mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-05-04 20:06:43 +02:00
Natanael Copa
parent
4c72797d6b
commit
11e04ac2e0
@ -1,7 +1,7 @@
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=newsbeuter
|
||||
pkgver=2.9
|
||||
pkgrel=3
|
||||
pkgrel=4
|
||||
pkgdesc="Configurable text-based feed reader"
|
||||
url="http://newsbeuter.org/"
|
||||
arch="all"
|
||||
@ -17,8 +17,13 @@ source="http://newsbeuter.org/downloads/newsbeuter-$pkgver.tar.gz
|
||||
newsbeuter-2.9-ncurses6.patch
|
||||
fix-segfault.patch
|
||||
musl_const.patch
|
||||
CVE-2017-12904.patch
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 2.9-r4:
|
||||
# - CVE-2017-12904
|
||||
|
||||
_builddir="$srcdir"/newsbeuter-$pkgver
|
||||
prepare() {
|
||||
local i
|
||||
@ -48,4 +53,5 @@ sha512sums="b173008c8c8d3729f8ccef3ce62645a05c1803fb842d5c0afdf9ffd4ed3726030f9c
|
||||
1cfbe93cd8ca5785b1c26ccfdf1ed467700046c8ca564f33752b0f04f91d37765f83bf82ad593eae41532edf79a8f6992283255f9a2aa8293d14728b175c9dd7 0001-Remove-iconv-translit-references.patch
|
||||
08f7125fd8f2b33fa5e36cbd947ec90bcd8b08be2df7961aced20ce031788b3970c1adeb027b1527ba06f18ddbc38518f2c22da6b5fdbc4b1cd5b0edda22ba0b newsbeuter-2.9-ncurses6.patch
|
||||
da986beb12b0ba473fea55c067abcdcdae6c073bf4d66bc8913696a4da99c4072edaf3910769d8e4bcef3a0411875eb23fbc840e0e7572aa0e16e922cc3d2947 fix-segfault.patch
|
||||
f5be61b58aa1470090f0bbd519d00a8dae9ef78214787664fd05a8274877b1a20fb38e88058ab6dd8fb61f7fa433683fbecbc16d03bc625cef0cfc0cccf5e246 musl_const.patch"
|
||||
f5be61b58aa1470090f0bbd519d00a8dae9ef78214787664fd05a8274877b1a20fb38e88058ab6dd8fb61f7fa433683fbecbc16d03bc625cef0cfc0cccf5e246 musl_const.patch
|
||||
cef1a625781081430bcaa7fbec74a58ce656a22cd94d5ff1a6983165e053fdfbd869aebd8041fb34a7325a312f15c84b2a1093d237e2680b9244f0917baa1c4c CVE-2017-12904.patch"
|
||||
|
||||
36
main/newsbeuter/CVE-2017-12904.patch
Normal file
36
main/newsbeuter/CVE-2017-12904.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From d1460189f6f810ca9a3687af7bc43feb7f2af2d9 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Batischev <eual.jp@gmail.com>
|
||||
Date: Sat, 19 Aug 2017 15:09:25 +0300
|
||||
Subject: [PATCH] Sanitize inputs to bookmark-cmd (#591)
|
||||
|
||||
Newsbeuter didn't properly shell-escape the arguments passed to
|
||||
bookmarking command, which allows a remote attacker to perform remote
|
||||
code execution by crafting an RSS item whose title and/or URL contain
|
||||
something interpretable by the shell (most notably subshell
|
||||
invocations.)
|
||||
|
||||
This has been reported by Jeriko One <jeriko.one@gmx.us>, complete with
|
||||
PoC and a patch.
|
||||
|
||||
This vulnerability was assigned CVE-2017-12904.
|
||||
---
|
||||
src/controller.cpp | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/controller.cpp b/src/controller.cpp
|
||||
index 4fc10608..5c8e7b81 100644
|
||||
--- a/src/controller.cpp
|
||||
+++ b/src/controller.cpp
|
||||
@@ -1275,9 +1275,10 @@ std::string controller::bookmark(const std::string& url, const std::string& titl
|
||||
std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
|
||||
bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
|
||||
if (bookmark_cmd.length() > 0) {
|
||||
- std::string cmdline = utils::strprintf("%s '%s' %s %s",
|
||||
+ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
|
||||
bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
|
||||
- stfl::quote(title).c_str(), stfl::quote(description).c_str());
|
||||
+ utils::replace_all(title,"'", "%27").c_str(),
|
||||
+ utils::replace_all(description,"'", "%27").c_str());
|
||||
|
||||
LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user