Pullup ticket 2178 - requested by marrti

security fix for xfce4-terminal - pkgsrc/x11/xfce4-terminal/Makefile 1.2 - pkgsrc/x11/xfce4-terminal/buildlink3.mk 1.2 - pkgsrc/x11/xfce4-terminal/distinfo 1.2 - pkgsrc/x11/xfce4-terminal/patches/patch-aa 1.1 Modified Files: pkgsrc/x11/xfce4-terminal: Makefile buildlink3.mk distinfo Added Files: pkgsrc/x11/xfce4-terminal/patches: patch-aa Log Message: Updated x11/xfce4-terminal to 0.2.6nb1 Fixed "URL handling allows remote shell command execution" bug: http://bugzilla.xfce.org/show_bug.cgi?id=3383
author: ghen <ghen@pkgsrc.org> 2007-09-03 12:53:33 +0000
committer: ghen <ghen@pkgsrc.org> 2007-09-03 12:53:33 +0000
commit: b199aa35d77047b0965ecee397505c709558e5ac (patch)
tree: 3fc9e338222ac944f4cd54570632cf2225225bd7
parent: 5047a32765c7a45ab34fdd07ac45318e2c4ae936 (diff)
download: pkgsrc-b199aa35d77047b0965ecee397505c709558e5ac.tar.gz
4 files changed, 220 insertions, 4 deletions
diff --git a/x11/xfce4-terminal/Makefile b/x11/xfce4-terminal/Makefile
index b10a9679673..3a34bcd8250 100644
--- a/x11/xfce4-terminal/Makefile
+++ b/x11/xfce4-terminal/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $
+# $NetBSD: Makefile,v 1.1.1.1.2.1 2007/09/03 12:53:33 ghen Exp $
 
 .include "../../meta-pkgs/xfce4/Makefile.common"
 
@@ -6,6 +6,7 @@ XFCE4_VERSION=	0.2.6
 
 DISTNAME=	Terminal-${XFCE4_VERSION}
 PKGNAME=	xfce4-terminal-${XFCE4_VERSION}
+PKGREVISION=	1
 CATEGORIES=	x11
 COMMENT=	Xfce terminal emulator
 
diff --git a/x11/xfce4-terminal/buildlink3.mk b/x11/xfce4-terminal/buildlink3.mk
index f9f6c8400f6..7192b95ba7e 100644
--- a/x11/xfce4-terminal/buildlink3.mk
+++ b/x11/xfce4-terminal/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $
+# $NetBSD: buildlink3.mk,v 1.1.1.1.2.1 2007/09/03 12:53:33 ghen Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 XFCE4_TERMINAL_BUILDLINK3_MK:=	${XFCE4_TERMINAL_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	xfce4-terminal
 BUILDLINK_ORDER:=	${BUILDLINK_ORDER} ${BUILDLINK_DEPTH}xfce4-terminal
 
 .if ${XFCE4_TERMINAL_BUILDLINK3_MK} == "+"
-BUILDLINK_API_DEPENDS.xfce4-terminal+=	xfce4-terminal>=0.2.6
+BUILDLINK_API_DEPENDS.xfce4-terminal+=	xfce4-terminal>=0.2.6nb1
 BUILDLINK_PKGSRCDIR.xfce4-terminal?=	../../x11/xfce4-terminal
 .endif	# XFCE4_TERMINAL_BUILDLINK3_MK
 
diff --git a/x11/xfce4-terminal/distinfo b/x11/xfce4-terminal/distinfo
index f5f242c22ae..4082a31cc32 100644
--- a/x11/xfce4-terminal/distinfo
+++ b/x11/xfce4-terminal/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $
+$NetBSD: distinfo,v 1.1.1.1.2.1 2007/09/03 12:53:33 ghen Exp $
 
 SHA1 (Terminal-0.2.6.tar.bz2) = 8851179492c4768a1a53d2424d7a7c8b1a873c58
 RMD160 (Terminal-0.2.6.tar.bz2) = 0e1bcb66b83a92044eae891c35cc3750918ca83e
 Size (Terminal-0.2.6.tar.bz2) = 1582076 bytes
+SHA1 (patch-aa) = f08cf609852fbf1ce81fb9066dfaa1338dbea85b
diff --git a/x11/xfce4-terminal/patches/patch-aa b/x11/xfce4-terminal/patches/patch-aa
new file mode 100644
index 00000000000..8ebc7bb952d
--- /dev/null
+++ b/x11/xfce4-terminal/patches/patch-aa
@@ -0,0 +1,214 @@
+$NetBSD: patch-aa,v 1.1.2.2 2007/09/03 12:53:34 ghen Exp $
+
+Patch for http://bugzilla.xfce.org/show_bug.cgi?id=3383
+
+--- helpers/balsa.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/balsa.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=balsa
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -m "mailto:%u"
++X-Terminal-Command=%B -m mailto:%u
+
+--- helpers/epiphany.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/epiphany.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=epiphany;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+
+--- helpers/evolution.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/evolution.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B "mailto:%u"
++X-Terminal-Command=%B mailto:%u
+
+--- helpers/exo-open-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=exo-open
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B --launch WebBrowser "%u"
++X-Terminal-Command=%B --launch WebBrowser %u
+
+--- helpers/exo-open-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=exo-open
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B --launch MailReader "%u"
++X-Terminal-Command=%B --launch MailReader %u
+
+--- helpers/firefox.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/firefox.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u\) || %B %u
+
+--- helpers/galeon.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/galeon.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=galeon;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+
+--- helpers/kmail.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/kmail.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=kmail;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+
+--- helpers/konqueror.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/konqueror.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,6 +5,6 @@
+ Type=Application
+ X-Terminal-Binaries=konqueror;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+ 
+ 
+
+--- helpers/lynx.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/lynx.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=lynx;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=Terminal -x %B "%u"
++X-Terminal-Command=Terminal -x %B %u
+
+--- helpers/mozilla-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
+
+--- helpers/mozilla-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
+
+--- helpers/mutt.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/mutt.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=mutt;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=Terminal -x %B "%u"
++X-Terminal-Command=Terminal -x %B %u
+
+--- helpers/opera-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/opera-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=opera;
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
+
+--- helpers/opera-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=opera;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u"
++X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u
+
+--- helpers/sensible-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=sensible-browser
+ X-Terminal-Category=WebBrowser
+-X-Terminal-Command=%B "%u"
++X-Terminal-Command=%B %u
+
+--- helpers/sylpheed-claws.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -7,4 +7,4 @@
+ StartupNotify=true
+ X-Terminal-Binaries=sylpheed-claws;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B --compose "%u"
++X-Terminal-Command=%B --compose %u
+
+--- helpers/thunderbird.desktop.in	2007-01-20 16:30:46.000000000 +0200
++++ Terminal-0.2.6.patched/helpers/thunderbird.desktop.in	2007-08-14 09:12:57.000000000 +0300
+@@ -5,4 +5,4 @@
+ Type=Application
+ X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird;
+ X-Terminal-Category=MailReader
+-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
+
+--- terminal/terminal-helper.c	2007-01-20 16:30:51.000000000 +0200
++++ Terminal-0.2.6.patched/terminal/terminal-helper.c	2007-08-14 09:17:20.000000000 +0300
+@@ -349,6 +349,8 @@
+   gchar       *argv[4];
+   gchar       *command;
+   gchar       *t;
++  gchar       *escaped;
++  gchar       **parts;
+   guint        n;
+ 
+   g_return_if_fail (TERMINAL_IS_HELPER (helper));
+@@ -359,6 +361,12 @@
+     if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
+       ++n;
+ 
++  parts = g_strsplit (uri, "$", 0);
++
++  escaped = g_shell_quote (g_strjoinv("\$", parts));
++
++  g_strfreev (parts);
++
+   if (n > 0)
+     {
+       command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1);
+@@ -366,7 +374,7 @@
+         {
+           if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
+             {
+-              for (u = uri; *u != '\0'; )
++              for (u = escaped; *u != '\0'; )
+                 *t++ = *u++;
+               s += 2;
+             }
+@@ -379,9 +387,11 @@
+     }
+   else
+     {
+-      command = g_strconcat (helper->command, " ", uri, NULL);
++      command = g_strconcat (helper->command, " ", escaped, NULL);
+     }
+ 
++  g_free (escaped);
++
+   argv[0] = "/bin/sh";
+   argv[1] = "-c";
+   argv[2] = command;
author	ghen <ghen@pkgsrc.org>	2007-09-03 12:53:33 +0000
committer	ghen <ghen@pkgsrc.org>	2007-09-03 12:53:33 +0000
commit	b199aa35d77047b0965ecee397505c709558e5ac (patch)
tree	3fc9e338222ac944f4cd54570632cf2225225bd7
parent	5047a32765c7a45ab34fdd07ac45318e2c4ae936 (diff)
download	pkgsrc-b199aa35d77047b0965ecee397505c709558e5ac.tar.gz