Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Dear release managers, Along with 1.1.3-1+deb10u1 for buster I propose an update for stretch with the same fixes that applicable for 1.1.1 version. As #958141 the update can be found in Git repository[1] or on mentors.d.n[2]. The debdiff is attached also. [1]: https://salsa.debian.org/freedesktop-team/xdg-utils/-/tree/stretch [2]: https://mentors.debian.net/package/xdg-utils -- System Information: Debian Release: buster/sid APT prefers eoan-updates APT policy: (500, 'eoan-updates'), (500, 'eoan-security'), (500, 'eoan') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0-46-generic (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diffstat for xdg-utils-1.1.1 xdg-utils-1.1.1 changelog | 12 ++++++++++ patches/Create-data-apps-dir.patch | 19 +++++++++++++++++ patches/Directories-with-spaces.patch | 35 +++++++++++++++++++++++++++++++ patches/Sanitise-window-name.patch | 38 ++++++++++++++++++++++++++++++++++ patches/series | 3 ++ 5 files changed, 107 insertions(+) diff -Nru xdg-utils-1.1.1/debian/changelog xdg-utils-1.1.1/debian/changelog --- xdg-utils-1.1.1/debian/changelog 2018-05-20 12:44:40.000000000 +0300 +++ xdg-utils-1.1.1/debian/changelog 2020-04-19 16:47:09.000000000 +0300 @@ -1,3 +1,15 @@ +xdg-utils (1.1.1-1+deb9u2) stretch; urgency=medium + + * Apply patches: + - Sanitise-window-name.patch fixes crash in xdg-screensaver. + Closes: #910070, LP: #1743216, Upstream: BR108121. + - Directories-with-spaces.patch corrects handling directories with spaces + in the name. LP: #1848335, Upstream: #166. + - Create-data-apps-dir.patch fixes xdg-mime with temporary $XDG_DATA_HOME. + Closes: #652038. + + -- Nicholas Guriev <guriev...@ya.ru> Sun, 19 Apr 2020 16:47:09 +0300 + xdg-utils (1.1.1-1+deb9u1) stretch-security; urgency=high * Fix CVE-2017-18266, closes: #898317. diff -Nru xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch --- xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch 1970-01-01 03:00:00.000000000 +0300 +++ xdg-utils-1.1.1/debian/patches/Create-data-apps-dir.patch 2020-04-19 16:45:54.000000000 +0300 @@ -0,0 +1,19 @@ +Description: Create applications directory if it does not exist yet +Bug-Debian: https://bugs.debian.org/652038 +Author: Nicholas Guriev <guriev...@ya.ru> +Last-Update: Sun, 19 Apr 2020 16:25:49 +0300 + +--- + scripts/xdg-mime.in | 1 + + 1 file changed, 1 insertion(+) + +--- a/scripts/xdg-mime.in ++++ b/scripts/xdg-mime.in +@@ -244,6 +244,7 @@ make_default_generic() + default_file="$xdg_user_dir/applications/mimeapps.list" + DEBUG 2 "make_default_generic $1 $2" + DEBUG 1 "Updating $default_file" ++ mkdir -p "$xdg_user_dir/applications" + [ -f "$default_file" ] || touch "$default_file" + awk -v mimetype="$2" -v application="$1" ' + BEGIN { diff -Nru xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch --- xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch 1970-01-01 03:00:00.000000000 +0300 +++ xdg-utils-1.1.1/debian/patches/Directories-with-spaces.patch 2020-04-19 16:27:38.000000000 +0300 @@ -0,0 +1,35 @@ +Author: Andrea Tarocchi <andrea.taroc...@gmail.com> +Desciption: xdg-open dos not search correctly in directories with spaces in the name +Bug: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/166 +Bug-Ubuntu: https://launchpad.net/bugs/1848335 +Origin: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/9816ebb3 +Acked-by: Nicholas Guriev <guriev...@ya.ru> +Last-Update: Sun, 19 Apr 2020 16:25:49 +0300 + +--- + scripts/xdg-mime.in | 2 +- + scripts/xdg-open.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/scripts/xdg-mime.in ++++ b/scripts/xdg-mime.in +@@ -302,7 +302,7 @@ search_desktop_file() + + grep -l "$MIME;" "$dir/"*.desktop 2>/dev/null + +- for f in $dir/*/; do ++ for f in "$dir/"*/; do + [ -d "$f" ] && search_desktop_file "$MIME" "$f" + done + } +--- a/scripts/xdg-open.in ++++ b/scripts/xdg-open.in +@@ -277,7 +277,7 @@ search_desktop_file() + fi + fi + +- for d in $dir/*/; do ++ for d in "$dir/"*/; do + [ -d "$d" ] && search_desktop_file "$default" "$d" "$target" + done + } diff -Nru xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch --- xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch 1970-01-01 03:00:00.000000000 +0300 +++ xdg-utils-1.1.1/debian/patches/Sanitise-window-name.patch 2020-04-19 16:27:28.000000000 +0300 @@ -0,0 +1,38 @@ +Description: Sanitise window name before sending it over D-Bus + libdbus expects string arguments to be valid UTF-8. If they are not, + then it aborts, which causes our backgrounded command to terminate + abnormally. +Bug: https://gitlab.freedesktop.org/xdg/xdg-utils/issues/137 +Bug-Debian: https://bugs.debian.org/910070 +Bug-Ubuntu: https://launchpad.net/bugs/1743216 +Origin: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/455d0661 +Author: Iain Lane <iain.l...@canonical.com> +Acked-by: Simon Lees <sfl...@suse.de> +Acked-by: Nicholas Guriev <guriev...@ya.ru> +Last-Update: Sun, 19 Apr 2020 16:25:49 +0300 + +--- + scripts/xdg-screensaver.in | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/scripts/xdg-screensaver.in ++++ b/scripts/xdg-screensaver.in +@@ -451,6 +451,7 @@ screensaver_gnome_screensaver() + perl -e ' + use strict; + use warnings; ++use Encode qw(decode); + use IO::File; + use Net::DBus; + use X11::Protocol; +@@ -472,6 +473,10 @@ while (1) { + } + } + ++# Replace any invalid unicode characters with U+FFFD, so we dont crash when we ++# pass them over to D-Bus ++$window_name = decode("utf8", $window_name, Encode::FB_DEFAULT); ++ + # Inhibit idle detection (flags = 8) with window name and ID. + # We have no reason so just send the window name again. + my $bus = Net::DBus->session(); diff -Nru xdg-utils-1.1.1/debian/patches/series xdg-utils-1.1.1/debian/patches/series --- xdg-utils-1.1.1/debian/patches/series 2018-05-20 12:44:40.000000000 +0300 +++ xdg-utils-1.1.1/debian/patches/series 2020-04-19 16:45:54.000000000 +0300 @@ -1 +1,4 @@ CVE-2017-18266.patch +Sanitise-window-name.patch +Directories-with-spaces.patch +Create-data-apps-dir.patch
