Bug 89130

Summary: safer xdg-open
Product: Portland Reporter: Michael Gilbert <michael.s.gilbert>
Component: xdg-utilsAssignee: Portland Bugs <portland-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium Keywords: patch
Version: 1.1.0 rc1   
Hardware: All   
OS: Linux (All)   
URL: https://bugs.freedesktop.org/66670
Whiteboard:
i915 platform: i915 features:
Attachments: xdg-open-safe.diff

Description Michael Gilbert 2015-02-13 06:34:28 UTC 
In Debian, additional changes for CVE-2014-9622 were added for safer parsing:
https://bugs.freedesktop.org/66670
https://bugs.debian.org/773085

The Debian patch is attached.  It applies to an older release candidate, so may not apply cleanly.
Comment 1 Michael Gilbert 2015-02-13 06:35:40 UTC 
Created attachment 113448 [details]
xdg-open-safe.diff
Comment 2 Rex Dieter 2015-02-13 12:46:18 UTC 
Thanks!

Offhand, this does look like a much better approach.
Comment 3 Rex Dieter 2015-02-20 18:21:22 UTC 
Boo, similar to bug #89129 , this patch was generated against a much older version of xdg-utils and no longer applies as-is.

I'll see if I can rework it.
Comment 4 Rex Dieter 2015-02-20 22:00:56 UTC 
Adapted it with only little fuss, thanks again. :)

http://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=13d9b0cac97e438bf7dc06452ee7fb3480907d88

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.