Bug#950319: libreoffice: filename replacements in mime entries for mailcap must not be quoted within the given command
Package: libreoffice
Version: 1:5.2.7-1+deb9u11
Severity: normal
Dear Maintainer,
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
Using mutt, I created a new email, added an attachment with a file name
containing spaces (a pptx file, thus libreoffice), and without sending
the email yet, I tried to open that file from within mutt.
* What was the outcome of this action?
libreoffice opened, but complained about not finding files with each
component of the filename containing spaces.
Mutt used /etc/mailcap. I understand those are generated from the files
DEBIAN/*.mime.
Those lines look like this:
application/rtf; soffice --nologo --writer '%s'; edit=soffice --nologo
--writer '%s'; test=test -n "$DISPLAY"; description="Rich Text Format";
nametemplate=%s.rtf; priority=3
Note the quotes around the filename placeholder %s.
What happened is that, as it should, mutt properly quoted whatever it
was replacing %s with, in that case using single quote. So, in effect,
the following command was executed:
soffice --nologo --writer ''file with spaces''
And since '' is starting and immediately ending the quotation,
libreoffice saw three arguments.
* What outcome did you expect instead?
The filename should have been given as one argument to libreoffice.
Following #928037 and references therein, I believe that the correct
solution is to not use '%s' in the mime files distributed with the
Debian packages: it should just be a simple %s, no quotes. Quoting is
the task of the program replacing %s.
Also note, that while using quotes is likely due to security concerns,
no amount of quoting can actually help here, as this very bug shows.
I even believe that this is a security bug and should be fixed in stable
and oldstable as well: using properly constructed filenames, commands
can be injected when using these commands, due to undoing quotations
done by the replacing program.
Since these lines are commonly used to, e.g., display email attachments,
this can be an easy way to gain access to a system just by having
someone open an attachment marked to be handled by libreoffice.
While this bug is submitted against oldstable, even current git includes
the same definitions, e.g., see:
https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/blob/master/libreoffice-writer.mime
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.11
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libreoffice depends on:
ii dpkg 1.18.25
ii fonts-dejavu 2.37-1
ii libreoffice-avmedia-backend-gstreamer 1:5.2.7-1+deb9u11
ii libreoffice-base 1:5.2.7-1+deb9u11
ii libreoffice-calc 1:5.2.7-1+deb9u11
ii libreoffice-core 1:5.2.7-1+deb9u11
ii libreoffice-draw 1:5.2.7-1+deb9u11
ii libreoffice-impress 1:5.2.7-1+deb9u11
ii libreoffice-java-common 1:5.2.7-1+deb9u11
ii libreoffice-math 1:5.2.7-1+deb9u11
ii libreoffice-report-builder-bin 1:5.2.7-1+deb9u11
ii libreoffice-writer 1:5.2.7-1+deb9u11
ii python3-uno 1:5.2.7-1+deb9u11
Versions of packages libreoffice recommends:
ii fonts-crosextra-caladea 20130214-1
ii fonts-crosextra-carlito 20130920-1
ii fonts-linuxlibertine 5.3.0-2
ii fonts-sil-gentium-basic 1.1-7
ii libreoffice-librelogo 1:5.2.7-1+deb9u11
ii libreoffice-nlpsolver 0.9+LibO5.2.7-1+deb9u11
ii libreoffice-ogltrans 1:5.2.7-1+deb9u11
ii libreoffice-pdfimport 1:5.2.7-1+deb9u11
ii libreoffice-report-builder 1:5.2.7-1+deb9u11
ii libreoffice-script-provider-bsh 1:5.2.7-1+deb9u11
ii libreoffice-script-provider-js 1:5.2.7-1+deb9u11
ii libreoffice-script-provider-python 1:5.2.7-1+deb9u11
ii libreoffice-sdbc-postgresql 1:5.2.7-1+deb9u11
ii libreoffice-wiki-publisher 1.2.0+LibO5.2.7-1+deb9u11
