svn commit: r397124 - in head/deskutils/shutter: . files

[Mark Felder]

Author: feld
Date: Thu Sep 17 16:17:55 2015
New Revision: 397124
URL: https://svnweb.freebsd.org/changeset/ports/397124

Log:
  Fix arbitrary code execution vulnerability
  
  MFH:		2015Q3
  Security:	CVE-2015-0854
  Security:	d45ad7ae-5d56-11e5-9ad8-14dae9d210b8

Added:
  head/deskutils/shutter/files/
  head/deskutils/shutter/files/patch-CVE-2015-0854   (contents, props changed)
Modified:
  head/deskutils/shutter/Makefile

Modified: head/deskutils/shutter/Makefile
==============================================================================
--- head/deskutils/shutter/Makefile	Thu Sep 17 16:16:12 2015	(r397123)
+++ head/deskutils/shutter/Makefile	Thu Sep 17 16:17:55 2015	(r397124)
@@ -3,7 +3,7 @@
 
 PORTNAME=	shutter
 PORTVERSION=	0.93.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	deskutils
 MASTER_SITES=	http://shutter-project.org/wp-content/uploads/releases/tars/
 

Added: head/deskutils/shutter/files/patch-CVE-2015-0854
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/deskutils/shutter/files/patch-CVE-2015-0854	Thu Sep 17 16:17:55 2015	(r397124)
@@ -0,0 +1,12 @@
+--- share/shutter/resources/modules/Shutter/App/HelperFunctions.pm.orig	2015-09-17 16:09:58 UTC
++++ share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
+@@ -53,7 +53,8 @@ sub new {
+ 
+ sub xdg_open {
+ 	my ( $self, $dialog, $link, $user_data ) = @_;
+-	system("xdg-open $link");
++	@args = ("xdg-open", "$link");
++	system(@args);
+ 	if($?){
+ 		my $response = $self->{_dialogs}->dlg_error_message( 
+ 			sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"),