Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
inkscape
inkscape-relative-filename.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File inkscape-relative-filename.patch of Package inkscape
From: Michael Karcher <debian@mkarcher.dialup.fu-berlin.de> Date: Sat, 29 Dec 2012 17:33:33 +0100 Subject: Fix LP: #911146 relative filename vulnerability Ensures that filenames passed to extensions are made absolute before changing the current working directory. --- src/extension/implementation/script.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/extension/implementation/script.cpp b/src/extension/implementation/script.cpp index b78fbda..02c3aeb 100644 --- a/src/extension/implementation/script.cpp +++ b/src/extension/implementation/script.cpp @@ -954,7 +954,14 @@ int Script::execute (const std::list<std::string> &in_command, // assemble the rest of argv std::copy(in_params.begin(), in_params.end(), std::back_inserter(argv)); if (!filein.empty()) { - argv.push_back(filein); + if(Glib::path_is_absolute(filein)) + argv.push_back(filein); + else { + std::vector<std::string> buildargs; + buildargs.push_back(Glib::get_current_dir()); + buildargs.push_back(filein); + argv.push_back(Glib::build_filename(buildargs)); + } } int stdout_pipe, stderr_pipe; -- 1.7.10.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor