Package: variety / 0.6.3-5+deb9u1

Metadata

Package Version Patches format
variety 0.6.3-5+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix shell injection on deleting to trash via special.patch | (download)

variety/VarietyWindow.py | 31 25 + 6 - 0 !
1 file changed, 25 insertions(+), 6 deletions(-)

 [patch 1/3] fix shell injection on deleting to trash via specially
 crafted filenames

Rewrite this code in subprocess.call (which doesn't spawn a shell by default), and explicitly check whether trash programs are installed before running them.

0002 Fix shell injection via specially crafted filenames .patch | (download)

variety/VarietyWindow.py | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch 2/3] fix shell injection via specially crafted filenames in
 filter and clock code


0003 Harden more os.system calls against potential shell .patch | (download)

variety/VarietyWindow.py | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 [patch 3/3] harden more os.system calls against potential shell
 injection


fix autoscroll high cpu.patch | (download)

variety/ThumbsWindow.py | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix autoscroll in wallpaper selector & history panels using 100% cpu
 .
 Previously, the autoscroll event was never cleared when the user moved the
 mouse away from the Thumbnails panel. This caused the
 self.autoscroll_event.wait(10) call in _autoscroll_thread() to always
 instantly succeed, and created an infinite loop eating up CPU.
disable panoramio.patch | (download)

variety/Options.py | 4 1 + 3 - 0 !
variety/PreferencesVarietyDialog.py | 8 0 + 8 - 0 !
variety/VarietyWindow.py | 2 0 + 2 - 0 !
3 files changed, 1 insertion(+), 13 deletions(-)

 disable panoramio sources, which no longer work
 .
 This patch was imported from Arch Linux (link below) and modified by James Lu <bitflip3@gmail.com>
 to migrate away from old Panoramio sources as well.

menu position varargs.patch | (download)

variety/PreferencesVarietyDialog.py | 4 2 + 2 - 0 !
variety/ThumbsManager.py | 4 3 + 1 - 0 !
variety/indicator.py | 7 2 + 5 - 0 !
3 files changed, 7 insertions(+), 8 deletions(-)

 fix popup menu positioning
remove timebombs.patch | (download)

variety/VarietyWindow.py | 3 0 + 3 - 0 !
variety/__init__.py | 4 0 + 4 - 0 !
2 files changed, 7 deletions(-)

 remove timebomb code from variety
desktop file keywords.diff | (download)

variety.desktop.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add keywords for variety.desktop, fixes lintian info warning desktop-entry-lacks-keywords-entry
dont embed underscore.diff | (download)

data/panoramio/panoramio.html | 2 1 + 1 - 0 !
data/panoramio/underscore-min.js | 6 0 + 6 - 0 !
2 files changed, 1 insertion(+), 7 deletions(-)

 remove embedded copy of libjs-underscore