Versions of packages libreoffice suggests:
ii cups-bsd 2.2.1-8+deb9u4
ii default-jre [java5-runtime] 2:1.8-58+deb9u1
ii gstreamer1.0-libav 1:1.10.4-dmo1
ii gstreamer1.0-plugins-bad 1:1.10.4-dmo2
ii gstreamer1.0-plugins-base 1.10.4-1+deb9u1
ii gstreamer1.0-plugins-good 1.10.4-1
ii gstreamer1.0-plugins-ugly 1:1.10.4-dmo1
ii hunspell-en-us [hunspell-dictionary] 20070829-7
ii hyphen-en-us [hyphen-hyphenation-patterns] 2.8.8-5
ii hyphen-sh [hyphen-hyphenation-patterns] 1:3.3.0-4+deb8u1
ii iceweasel 68.4.1esr-1~deb9u1
ii imagemagick 8:6.9.7.4+dfsg-11+deb9u7
ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-11+deb9u7
ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2
ii libreoffice-gnome 1:5.2.7-1+deb9u11
pn libreoffice-grammarcheck <none>
ii libreoffice-help-en-us [libreoffice-help-5.2] 1:5.2.7-1+deb9u11
pn libreoffice-l10n-5.2 <none>
pn libreoffice-officebean <none>
ii libsane 1.0.25-4.1
ii libxrender1 1:0.9.10-1
pn myspell-dictionary <none>
ii mythes-en-us [mythes-thesaurus] 1:5.2.5-1
pn openclipart2-libreoffice | openclipart-libreoffic <none>
ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1
ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1
ii pstoedit 3.70-3+b2
ii thunderbird [icedove] 1:68.4.1-1~deb9u1
pn unixodbc <none>
Versions of packages libreoffice-core depends on:
ii fontconfig 2.11.0-6.7+b1
ii fonts-opensymbol 2:102.7+LibO5.2.7-1+deb9u11
ii libboost-date-time1.62.0 1.62.0+dfsg-4
ii libc6 2.24-11+deb9u4
ii libcairo2 1.14.8-1
ii libclucene-contribs1v5 2.3.3.4+dfsg-1
ii libclucene-core1v5 2.3.3.4+dfsg-1
ii libcmis-0.5-5v5 0.5.1+git20160603-3+b1
ii libcups2 2.2.1-8+deb9u4
ii libcurl3-gnutls 7.52.1-5+deb9u9
ii libdbus-1-3 1.10.28-0+deb9u1
ii libdbus-glib-1-2 0.108-2
ii libdconf1 0.26.0-2+b1
ii libeot0 0.01-4+b1
ii libexpat1 2.2.0-2+deb9u3
ii libexttextcat-2.0-0 3.4.4-2+b1
ii libfontconfig1 2.11.0-6.7+b1
ii libfreetype6 2.6.3-3.2
ii libgcc1 1:6.3.0-18+deb9u1
ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2
ii libglew2.0 2.0.0-3+b1
ii libglib2.0-0 2.50.3-2+deb9u1
ii libgltf-0.0-0v5 0.0.2-5
ii libglu1-mesa [libglu1] 9.0.0-2.1
ii libgraphite2-3 1.3.10-1
ii libharfbuzz-icu0 1.4.2-1
ii libharfbuzz0b 1.4.2-1
ii libhunspell-1.4-0 1.4.1-2+b2
ii libhyphen0 2.8.8-5
ii libice6 2:1.0.9-2
ii libicu57 57.1-6+deb9u3
ii libjpeg62-turbo 1:1.5.1-2
ii liblangtag1 0.6.2-1
ii liblcms2-2 2.8-4+deb9u1
ii libldap-2.4-2 2.4.44+dfsg-5+deb9u3
ii libmythes-1.2-0 2:1.2.4-3
ii libneon27-gnutls 0.30.2-2
ii libnspr4 2:4.12-6
ii libnss3 2:3.26.2-1.1+deb9u1
ii libodfgen-0.1-1 0.1.6-2
ii libpcre3 2:8.39-3
ii libpng16-16 1.6.28-1+deb9u1
ii librdf0 1.0.17-1.1
ii libreoffice-common 1:5.2.7-1+deb9u11
ii librevenge-0.0-0 0.0.4-6
ii libsm6 2:1.2.2-1+b3
ii libstdc++6 6.3.0-18+deb9u1
ii libx11-6 2:1.6.4-3+deb9u1
ii libxext6 2:1.3.3-1+b2
ii libxinerama1 2:1.1.3-1+b3
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii libxrandr2 2:1.5.1-1
ii libxrender1 1:0.9.10-1
ii libxslt1.1 1.1.29-2.1+deb9u1
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libreoffice-core recommends:
ii libpaper-utils 1.1.24+nmu5
Versions of packages libreoffice-writer depends on:
ii dpkg 1.18.25
ii libabw-0.1-1 0.1.1-4
ii libc6 2.24-11+deb9u4
ii libe-book-0.1-1 0.1.2-4
ii libetonyek-0.1-1 0.1.6-5
ii libgcc1 1:6.3.0-18+deb9u1
ii libicu57 57.1-6+deb9u3
ii libmwaw-0.3-3 0.3.9-2
ii libodfgen-0.1-1 0.1.6-2
ii libreoffice-base-core 1:5.2.7-1+deb9u11
ii libreoffice-core 1:5.2.7-1+deb9u11
ii librevenge-0.0-0 0.0.4-6
ii libstdc++6 6.3.0-18+deb9u1
ii libwpd-0.10-10 0.10.1-5+deb9u1
ii libwpg-0.3-3 0.3.1-3
ii libwps-0.4-4 0.4.5-1
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libreoffice-writer recommends:
ii libreoffice-math 1:5.2.7-1+deb9u11
Versions of packages libreoffice-writer suggests:
ii default-jre [java5-runtime] 2:1.8-58+deb9u1
