diff options
Diffstat (limited to 'kde/patch/plasma-workspace/plasma-workspace_kdebug389815.patch')
-rw-r--r-- | kde/patch/plasma-workspace/plasma-workspace_kdebug389815.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/kde/patch/plasma-workspace/plasma-workspace_kdebug389815.patch b/kde/patch/plasma-workspace/plasma-workspace_kdebug389815.patch deleted file mode 100644 index e2f1e48..0000000 --- a/kde/patch/plasma-workspace/plasma-workspace_kdebug389815.patch +++ /dev/null @@ -1,32 +0,0 @@ -From f32002ce50edc3891f1fa41173132c820b917d57 Mon Sep 17 00:00:00 2001 -From: Marco Martin <notmart@gmail.com> -Date: Mon, 5 Feb 2018 13:12:51 +0100 -Subject: Make sure device paths are quoted - -in the case a vfat removable device has $() or `` in its label, -such as $(touch foo) the quoted command may get executed, -leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote -to make sure everything is quoted and not interpreted as a command - -BUG:389815 ---- - soliduiserver/deviceserviceaction.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/soliduiserver/deviceserviceaction.cpp b/soliduiserver/deviceserviceaction.cpp -index f49c967..738b27c 100644 ---- a/soliduiserver/deviceserviceaction.cpp -+++ b/soliduiserver/deviceserviceaction.cpp -@@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi) - - QString exec = m_service.exec(); - MacroExpander mx(device); -- mx.expandMacros(exec); -+ mx.expandMacrosShellQuote(exec); - - KRun::runCommand(exec, QString(), m_service.icon(), 0); - deleteLater(); --- -cgit v0.11.2 - - |