net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch - platform/external/gentoo/overlays/gentoo - Git at Google

 Improved patch to fix CVE 2007-5837 - remote code injection.
 See Gentoo bug #197660 and #378413.

 --- yarssr-0.2.2/lib/Yarssr/GUI.pm
 +++ yarssr-0.2.2/lib/Yarssr/GUI.pm
 @@ -163,8 +163,15 @@
  		}
  		else {
  			my $b = Yarssr::Config->get_browser;
 -			$b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
 -			exec($b) or warn "unable to launch browser\n";
 +			my @b = split(' ', Yarssr::Config->get_browser);
 +			if (grep(/\%s/, @b))
 +			{
 +				map {grep(s/\%s/$url/, $_) => $_} @b;
 +			}
 +			else {
 +				push(@b, $url);
 +			}
 +			exec(@b) or warn "unable to launch browser\n";
  			exit;
  		}
  	}
	Improved patch to fix CVE 2007-5837 - remote code injection.
	See Gentoo bug #197660 and #378413.

	--- yarssr-0.2.2/lib/Yarssr/GUI.pm
	+++ yarssr-0.2.2/lib/Yarssr/GUI.pm
	@@ -163,8 +163,15 @@
	}
	else {
	my $b = Yarssr::Config->get_browser;
	- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
	- exec($b) or warn "unable to launch browser\n";
	+ my @b = split(' ', Yarssr::Config->get_browser);
	+ if (grep(/\%s/, @b))
	+ {
	+ map {grep(s/\%s/$url/, $_) => $_} @b;
	+ }
	+ else {
	+ push(@b, $url);
	+ }
	+ exec(@b) or warn "unable to launch browser\n";
	exit;
	}
	}