diff --git a/0017-fix-CVE-2022-4055.patch b/0017-fix-CVE-2022-4055.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad1fa9afb14173eccbd1156b26c5558ae0ea900f --- /dev/null +++ b/0017-fix-CVE-2022-4055.patch @@ -0,0 +1,153 @@ +diff -Nurw xdg-utils-1.1.3/scripts/xdg-email.in xdg-utils-1.1.3_new/scripts/xdg-email.in +--- xdg-utils-1.1.3/scripts/xdg-email.in 2018-05-10 23:02:31.000000000 +0800 ++++ xdg-utils-1.1.3_new/scripts/xdg-email.in 2023-10-20 11:42:46.940614217 +0800 +@@ -30,81 +30,8 @@ + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY ATTACH +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach=' | sed 's/^attach=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }' | sed 's/,$//')) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- if [ -n "$ATTACH" ] ; then +- NEWMAILTO="${NEWMAILTO},attachment='${ATTACH}'" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { +- if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +- local kreadconfig=kreadconfig$KDE_SESSION_VERSION +- else +- local kreadconfig=kreadconfig +- fi +- +- if which $kreadconfig >/dev/null 2>&1; then +- local profile=$($kreadconfig --file emaildefaults \ +- --group Defaults --key Profile) +- if [ -n "$profile" ]; then +- local client=$($kreadconfig --file emaildefaults \ +- --group "PROFILE_$profile" \ +- --key EmailClient \ +- | cut -d ' ' -f 1) +- +- if echo "$client" | grep -Eq 'thunderbird|icedove'; then +- run_thunderbird "$client" "$1" +- fi +- fi +- fi +- + local command + case "$KDE_SESSION_VERSION" in + '') command=kmailservice ;; +@@ -135,15 +62,6 @@ + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -164,13 +82,6 @@ + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -236,15 +147,6 @@ + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -369,21 +271,6 @@ + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; diff --git a/xdg-utils.spec b/xdg-utils.spec index a5b81e7824db4fa1e5428b8586cd79eba0d4d506..c7ca4f14f577edc66ae77400b2eeacfb42e45a0d 100644 --- a/xdg-utils.spec +++ b/xdg-utils.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Summary: Basic desktop integration functions Name: xdg-utils @@ -26,6 +26,7 @@ Patch13: 0013-support-digits-in-uri-scheme-regex.patch Patch14: 0014-xdg-mime-return-correct-exit-code-for-GNOME.patch Patch15: 0015-fixed-166-xdg-open-dose-not-search-correctly-in-dire.patch Patch16: 0016-Fix-xdg-settings-support-for-default-web-browser-for.patch +Patch17: 0017-fix-CVE-2022-4055.patch BuildArch: noarch @@ -106,5 +107,8 @@ Doc files for %{name} %changelog +* Thu Oct 19 2023 mgb01105731 - 1.1.3-2 +- fix CVE-2022-4055 + * Thu Mar 16 2023 Chunmei Xu - 1.1.3-1 - init from upstream