mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

xdg-utils: Fix CVE-2022-4055

Browse Source 
Upstream-Status: Backport from https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780

(From OE-Core rev: fc4eecb6143b2b32a374388248b41c1d95b33968)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Hitendra Prajapati
2023-10-05 10:47:11 +05:30
committed by Steve Sakoman
parent de59761cbb
commit 2a2ea5ac75
2 changed files with 166 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
+165
View File
@@ -0,0 +1,165 @@
From f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Mon Sep 17 00:00:00 2001
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Date: Thu, 25 Aug 2022 23:51:45 +0200
Subject: [PATCH] Disable special support for Thunderbird in xdg-email (fixes
CVE-2020-27748, CVE-2022-4055)
Upstream-Status: Backport [https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780]
CVE: CVE-2022-4055
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
scripts/xdg-email.in | 108 -------------------------------------------
1 file changed, 108 deletions(-)
diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in
index 13ba2d5..b700679 100644
--- a/scripts/xdg-email.in
+++ b/scripts/xdg-email.in
@@ -30,76 +30,8 @@ _USAGE
#@xdg-utils-common@
-run_thunderbird()
-{
- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY
- THUNDERBIRD="$1"
- MAILTO=$(echo "$2" | sed 's/^mailto://')
- echo "$MAILTO" | grep -qs "^?"
- if [ "$?" = "0" ] ; then
- MAILTO=$(echo "$MAILTO" | sed 's/^?//')
- else
- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/')
- fi
-
- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g')
- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1)
- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1)
-
- if [ -z "$TO" ] ; then
- NEWMAILTO=
- else
- NEWMAILTO="to='$TO'"
- fi
- if [ -n "$CC" ] ; then
- NEWMAILTO="${NEWMAILTO},cc='$CC'"
- fi
- if [ -n "$BCC" ] ; then
- NEWMAILTO="${NEWMAILTO},bcc='$BCC'"
- fi
- if [ -n "$SUBJECT" ] ; then
- NEWMAILTO="${NEWMAILTO},$SUBJECT"
- fi
- if [ -n "$BODY" ] ; then
- NEWMAILTO="${NEWMAILTO},$BODY"
- fi
-
- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//')
- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\""
- "$THUNDERBIRD" -compose "$NEWMAILTO"
- if [ $? -eq 0 ]; then
- exit_success
- else
- exit_failure_operation_failed
- fi
-}
-
open_kde()
{
- if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then
- local kreadconfig=kreadconfig$KDE_SESSION_VERSION
- else
- local kreadconfig=kreadconfig
- fi
-
- if which $kreadconfig >/dev/null 2>&1; then
- local profile=$($kreadconfig --file emaildefaults \
- --group Defaults --key Profile)
- if [ -n "$profile" ]; then
- local client=$($kreadconfig --file emaildefaults \
- --group "PROFILE_$profile" \
- --key EmailClient \
- | cut -d ' ' -f 1)
-
- if echo "$client" | grep -Eq 'thunderbird|icedove'; then
- run_thunderbird "$client" "$1"
- fi
- fi
- fi
-
local command
case "$KDE_SESSION_VERSION" in
'') command=kmailservice ;;
@@ -130,15 +62,6 @@ open_kde()
open_gnome3()
{
- local client
- local desktop
- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
- client=`desktop_file_to_binary "$desktop"`
- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
- if [ $? -eq 0 ] ; then
- run_thunderbird "$client" "$1"
- fi
-
if gio help open 2>/dev/null 1>&2; then
DEBUG 1 "Running gio open \"$1\""
gio open "$1"
@@ -159,13 +82,6 @@ open_gnome3()
open_gnome()
{
- local client
- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || ""
- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
- if [ $? -eq 0 ] ; then
- run_thunderbird "$client" "$1"
- fi
-
if gio help open 2>/dev/null 1>&2; then
DEBUG 1 "Running gio open \"$1\""
gio open "$1"
@@ -231,15 +147,6 @@ open_flatpak()
open_generic()
{
- local client
- local desktop
- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
- client=`desktop_file_to_binary "$desktop"`
- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
- if [ $? -eq 0 ] ; then
- run_thunderbird "$client" "$1"
- fi
-
xdg-open "$1"
local ret=$?
@@ -364,21 +271,6 @@ while [ $# -gt 0 ] ; do
shift
;;
- --attach)
- if [ -z "$1" ] ; then
- exit_failure_syntax "file argument missing for --attach option"
- fi
- check_input_file "$1"
- file=`readlink -f "$1"` # Normalize path
- if [ -z "$file" ] || [ ! -f "$file" ] ; then
- exit_failure_file_missing "file '$1' does not exist"
- fi
-
- url_encode "$file"
- options="${options}attach=${result}&"
- shift
- ;;
-
-*)
exit_failure_syntax "unexpected option '$parm'"
;;
--
2.25.1
meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
+1
View File
@@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \
file://0001-Reinstate-xdg-terminal.patch \ file://0001-Reinstate-xdg-terminal.patch \
file://0001-Don-t-build-the-in-script-manual.patch \ file://0001-Don-t-build-the-in-script-manual.patch \
file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \
file://CVE-2022-4055.patch \
" "
SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff"