Hello community, here is the log from the commit of package xdg-utils for openSUSE:Factory checked in at 2015-01-22 21:48:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xdg-utils (Old) and /work/SRC/openSUSE:Factory/.xdg-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xdg-utils" Changes: -------- --- /work/SRC/openSUSE:Factory/xdg-utils/xdg-utils.changes 2014-12-30 00:49:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.xdg-utils.new/xdg-utils.changes 2015-01-22 21:48:53.000000000 +0100 @@ -1,0 +2,11 @@ +Tue Jan 20 12:14:38 UTC 2015 - jsl...@suse.com + +- update to 20150119 + * xdg-open: Improve performance of get_key function + * xdg-open: better fix for command injection vulnerability (bnc#913676) + * xdg-screensaver: Change screensaver_freedesktop's interpretation of GetActive + * xdg-mime: dereference symlinks when using mimetype or file + * xdg-open: command injection vulnerability + * xdg-screensaver should control X11's screensaver in xfce as fallback + +------------------------------------------------------------------- Old: ---- xdg-utils-20141009.tar.xz New: ---- xdg-utils-20150119.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xdg-utils.spec ++++++ --- /var/tmp/diff_new_pack.8Rz93q/_old 2015-01-22 21:48:53.000000000 +0100 +++ /var/tmp/diff_new_pack.8Rz93q/_new 2015-01-22 21:48:53.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package xdg-utils # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Summary: Utilities to uniformly interface desktop environments License: MIT Group: System/GUI/Other -Version: 20141009 +Version: 20150119 Release: 0 BuildArch: noarch Url: http://portland.freedesktop.org/ ++++++ xdg-utils-20141009.tar.xz -> xdg-utils-20150119.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20141009/ChangeLog new/xdg-utils-20150119/ChangeLog --- old/xdg-utils-20141009/ChangeLog 2014-11-27 16:37:05.000000000 +0100 +++ new/xdg-utils-20150119/ChangeLog 2015-01-20 13:14:13.000000000 +0100 @@ -1,5 +1,19 @@ === xdg-utils 1.1.x === +2015-01-19 Rex Dieter <rdie...@fedoraproject.org> + * xdg-open: better fix for command injection vulnerability (BR66670) + * xdg-open is extremely slow because get_key executes grep unnecessarily (BR88524) + +2015-01-15 Reuben Thomas <r...@sc3d.org> + * xdg-mime: dereference symlinks when using mimetype or file (BR39923) + * xdg-screensaver: Change screensaver_freedesktop's interpretation of GetActive (BR29859) + +2015-01-05 Rex Dieter <rdie...@fedoraproject.org> + * xdg-open: command injection vulnerability (BR66670) + +2015-01-04 Rex Dieter <rdie...@fedoraproject.org> + * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089) + 2014-10-09 Rex Dieter <rdie...@fedoraproject.org> * xdg-screensaver plasma5 support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20141009/scripts/xdg-mime.in new/xdg-utils-20150119/scripts/xdg-mime.in --- old/xdg-utils-20141009/scripts/xdg-mime.in 2014-11-27 16:37:05.000000000 +0100 +++ new/xdg-utils-20150119/scripts/xdg-mime.in 2015-01-20 13:14:13.000000000 +0100 @@ -98,11 +98,11 @@ info_generic() { if mimetype --version >/dev/null 2>&1; then - DEBUG 1 "Running mimetype -b \"$1\"" - mimetype -b "$1" + DEBUG 1 "Running mimetype --brief --dereference \"$1\"" + mimetype --brief --dereference "$1" else - DEBUG 1 "Running file --mime-type \"$1\"" - /usr/bin/file -b --mime-type "$1" 2> /dev/null + DEBUG 1 "Running file --brief --dereference --mime-type \"$1\"" + /usr/bin/file --brief --dereference --mime-type "$1" 2> /dev/null fi if [ $? -eq 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20141009/scripts/xdg-open.in new/xdg-utils-20150119/scripts/xdg-open.in --- old/xdg-utils-20141009/scripts/xdg-open.in 2014-11-27 16:37:05.000000000 +0100 +++ new/xdg-utils-20150119/scripts/xdg-open.in 2015-01-20 13:14:13.000000000 +0100 @@ -57,11 +57,11 @@ "["*) desktop_entry="" ;; - *) + "${key}="*) # Only match Desktop Entry group if [ -n "${desktop_entry}" ] then - echo "${line}" | grep -E "^${key}=" | cut -d= -f 2- + echo "${line}" | cut -d= -f 2- fi esac done < "${file}" @@ -186,17 +186,17 @@ # FIXME: Actually LC_MESSAGES should be used as described in # http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html localised_name="'$(get_key "${file}" "Name")'" - arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \ + arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \ -e 's*%i*'"$icon"'*g' \ -e 's*%c*'"$localised_name"'*g')" if [ -x "$command_exec" ] ; then if echo "$arguments" | grep -iq '%[fFuU]' ; then echo START "$command_exec" "$arguments_exec" - eval "$command_exec" "$arguments_exec" + eval "'$command_exec'" "'$arguments_exec'" else echo START "$command_exec" "$arguments_exec" "$arg" - eval "$command_exec" "$arguments_exec" "$arg" + eval "'$command_exec'" "'$arguments_exec'" "'$arg'" fi if [ $? -eq 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xdg-utils-20141009/scripts/xdg-screensaver.in new/xdg-utils-20150119/scripts/xdg-screensaver.in --- old/xdg-utils-20141009/scripts/xdg-screensaver.in 2014-11-27 16:37:05.000000000 +0100 +++ new/xdg-utils-20150119/scripts/xdg-screensaver.in 2015-01-20 13:14:13.000000000 +0100 @@ -104,6 +104,10 @@ screensaver_xscreensaver "$1" ;; + xfce) + [ -n "$DISPLAY" ] && screensaver_xserver "$1" + ;; + '') [ -n "$DISPLAY" ] && screensaver_xserver "$1" ;; @@ -296,13 +300,13 @@ org.freedesktop.ScreenSaver.GetActive \ | grep boolean | cut -d ' ' -f 5` result=$? - if [ x"$status" = "xtrue" ]; then + if [ x"$status" = "xtrue" -o x"$status" = "xfalse" ]; then echo "enabled" - elif [ x"$status" = "xfalse" ]; then - echo "disabled" - else + elif [ x"$result" != "x0" ]; then echo "ERROR: dbus org.freedesktop.ScreenSaver.GetActive returned '$status'" >&2 return 1 + else + echo "disabled" fi ;; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
