Index: misc/xdg-utils/Makefile =================================================================== RCS file: /e/cvsync/cvsync/pkgsrc/misc/xdg-utils/Makefile,v retrieving revision 1.2 diff -u -r1.2 Makefile --- misc/xdg-utils/Makefile 4 Feb 2010 16:47:54 -0000 1.2 +++ misc/xdg-utils/Makefile 5 Apr 2011 02:25:41 -0000 @@ -5,6 +5,8 @@ CATEGORIES= sysutils MASTER_SITES= http://portland.freedesktop.org/download/ EXTRACT_SUFX= .tgz +PKGREVISION= 1 +LICENSE= mit MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://portland.freedesktop.org/ Index: misc/xdg-utils/distinfo =================================================================== RCS file: /e/cvsync/cvsync/pkgsrc/misc/xdg-utils/distinfo,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 distinfo --- misc/xdg-utils/distinfo 9 Dec 2008 15:04:56 -0000 1.1.1.1 +++ misc/xdg-utils/distinfo 5 Apr 2011 02:27:21 -0000 @@ -3,3 +3,5 @@ SHA1 (xdg-utils-1.0.2.tgz) = e41a04cbf9ff8d743397a2bc23c6ca82e8b59d2c RMD160 (xdg-utils-1.0.2.tgz) = 344482917e8c780613ec20b103f8e51322540c04 Size (xdg-utils-1.0.2.tgz) = 282262 bytes +SHA1 (patch-aa) = 2e615a88a2e564acc5ae2494bff5996b3a854b2a +SHA1 (patch-ab) = 3fbfb21f4b1d774de446d899327db7404ef746b3 Index: misc/xdg-utils/patches/patch-aa =================================================================== RCS file: misc/xdg-utils/patches/patch-aa diff -N misc/xdg-utils/patches/patch-aa --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ misc/xdg-utils/patches/patch-aa 5 Apr 2011 02:26:48 -0000 @@ -0,0 +1,47 @@ +$NetBSD$ + + 2008-01-24 Kevin Krammer + * Fixing security issue in xdg-email and xdg-open at replacing + parameter in $BROWSER + +diff --git a/scripts/xdg-email b/scripts/xdg-email +index 87f0fc0..3b07f5d 100755 +--- a/scripts/xdg-email ++++ ./scripts/xdg-email +@@ -435,7 +435,8 @@ open_generic() + for browser in $BROWSER; do + if [ x"$browser" != x"" ]; then + +- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#` ++ IFS=' ' ++ browser_with_arg=${browser//'%s'/"$1"} + + if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1"; + else $browser_with_arg; +@@ -495,7 +496,7 @@ while [ $# -gt 0 ] ; do + exit_failure_syntax "email address argument missing for --to" + fi + url_encode "$1" +- options="${options}to=${result}&" ++ options="${options}to=${result}&" + shift + ;; + +@@ -531,7 +532,7 @@ while [ $# -gt 0 ] ; do + exit_failure_syntax "text argument missing for --body option" + fi + url_encode "$1" +- options="${options}body=${result}&" ++ options="${options}body=${result}&" + shift + ;; + +@@ -575,7 +576,7 @@ done + + if [ -z "${mailto}" ] ; then + # TO address is optional +- mailto="mailto:?" ++ mailto="mailto:?" + fi + + case $mailto in Index: misc/xdg-utils/patches/patch-ab =================================================================== RCS file: misc/xdg-utils/patches/patch-ab diff -N misc/xdg-utils/patches/patch-ab --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ misc/xdg-utils/patches/patch-ab 5 Apr 2011 02:27:15 -0000 @@ -0,0 +1,20 @@ +$NetBSD$ + + 2008-01-24 Kevin Krammer + * Fixing security issue in xdg-email and xdg-open at replacing + parameter in $BROWSER + +diff --git a/scripts/xdg-open b/scripts/xdg-open +index b124d6b..1456b7e 100755 +--- a/scripts/xdg-open ++++ ./scripts/xdg-open +@@ -382,7 +382,8 @@ open_generic() + for browser in $BROWSER; do + if [ x"$browser" != x"" ]; then + +- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#` ++ IFS=' ' ++ browser_with_arg=${browser//'%s'/"$1"} + + if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1"; + else $browser_with_arg;