rpms/Terminal/FC-6 CVE-2007-3770.patch, NONE, 1.1 Terminal.spec, 1.16, 1.17

Kevin Fenzi (kevin) fedora-extras-commits at redhat.com
Wed Aug 15 00:00:37 UTC 2007


Author: kevin

Update of /cvs/extras/rpms/Terminal/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22227

Modified Files:
	Terminal.spec 
Added Files:
	CVE-2007-3770.patch 
Log Message:
Add patch for CVE-2007-3770. 
Update License tag


CVE-2007-3770.patch:

--- NEW FILE CVE-2007-3770.patch ---
diff -Nur Terminal-0.2.6/helpers/balsa.desktop.in Terminal-0.2.6.patched/helpers/balsa.desktop.in
--- Terminal-0.2.6/helpers/balsa.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/balsa.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=balsa
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B -m "mailto:%u"
+X-Terminal-Command=%B -m mailto:%u
diff -Nur Terminal-0.2.6/helpers/epiphany.desktop.in Terminal-0.2.6.patched/helpers/epiphany.desktop.in
--- Terminal-0.2.6/helpers/epiphany.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/epiphany.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=epiphany;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/evolution.desktop.in Terminal-0.2.6.patched/helpers/evolution.desktop.in
--- Terminal-0.2.6/helpers/evolution.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/evolution.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=evolution-2.2;evolution-2.0;evolution-1.6;evolution-1.5;evolution-1.4;evolution;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B "mailto:%u"
+X-Terminal-Command=%B mailto:%u
diff -Nur Terminal-0.2.6/helpers/exo-open-browser.desktop.in Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in
--- Terminal-0.2.6/helpers/exo-open-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/exo-open-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=exo-open
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B --launch WebBrowser "%u"
+X-Terminal-Command=%B --launch WebBrowser %u
diff -Nur Terminal-0.2.6/helpers/exo-open-mailer.desktop.in Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in
--- Terminal-0.2.6/helpers/exo-open-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/exo-open-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=exo-open
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B --launch MailReader "%u"
+X-Terminal-Command=%B --launch MailReader %u
diff -Nur Terminal-0.2.6/helpers/firefox.desktop.in Terminal-0.2.6.patched/helpers/firefox.desktop.in
--- Terminal-0.2.6/helpers/firefox.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/firefox.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=firefox;firefox-gtk2;firefox-gtk;mozilla-firefox;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u\) || %B %u
diff -Nur Terminal-0.2.6/helpers/galeon.desktop.in Terminal-0.2.6.patched/helpers/galeon.desktop.in
--- Terminal-0.2.6/helpers/galeon.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/galeon.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=galeon;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/kmail.desktop.in Terminal-0.2.6.patched/helpers/kmail.desktop.in
--- Terminal-0.2.6/helpers/kmail.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/kmail.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=kmail;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/konqueror.desktop.in Terminal-0.2.6.patched/helpers/konqueror.desktop.in
--- Terminal-0.2.6/helpers/konqueror.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/konqueror.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,6 +5,6 @@
 Type=Application
 X-Terminal-Binaries=konqueror;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
 
 
diff -Nur Terminal-0.2.6/helpers/lynx.desktop.in Terminal-0.2.6.patched/helpers/lynx.desktop.in
--- Terminal-0.2.6/helpers/lynx.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/lynx.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=lynx;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=Terminal -x %B "%u"
+X-Terminal-Command=Terminal -x %B %u
diff -Nur Terminal-0.2.6/helpers/mozilla-browser.desktop.in Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in
--- Terminal-0.2.6/helpers/mozilla-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mozilla-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
diff -Nur Terminal-0.2.6/helpers/mozilla-mailer.desktop.in Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in
--- Terminal-0.2.6/helpers/mozilla-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mozilla-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=mozilla;mozilla-gtk2;mozilla-gtk;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
+X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
diff -Nur Terminal-0.2.6/helpers/mutt.desktop.in Terminal-0.2.6.patched/helpers/mutt.desktop.in
--- Terminal-0.2.6/helpers/mutt.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/mutt.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=mutt;
 X-Terminal-Category=MailReader
-X-Terminal-Command=Terminal -x %B "%u"
+X-Terminal-Command=Terminal -x %B %u
diff -Nur Terminal-0.2.6/helpers/opera-browser.desktop.in Terminal-0.2.6.patched/helpers/opera-browser.desktop.in
--- Terminal-0.2.6/helpers/opera-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/opera-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=opera;
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B -remote "openURL(%u,new-window)" || %B "%u"
+X-Terminal-Command=%B -remote openURL\(%u,new-window\) || %B %u
diff -Nur Terminal-0.2.6/helpers/opera-mailer.desktop.in Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in
--- Terminal-0.2.6/helpers/opera-mailer.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/opera-mailer.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=opera;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "openURL(mailto:%u)" || %B "mailto:%u"
+X-Terminal-Command=%B -remote openURL\(mailto:%u\) || %B mailto:%u
diff -Nur Terminal-0.2.6/helpers/sensible-browser.desktop.in Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in
--- Terminal-0.2.6/helpers/sensible-browser.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/sensible-browser.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=sensible-browser
 X-Terminal-Category=WebBrowser
-X-Terminal-Command=%B "%u"
+X-Terminal-Command=%B %u
diff -Nur Terminal-0.2.6/helpers/sylpheed-claws.desktop.in Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in
--- Terminal-0.2.6/helpers/sylpheed-claws.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/sylpheed-claws.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -7,4 +7,4 @@
 StartupNotify=true
 X-Terminal-Binaries=sylpheed-claws;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B --compose "%u"
+X-Terminal-Command=%B --compose %u
diff -Nur Terminal-0.2.6/helpers/thunderbird.desktop.in Terminal-0.2.6.patched/helpers/thunderbird.desktop.in
--- Terminal-0.2.6/helpers/thunderbird.desktop.in	2007-01-20 16:30:46.000000000 +0200
+++ Terminal-0.2.6.patched/helpers/thunderbird.desktop.in	2007-08-14 09:12:57.000000000 +0300
@@ -5,4 +5,4 @@
 Type=Application
 X-Terminal-Binaries=thunderbird;thunderbird-gtk2;thunderbird-gtk;mozilla-thunderbird;
 X-Terminal-Category=MailReader
-X-Terminal-Command=%B -remote "mailto(%u)" || %B -compose "mailto:%u"
+X-Terminal-Command=%B -remote mailto\(%u\) || %B -compose mailto:%u
diff -Nur Terminal-0.2.6/terminal/terminal-helper.c Terminal-0.2.6.patched/terminal/terminal-helper.c
--- Terminal-0.2.6/terminal/terminal-helper.c	2007-01-20 16:30:51.000000000 +0200
+++ Terminal-0.2.6.patched/terminal/terminal-helper.c	2007-08-14 09:17:20.000000000 +0300
@@ -349,6 +349,8 @@
   gchar       *argv[4];
   gchar       *command;
   gchar       *t;
+  gchar       *escaped;
+  gchar       **parts;
   guint        n;
 
   g_return_if_fail (TERMINAL_IS_HELPER (helper));
@@ -359,6 +361,12 @@
     if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
       ++n;
 
+  parts = g_strsplit (uri, "$", 0);
+
+  escaped = g_shell_quote (g_strjoinv("\$", parts));
+
+  g_strfreev (parts);
+
   if (n > 0)
     {
       command = g_new (gchar, strlen (helper->command) + n * strlen (uri) + 1);
@@ -366,7 +374,7 @@
         {
           if (s[0] == '%' && g_ascii_tolower (s[1]) == 'u')
             {
-              for (u = uri; *u != '\0'; )
+              for (u = escaped; *u != '\0'; )
                 *t++ = *u++;
               s += 2;
             }
@@ -379,9 +387,11 @@
     }
   else
     {
-      command = g_strconcat (helper->command, " ", uri, NULL);
+      command = g_strconcat (helper->command, " ", escaped, NULL);
     }
 
+  g_free (escaped);
+
   argv[0] = "/bin/sh";
   argv[1] = "-c";
   argv[2] = command;


Index: Terminal.spec
===================================================================
RCS file: /cvs/extras/rpms/Terminal/FC-6/Terminal.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- Terminal.spec	25 Mar 2007 03:50:07 -0000	1.16
+++ Terminal.spec	15 Aug 2007 00:00:03 -0000	1.17
@@ -1,10 +1,11 @@
 Summary: X Terminal Emulator
 Name: Terminal
 Version: 0.2.6
-Release: 2%{?dist}
-License: GPL
+Release: 3%{?dist}
+License: GPLv2+
 URL: http://terminal.os-cillation.com/
 Source0: http://www.xfce.org/archive/xfce-4.4.0/src/Terminal-0.2.6.tar.bz2
+Patch1: CVE-2007-3770.patch
 Group: User Interface/X
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: vte-devel
@@ -21,6 +22,7 @@
 
 %prep
 %setup -q
+%patch1 -p1 -b .cve-2007-3770
 
 %build
 %configure
@@ -60,6 +62,10 @@
 %{_libexecdir}/TerminalHelp
 
 %changelog
+* Tue Aug 14 2007 Kevin Fenzi <kevin at tummy.com> - 0.2.6-3
+- Add patch for CVE-2007-3770. 
+- Update License tag
+
 * Sat Mar 24 2007 Kevin Fenzi <kevin at tummy.com> - 0.2.6-2
 - Fix unowned directories (#233787)
 




More information about the fedora-extras-commits mailing list