Package: xdg-utils / 1.1.0~rc1+git20111210-6+deb7u3
Metadata
Package | Version | Patches format |
---|---|---|
xdg-utils | 1.1.0~rc1+git20111210-6+deb7u3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
xdg email envvar.diff | (download) |
scripts/xdg-email.in |
25 25 + 0 - 0 ! |
add $mailer support to xdg-email. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=6615 Bug-Debian: http://bugs.debian.org/574131 |
xdg email mutt detect.diff | (download) |
scripts/xdg-email.in |
10 10 + 0 - 0 ! |
fallback to mutt if ~/.muttrc exists. |
xdg open browser multiword.diff | (download) |
scripts/xdg-open.in |
2 2 + 0 - 0 ! |
fix support for multi-word $browser commands. |
xdg open printf.diff | (download) |
scripts/xdg-open.in |
6 5 + 1 - 0 ! |
use /usr/bin/printf if available when decoding urls. dash's printf doesn't understand \xHH sequences. |
xdg screensaver new gnome.diff | (download) |
scripts/xdg-screensaver.in |
56 48 + 8 - 0 ! |
use dbus api for gnome since gnome-screensaver-command --poke has been removed |
xdg open spaces.diff | (download) |
scripts/xdg-open.in |
2 1 + 1 - 0 ! |
--- |
xdg open escape sed.diff | (download) |
scripts/xdg-open.in |
3 2 + 1 - 0 ! |
--- |
no X.diff | (download) |
scripts/xdg-email.in |
2 1 + 1 - 0 ! |
--- |
fix bashism use of echo.patch | (download) |
scripts/xdg-email.in |
8 4 + 4 - 0 ! |
use /bin/echo -e instead of echo -e in xdg-email |
command injection.patch | (download) |
scripts/xdg-open.in |
6 3 + 3 - 0 ! |
[patch] xdg-open: command injection vulnerability (br66670) |
xdg open safe.diff | (download) |
scripts/xdg-open.in |
38 28 + 10 - 0 ! |
fix safety of de-agnostic xdg-open Let the shell do the splitting of the command contained in the .desktop file (set -- $(sed ...)). . Use "$@" behaving like an array. We cannot modify this array but we can append to it (with set -- "$@" "$newarg"). Basically, we take $command_exec and then shift. Then, we iterate on each argument using a counter and if the argument needs to be modified (because this is the place holder), we append the modified version, otherwise, we append it unmodified. At the end, "$@" is the array of arguments to be passed to "$command_exec". If no replacement has happened, we also append the target file. . No magic quoting is done, no evaluation. I think this is a safe alternative to the current script. I can also push it upstream. |
CVE 2015 1877.patch | (download) |
scripts/xdg-open.in |
10 5 + 5 - 0 ! |
cve-2015-1877: command injection vulnerability due to local variables collision |