ii fonts-crosextra-caladea 20130214-1
ii fonts-crosextra-carlito 20130920-1
ii libreoffice-base 1:5.2.7-1+deb9u11
pn libreoffice-gcj <none>
ii libreoffice-java-common 1:5.2.7-1+deb9u11
ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1
ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1
Versions of packages libreoffice-calc depends on:
ii coinor-libcbc3 2.8.12-1+b2
ii coinor-libcoinmp1v5 1.7.6+dfsg1-2
ii coinor-libcoinutils3v5 2.9.15-4
ii dpkg 1.18.25
ii libatlas3-base [liblapack.so.3] 3.10.3-1+b1
ii libblas3 [libblas.so.3] 3.7.0-2
ii libboost-filesystem1.62.0 1.62.0+dfsg-4
ii libboost-iostreams1.62.0 1.62.0+dfsg-4
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-11+deb9u4
ii libetonyek-0.1-1 0.1.6-5
ii libgcc1 1:6.3.0-18+deb9u1
ii libicu57 57.1-6+deb9u3
ii liblapack3 [liblapack.so.3] 3.7.0-2
ii liblcms2-2 2.8-4+deb9u1
ii libmwaw-0.3-3 0.3.9-2
ii libodfgen-0.1-1 0.1.6-2
ii liborcus-0.11-0 0.11.2-3+b1
ii libreoffice-base-core 1:5.2.7-1+deb9u11
ii libreoffice-core 1:5.2.7-1+deb9u11
ii librevenge-0.0-0 0.0.4-6
ii libstdc++6 6.3.0-18+deb9u1
ii libwps-0.4-4 0.4.5-1
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii lp-solve 5.5.0.15-4+b1
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libreoffice-calc suggests:
ii ocl-icd-libopencl1 2.2.11-1
Versions of packages libreoffice-base depends on:
ii dpkg 1.18.25
ii libc6 2.24-11+deb9u4
ii libgcc1 1:6.3.0-18+deb9u1
ii libreoffice-base-core 1:5.2.7-1+deb9u11
ii libreoffice-base-drivers 1:5.2.7-1+deb9u11
ii libreoffice-core 1:5.2.7-1+deb9u11
ii libstdc++6 6.3.0-18+deb9u1
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
Versions of packages libreoffice-base recommends:
ii default-jre [java5-runtime] 2:1.8-58+deb9u1
ii libreoffice-java-common 1:5.2.7-1+deb9u11
ii libreoffice-writer 1:5.2.7-1+deb9u11
ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1
ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1
Versions of packages libreoffice-base suggests:
pn libreoffice-gcj <none>
ii libreoffice-report-builder 1:5.2.7-1+deb9u11
pn unixodbc <none>
Versions of packages libreoffice-draw depends on:
ii dpkg 1.18.25
ii libavahi-client3 0.6.32-2
ii libavahi-common3 0.6.32-2
ii libc6 2.24-11+deb9u4
ii libcdr-0.1-1 0.1.3-3+b1
ii libdbus-1-3 1.10.28-0+deb9u1
ii libdbus-glib-1-2 0.108-2
ii libfreehand-0.1-1 0.1.1-2
ii libgcc1 1:6.3.0-18+deb9u1
ii libglib2.0-0 2.50.3-2+deb9u1
ii libicu57 57.1-6+deb9u3
ii liblcms2-2 2.8-4+deb9u1
ii libmspub-0.1-1 0.1.2-4+b1
ii libmwaw-0.3-3 0.3.9-2
ii libodfgen-0.1-1 0.1.6-2
ii libpagemaker-0.0-0 0.0.3-2
ii libreoffice-core 1:5.2.7-1+deb9u11
ii librevenge-0.0-0 0.0.4-6
ii libstdc++6 6.3.0-18+deb9u1
ii libvisio-0.1-1 0.1.5-4+b1
ii libwpd-0.10-10 0.10.1-5+deb9u1
ii libwpg-0.3-3 0.3.1-3
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libreoffice-impress depends on:
ii dpkg 1.18.25
ii libc6 2.24-11+deb9u4
ii libetonyek-0.1-1 0.1.6-5
ii libgcc1 1:6.3.0-18+deb9u1
ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2
ii libglew2.0 2.0.0-3+b1
ii libglu1-mesa [libglu1] 9.0.0-2.1
ii libmwaw-0.3-3 0.3.9-2
ii libodfgen-0.1-1 0.1.6-2
ii libreoffice-core 1:5.2.7-1+deb9u11
ii libreoffice-draw 1:5.2.7-1+deb9u11
ii librevenge-0.0-0 0.0.4-6
ii libstdc++6 6.3.0-18+deb9u1
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libreoffice-impress recommends:
ii libreoffice-avmedia-backend-gstreamer 1:5.2.7-1+deb9u11
Versions of packages libreoffice-impress suggests:
ii bluez 5.43-2+deb9u1
Versions of packages libreoffice-math depends on:
ii dpkg 1.18.25
ii fonts-opensymbol 2:102.7+LibO5.2.7-1+deb9u11
ii libc6 2.24-11+deb9u4
ii libgcc1 1:6.3.0-18+deb9u1
ii libreoffice-core 1:5.2.7-1+deb9u11
ii libstdc++6 6.3.0-18+deb9u1
ii uno-libs3 5.2.7-1+deb9u11
ii ure 5.2.7-1+deb9u11
-- no debconf information
Reply to: