2007-3770.patch	                        (rev 0)
+++ desktop/branches/etch-security/xfce4-terminal/debian/patches/01_CVE-2007-3770.patch	2008-02-07 13:35:45 UTC (rev 1590)
@@ -0,0 +1,187 @@
+--- xfce4-terminal-0.2.6.orig/helpers/opera-browser.desktop.in
++++ xfce4-terminal-0.2.6/helpers/opera-browser.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=opera;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
+--- xfce4-terminal-0.2.6.orig/helpers/evolution.desktop.in
++++ xfce4-terminal-0.2.6/helpers/evolution.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B "mailto:%u"
++X-Terminal-Command=%B mailto:%u
+--- xfce4-terminal-0.2.6.orig/helpers/mozilla-mailer.desktop.in
++++ xfce4-terminal-0.2.6/helpers/mozilla-mailer.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
+--- xfce4-terminal-0.2.6.orig/helpers/exo-open-mailer.desktop.in
++++ xfce4-terminal-0.2.6/helpers/exo-open-mailer.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=exo-open
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B --launch MailReader "%u"
++X-Terminal-Command=%B --launch MailReader %u
+--- xfce4-terminal-0.2.6.orig/helpers/kmail.desktop.in
++++ xfce4-terminal-0.2.6/helpers/kmail.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=kmail;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+--- xfce4-terminal-0.2.6.orig/helpers/exo-open-browser.desktop.in
++++ xfce4-terminal-0.2.6/helpers/exo-open-browser.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=exo-open
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B --launch WebBrowser "%u"
++X-Terminal-Command=%B --launch WebBrowser %u
+--- xfce4-terminal-0.2.6.orig/helpers/epiphany.desktop.in
++++ xfce4-terminal-0.2.6/helpers/epiphany.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=epiphany;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+--- xfce4-terminal-0.2.6.orig/helpers/galeon.desktop.in
++++ xfce4-terminal-0.2.6/helpers/galeon.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=galeon;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+--- xfce4-terminal-0.2.6.orig/helpers/konqueror.desktop.in
++++ xfce4-terminal-0.2.6/helpers/konqueror.desktop.in
+@@ -5,6 +5,6 @@
+ Type=Application
+ X-Terminal-Binaries=konqueror;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+ 
+ 
+--- xfce4-terminal-0.2.6.orig/helpers/balsa.desktop.in
++++ xfce4-terminal-0.2.6/helpers/balsa.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=balsa
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -m "mailto:%u"
++X-Terminal-Command=%B -m mailto:%u
+--- xfce4-terminal-0.2.6.orig/helpers/sylpheed-claws.desktop.in
++++ xfce4-terminal-0.2.6/helpers/sylpheed-claws.desktop.in
+@@ -7,4 +7,4 @@
+ StartupNotify=true
+ X-Terminal-Binaries=sylpheed-claws;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B --compose "%u"
++X-Terminal-Command=%B --compose %u
+--- xfce4-terminal-0.2.6.orig/helpers/sensible-browser.desktop.in
++++ xfce4-terminal-0.2.6/helpers/sensible-browser.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=sensible-browser
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+--- xfce4-terminal-0.2.6.orig/helpers/firefox.desktop.in
++++ xfce4-terminal-0.2.6/helpers/firefox.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u\) || %B %u
+--- xfce4-terminal-0.2.6.orig/helpers/mozilla-browser.desktop.in
++++ xfce4-terminal-0.2.6/helpers/mozilla-browser.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
+--- xfce4-terminal-0.2.6.orig/helpers/opera-mailer.desktop.in
++++ xfce4-terminal-0.2.6/helpers/opera-mailer.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=opera;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u"
++X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u
+--- xfce4-terminal-0.2.6.orig/helpers/mutt.desktop.in
++++ xfce4-terminal-0.2.6/helpers/mutt.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mutt;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=Terminal -x %B "%u"
++X-Terminal-Command=Terminal -x %B %u
+--- xfce4-terminal-0.2.6.orig/helpers/thunderbird.desktop.in
++++ xfce4-terminal-0.2.6/helpers/thunderbird.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
+--- xfce4-terminal-0.2.6.orig/helpers/lynx.desktop.in
++++ xfce4-terminal-0.2.6/helpers/lynx.desktop.in
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=lynx;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=Terminal -x %B "%u"
++X-Terminal-Command=Terminal -x %B %u
+--- xfce4-terminal-0.2.6.orig/terminal/terminal-helper.c
++++ xfce4-terminal-0.2.6/terminal/terminal-helper.c
+@@ -349,6 +349,7 @@
+   gchar       *argv[4];
+   gchar       *command;
+   gchar       *t;
++  gchar       *escaped;
+   guint        n;
+ 
+   g_return_if_fail (TERMINAL_IS_HELPER (helper));
+@@ -359,6 +360,8 @@
+     if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
+       ++n;
+ 
++  escaped = g_shell_quote (uri);
++
+   if (n > 0)
+     {
+       command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1);
+@@ -366,7 +369,7 @@
+         {
+           if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
+             {
+-              for (u = uri; *u != '\0'; )
++              for (u = escaped; *u != '\0'; )
+                 *t++ = *u++;
+               s += 2;
+             }
+@@ -379,9 +382,11 @@
+     }
+   else
+     {
+-      command = g_strconcat (helper->command, " ", uri, NULL);
++      command = g_strconcat (helper->command, " ", escaped, NULL);
+     }
+ 
++  g_free (escaped);
++
+   argv[0] = "/bin/sh";
+   argv[1] = "-c";
+   argv[2] = command;

More information about the Pkg-xfce-commits mailing list