diff options
-rw-r--r-- | meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch | 165 | ||||
-rw-r--r-- | meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb | 1 |
2 files changed, 166 insertions, 0 deletions
diff --git a/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..383634ad53 --- /dev/null +++ b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch | |||
@@ -0,0 +1,165 @@ | |||
1 | From f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gabriel Corona <gabriel.corona@enst-bretagne.fr> | ||
3 | Date: Thu, 25 Aug 2022 23:51:45 +0200 | ||
4 | Subject: [PATCH] Disable special support for Thunderbird in xdg-email (fixes | ||
5 | CVE-2020-27748, CVE-2022-4055) | ||
6 | |||
7 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780] | ||
8 | CVE: CVE-2022-4055 | ||
9 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
10 | --- | ||
11 | scripts/xdg-email.in | 108 ------------------------------------------- | ||
12 | 1 file changed, 108 deletions(-) | ||
13 | |||
14 | diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in | ||
15 | index 13ba2d5..b700679 100644 | ||
16 | --- a/scripts/xdg-email.in | ||
17 | +++ b/scripts/xdg-email.in | ||
18 | @@ -30,76 +30,8 @@ _USAGE | ||
19 | |||
20 | #@xdg-utils-common@ | ||
21 | |||
22 | -run_thunderbird() | ||
23 | -{ | ||
24 | - local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY | ||
25 | - THUNDERBIRD="$1" | ||
26 | - MAILTO=$(echo "$2" | sed 's/^mailto://') | ||
27 | - echo "$MAILTO" | grep -qs "^?" | ||
28 | - if [ "$?" = "0" ] ; then | ||
29 | - MAILTO=$(echo "$MAILTO" | sed 's/^?//') | ||
30 | - else | ||
31 | - MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') | ||
32 | - fi | ||
33 | - | ||
34 | - MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') | ||
35 | - TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) | ||
36 | - CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) | ||
37 | - BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) | ||
38 | - SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) | ||
39 | - BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) | ||
40 | - | ||
41 | - if [ -z "$TO" ] ; then | ||
42 | - NEWMAILTO= | ||
43 | - else | ||
44 | - NEWMAILTO="to='$TO'" | ||
45 | - fi | ||
46 | - if [ -n "$CC" ] ; then | ||
47 | - NEWMAILTO="${NEWMAILTO},cc='$CC'" | ||
48 | - fi | ||
49 | - if [ -n "$BCC" ] ; then | ||
50 | - NEWMAILTO="${NEWMAILTO},bcc='$BCC'" | ||
51 | - fi | ||
52 | - if [ -n "$SUBJECT" ] ; then | ||
53 | - NEWMAILTO="${NEWMAILTO},$SUBJECT" | ||
54 | - fi | ||
55 | - if [ -n "$BODY" ] ; then | ||
56 | - NEWMAILTO="${NEWMAILTO},$BODY" | ||
57 | - fi | ||
58 | - | ||
59 | - NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') | ||
60 | - DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" | ||
61 | - "$THUNDERBIRD" -compose "$NEWMAILTO" | ||
62 | - if [ $? -eq 0 ]; then | ||
63 | - exit_success | ||
64 | - else | ||
65 | - exit_failure_operation_failed | ||
66 | - fi | ||
67 | -} | ||
68 | - | ||
69 | open_kde() | ||
70 | { | ||
71 | - if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then | ||
72 | - local kreadconfig=kreadconfig$KDE_SESSION_VERSION | ||
73 | - else | ||
74 | - local kreadconfig=kreadconfig | ||
75 | - fi | ||
76 | - | ||
77 | - if which $kreadconfig >/dev/null 2>&1; then | ||
78 | - local profile=$($kreadconfig --file emaildefaults \ | ||
79 | - --group Defaults --key Profile) | ||
80 | - if [ -n "$profile" ]; then | ||
81 | - local client=$($kreadconfig --file emaildefaults \ | ||
82 | - --group "PROFILE_$profile" \ | ||
83 | - --key EmailClient \ | ||
84 | - | cut -d ' ' -f 1) | ||
85 | - | ||
86 | - if echo "$client" | grep -Eq 'thunderbird|icedove'; then | ||
87 | - run_thunderbird "$client" "$1" | ||
88 | - fi | ||
89 | - fi | ||
90 | - fi | ||
91 | - | ||
92 | local command | ||
93 | case "$KDE_SESSION_VERSION" in | ||
94 | '') command=kmailservice ;; | ||
95 | @@ -130,15 +62,6 @@ open_kde() | ||
96 | |||
97 | open_gnome3() | ||
98 | { | ||
99 | - local client | ||
100 | - local desktop | ||
101 | - desktop=`xdg-mime query default "x-scheme-handler/mailto"` | ||
102 | - client=`desktop_file_to_binary "$desktop"` | ||
103 | - echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 | ||
104 | - if [ $? -eq 0 ] ; then | ||
105 | - run_thunderbird "$client" "$1" | ||
106 | - fi | ||
107 | - | ||
108 | if gio help open 2>/dev/null 1>&2; then | ||
109 | DEBUG 1 "Running gio open \"$1\"" | ||
110 | gio open "$1" | ||
111 | @@ -159,13 +82,6 @@ open_gnome3() | ||
112 | |||
113 | open_gnome() | ||
114 | { | ||
115 | - local client | ||
116 | - client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" | ||
117 | - echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 | ||
118 | - if [ $? -eq 0 ] ; then | ||
119 | - run_thunderbird "$client" "$1" | ||
120 | - fi | ||
121 | - | ||
122 | if gio help open 2>/dev/null 1>&2; then | ||
123 | DEBUG 1 "Running gio open \"$1\"" | ||
124 | gio open "$1" | ||
125 | @@ -231,15 +147,6 @@ open_flatpak() | ||
126 | |||
127 | open_generic() | ||
128 | { | ||
129 | - local client | ||
130 | - local desktop | ||
131 | - desktop=`xdg-mime query default "x-scheme-handler/mailto"` | ||
132 | - client=`desktop_file_to_binary "$desktop"` | ||
133 | - echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 | ||
134 | - if [ $? -eq 0 ] ; then | ||
135 | - run_thunderbird "$client" "$1" | ||
136 | - fi | ||
137 | - | ||
138 | xdg-open "$1" | ||
139 | local ret=$? | ||
140 | |||
141 | @@ -364,21 +271,6 @@ while [ $# -gt 0 ] ; do | ||
142 | shift | ||
143 | ;; | ||
144 | |||
145 | - --attach) | ||
146 | - if [ -z "$1" ] ; then | ||
147 | - exit_failure_syntax "file argument missing for --attach option" | ||
148 | - fi | ||
149 | - check_input_file "$1" | ||
150 | - file=`readlink -f "$1"` # Normalize path | ||
151 | - if [ -z "$file" ] || [ ! -f "$file" ] ; then | ||
152 | - exit_failure_file_missing "file '$1' does not exist" | ||
153 | - fi | ||
154 | - | ||
155 | - url_encode "$file" | ||
156 | - options="${options}attach=${result}&" | ||
157 | - shift | ||
158 | - ;; | ||
159 | - | ||
160 | -*) | ||
161 | exit_failure_syntax "unexpected option '$parm'" | ||
162 | ;; | ||
163 | -- | ||
164 | 2.25.1 | ||
165 | |||
diff --git a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 41b74b8598..f6989430f5 100644 --- a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb | |||
@@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ | |||
21 | file://0001-Reinstate-xdg-terminal.patch \ | 21 | file://0001-Reinstate-xdg-terminal.patch \ |
22 | file://0001-Don-t-build-the-in-script-manual.patch \ | 22 | file://0001-Don-t-build-the-in-script-manual.patch \ |
23 | file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ | 23 | file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ |
24 | file://CVE-2022-4055.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" | 27 | SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" |