From 3a6810ab0ea029d6d013a81d5df5d9fbdfae7444 Mon Sep 17 00:00:00 2001 From: martti Date: Thu, 23 Aug 2007 09:24:57 +0000 Subject: Updated x11/xfce4-terminal to 0.2.6nb1 Fixed "URL handling allows remote shell command execution" bug: http://bugzilla.xfce.org/show_bug.cgi?id=3383 --- x11/xfce4-terminal/Makefile | 3 +- x11/xfce4-terminal/buildlink3.mk | 4 +- x11/xfce4-terminal/distinfo | 3 +- x11/xfce4-terminal/patches/patch-aa | 214 ++++++++++++++++++++++++++++++++++++ 4 files changed, 220 insertions(+), 4 deletions(-) create mode 100644 x11/xfce4-terminal/patches/patch-aa diff --git a/x11/xfce4-terminal/Makefile b/x11/xfce4-terminal/Makefile index b10a9679673..7c7c206b81a 100644 --- a/x11/xfce4-terminal/Makefile +++ b/x11/xfce4-terminal/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $ +# $NetBSD: Makefile,v 1.2 2007/08/23 09:24:57 martti Exp $ .include "../../meta-pkgs/xfce4/Makefile.common" @@ -6,6 +6,7 @@ XFCE4_VERSION= 0.2.6 DISTNAME= Terminal-${XFCE4_VERSION} PKGNAME= xfce4-terminal-${XFCE4_VERSION} +PKGREVISION= 1 CATEGORIES= x11 COMMENT= Xfce terminal emulator diff --git a/x11/xfce4-terminal/buildlink3.mk b/x11/xfce4-terminal/buildlink3.mk index f9f6c8400f6..8cc0a4ec25a 100644 --- a/x11/xfce4-terminal/buildlink3.mk +++ b/x11/xfce4-terminal/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $ +# $NetBSD: buildlink3.mk,v 1.2 2007/08/23 09:24:57 martti Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ XFCE4_TERMINAL_BUILDLINK3_MK:= ${XFCE4_TERMINAL_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= xfce4-terminal BUILDLINK_ORDER:= ${BUILDLINK_ORDER} ${BUILDLINK_DEPTH}xfce4-terminal .if ${XFCE4_TERMINAL_BUILDLINK3_MK} == "+" -BUILDLINK_API_DEPENDS.xfce4-terminal+= xfce4-terminal>=0.2.6 +BUILDLINK_API_DEPENDS.xfce4-terminal+= xfce4-terminal>=0.2.6nb1 BUILDLINK_PKGSRCDIR.xfce4-terminal?= ../../x11/xfce4-terminal .endif # XFCE4_TERMINAL_BUILDLINK3_MK diff --git a/x11/xfce4-terminal/distinfo b/x11/xfce4-terminal/distinfo index f5f242c22ae..cd7f5b5bdf0 100644 --- a/x11/xfce4-terminal/distinfo +++ b/x11/xfce4-terminal/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.1.1.1 2007/04/12 09:51:20 martti Exp $ +$NetBSD: distinfo,v 1.2 2007/08/23 09:24:57 martti Exp $ SHA1 (Terminal-0.2.6.tar.bz2) = 8851179492c4768a1a53d2424d7a7c8b1a873c58 RMD160 (Terminal-0.2.6.tar.bz2) = 0e1bcb66b83a92044eae891c35cc3750918ca83e Size (Terminal-0.2.6.tar.bz2) = 1582076 bytes +SHA1 (patch-aa) = f08cf609852fbf1ce81fb9066dfaa1338dbea85b diff --git a/x11/xfce4-terminal/patches/patch-aa b/x11/xfce4-terminal/patches/patch-aa new file mode 100644 index 00000000000..682ac00f5a3 --- /dev/null +++ b/x11/xfce4-terminal/patches/patch-aa @@ -0,0 +1,214 @@ +$NetBSD: patch-aa,v 1.1 2007/08/23 09:24:57 martti Exp $ + +Patch for http://bugzilla.xfce.org/show_bug.cgi?id=3383 + +--- helpers/balsa.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/balsa.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=balsa + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -m "mailto:%u" ++X-Terminal-Command=%B -m mailto:%u + +--- helpers/epiphany.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/epiphany.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=epiphany; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u + +--- helpers/evolution.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/evolution.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B "mailto:%u" ++X-Terminal-Command=%B mailto:%u + +--- helpers/exo-open-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=exo-open + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B --launch WebBrowser "%u" ++X-Terminal-Command=%B --launch WebBrowser %u + +--- helpers/exo-open-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=exo-open + X-Terminal-Category=MailReader +-X-Terminal-Command=%B --launch MailReader "%u" ++X-Terminal-Command=%B --launch MailReader %u + +--- helpers/firefox.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/firefox.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u\) || %B %u + +--- helpers/galeon.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/galeon.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=galeon; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u + +--- helpers/kmail.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/kmail.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=kmail; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u + +--- helpers/konqueror.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/konqueror.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,6 +5,6 @@ + Type=Application + X-Terminal-Binaries=konqueror; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u + + + +--- helpers/lynx.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/lynx.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=lynx; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=Terminal -x %B "%u" ++X-Terminal-Command=Terminal -x %B %u + +--- helpers/mozilla-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u + +--- helpers/mozilla-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u" ++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u + +--- helpers/mutt.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/mutt.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=mutt; + X-Terminal-Category=MailReader +-X-Terminal-Command=Terminal -x %B "%u" ++X-Terminal-Command=Terminal -x %B %u + +--- helpers/opera-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/opera-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=opera; + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u" ++X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u + +--- helpers/opera-mailer.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=opera; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u" ++X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u + +--- helpers/sensible-browser.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=sensible-browser + X-Terminal-Category=WebBrowser +-X-Terminal-Command=%B "%u" ++X-Terminal-Command=%B %u + +--- helpers/sylpheed-claws.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -7,4 +7,4 @@ + StartupNotify=true + X-Terminal-Binaries=sylpheed-claws; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B --compose "%u" ++X-Terminal-Command=%B --compose %u + +--- helpers/thunderbird.desktop.in 2007-01-20 16:30:46.000000000 +0200 ++++ Terminal-0.2.6.patched/helpers/thunderbird.desktop.in 2007-08-14 09:12:57.000000000 +0300 +@@ -5,4 +5,4 @@ + Type=Application + X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird; + X-Terminal-Category=MailReader +-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u" ++X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u + +--- terminal/terminal-helper.c 2007-01-20 16:30:51.000000000 +0200 ++++ Terminal-0.2.6.patched/terminal/terminal-helper.c 2007-08-14 09:17:20.000000000 +0300 +@@ -349,6 +349,8 @@ + gchar *argv[4]; + gchar *command; + gchar *t; ++ gchar *escaped; ++ gchar **parts; + guint n; + + g_return_if_fail (TERMINAL_IS_HELPER (helper)); +@@ -359,6 +361,12 @@ + if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u') + ++n; + ++ parts = g_strsplit (uri, "$", 0); ++ ++ escaped = g_shell_quote (g_strjoinv("\$", parts)); ++ ++ g_strfreev (parts); ++ + if (n > 0) + { + command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1); +@@ -366,7 +374,7 @@ + { + if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u') + { +- for (u = uri; *u != '\0'; ) ++ for (u = escaped; *u != '\0'; ) + *t++ = *u++; + s += 2; + } +@@ -379,9 +387,11 @@ + } + else + { +- command = g_strconcat (helper->command, " ", uri, NULL); ++ command = g_strconcat (helper->command, " ", escaped, NULL); + } + ++ g_free (escaped); ++ + argv[0] = "/bin/sh"; + argv[1] = "-c"; + argv[2] = command; -- cgit v1.2.3