Bug#958192: stretch-pu: package xdg-utils/1.1.1-1+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release managers,
Along with 1.1.3-1+deb10u1 for buster I propose an update for stretch
with the same fixes that applicable for 1.1.1 version.
As #958141 the update can be found in Git repository[1] or on
mentors.d.n[2]. The debdiff is attached also.
[1]: https://salsa.debian.org/freedesktop-team/xdg-utils/-/tree/stretch
[2]: https://mentors.debian.net/package/xdg-utils
-- System Information:
Debian Release: buster/sid
APT prefers eoan-updates
APT policy: (500, 'eoan-updates'), (500, 'eoan-security'), (500, 'eoan')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-46-generic (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for xdg-utils-1.1.1 xdg-utils-1.1.1
changelog | 12 ++++++++++
patches/Create-data-apps-dir.patch | 19 +++++++++++++++++
patches/Directories-with-spaces.patch | 35 +++++++++++++++++++++++++++++++
patches/Sanitise-window-name.patch | 38 ++++++++++++++++++++++++++++++++++
patches/series | 3 ++
5 files changed, 107 insertions(+)
diff -Nru xdg-utils-1.1.1/debian/changelog xdg-utils-1.1.1/debian/changelog
--- xdg-utils-1.1.1/debian/changelog 2018-05-20 12:44:40.000000000 +0300
+++ xdg-utils-1.1.1/debian/changelog 2020-04-19 16:47:09.000000000 +0300
@@ -1,3 +1,15 @@
+xdg-utils (1.1.1-1+deb9u2) stretch; urgency=medium
+
+ * Apply patches:
+ - Sanitise-window-name.patch fixes crash in xdg-screensaver.
+ Closes: #910070, LP: #1743216, Upstream: BR108121.
+ - Directories-with-spaces.patch corrects handling directories with spaces
+ in the name. LP: #1848335, Upstream: #166.
+ - Create-data-apps-dir.patch fixes xdg-mime with temporary $XDG_DATA_HOME.
+ Closes: #652038.
+
+ -- Nicholas Guriev <guriev-ns@ya.ru> Sun, 19 Apr 2020 16:47:09 +0300
+
xdg-utils (1.1.1-1+deb9u1) stretch-security; urgency=high
* Fix CVE-2017-18266, closes: #898317.
diff -Nru xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch
--- xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch 1970-01-01 03:00:00.000000000 +0300
+++ xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch 2020-04-19 16:45:54.000000000 +0300
@@ -0,0 +1,19 @@
+Description: Create applications directory if it does not exist yet
+Bug-Debian: https://bugs.debian.org/652038
+Author: Nicholas Guriev <guriev-ns@ya.ru>
+Last-Update: Sun, 19 Apr 2020 16:25:49 +0300
+
+---
+ scripts/xdg-mime.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/scripts/xdg-mime.in
++++ b/scripts/xdg-mime.in
+@@ -244,6 +244,7 @@ make_default_generic()
+ default_file="$xdg_user_dir/applications/mimeapps.list"
+ DEBUG 2 "make_default_generic $1 $2"
+ DEBUG 1 "Updating $default_file"
++ mkdir -p "$xdg_user_dir/applications"
+ [ -f "$default_file" ] || touch "$default_file"
+ awk -v mimetype="$2" -v application="$1" '
+ BEGIN {
diff -Nru xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch
--- xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch 1970-01-01 03:00:00.000000000 +0300
+++ xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch 2020-04-19 16:27:38.000000000 +0300
@@ -0,0 +1,35 @@
+Author: Andrea Tarocchi <andrea.tarocchi@gmail.com>
+Desciption: xdg-open dos not search correctly in directories with spaces in the name
+Bug: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/166
+Bug-Ubuntu: https://launchpad.net/bugs/1848335
+Origin: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/9816ebb3
+Acked-by: Nicholas Guriev <guriev-ns@ya.ru>
+Last-Update: Sun, 19 Apr 2020 16:25:49 +0300
+
+---
+ scripts/xdg-mime.in | 2 +-
+ scripts/xdg-open.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/scripts/xdg-mime.in
++++ b/scripts/xdg-mime.in
+@@ -302,7 +302,7 @@ search_desktop_file()
+
+ grep -l "$MIME;" "$dir/"*.desktop 2>/dev/null
+
+- for f in $dir/*/; do
++ for f in "$dir/"*/; do
+ [ -d "$f" ] && search_desktop_file "$MIME" "$f"
+ done
+ }
+--- a/scripts/xdg-open.in
++++ b/scripts/xdg-open.in
+@@ -277,7 +277,7 @@ search_desktop_file()
+ fi
+ fi
+
+- for d in $dir/*/; do
++ for d in "$dir/"*/; do
+ [ -d "$d" ] && search_desktop_file "$default" "$d" "$target"
+ done
+ }
diff -Nru xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch
--- xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch 1970-01-01 03:00:00.000000000 +0300
+++ xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch 2020-04-19 16:27:28.000000000 +0300
@@ -0,0 +1,38 @@
+Description: Sanitise window name before sending it over D-Bus
+ libdbus expects string arguments to be valid UTF-8. If they are not,
+ then it aborts, which causes our backgrounded command to terminate
+ abnormally.
+Bug: https://gitlab.freedesktop.org/xdg/xdg-utils/issues/137
+Bug-Debian: https://bugs.debian.org/910070
+Bug-Ubuntu: https://launchpad.net/bugs/1743216
+Origin: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/455d0661
+Author: Iain Lane <iain.lane@canonical.com>
+Acked-by: Simon Lees <sflees@suse.de>
+Acked-by: Nicholas Guriev <guriev-ns@ya.ru>
+Last-Update: Sun, 19 Apr 2020 16:25:49 +0300
+
+---
+ scripts/xdg-screensaver.in | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/scripts/xdg-screensaver.in
++++ b/scripts/xdg-screensaver.in
+@@ -451,6 +451,7 @@ screensaver_gnome_screensaver()
+ perl -e '
+ use strict;
+ use warnings;
++use Encode qw(decode);
+ use IO::File;
+ use Net::DBus;
+ use X11::Protocol;
+@@ -472,6 +473,10 @@ while (1) {
+ }
+ }
+
++# Replace any invalid unicode characters with U+FFFD, so we dont crash when we
++# pass them over to D-Bus
++$window_name = decode("utf8", $window_name, Encode::FB_DEFAULT);
++
+ # Inhibit idle detection (flags = 8) with window name and ID.
+ # We have no reason so just send the window name again.
+ my $bus = Net::DBus->session();
diff -Nru xdg-utils-1.1.1/debian/patches/series xdg-utils-1.1.1/debian/patches/series
--- xdg-utils-1.1.1/debian/patches/series 2018-05-20 12:44:40.000000000 +0300
+++ xdg-utils-1.1.1/debian/patches/series 2020-04-19 16:45:54.000000000 +0300
@@ -1 +1,4 @@
CVE-2017-18266.patch
+Sanitise-window-name.patch
+Directories-with-spaces.patch
+Create-data-apps-dir.patch
Reply to: