From a5895a4cdcde7bba4737243dcdcc91ff5a166f97 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Jan 06 2015 23:45:57 +0000
Subject: refresh for latest attepmt to fix upstream BR66670


---

diff --git a/0002-nuke-some-extra-quoting.patch b/0002-nuke-some-extra-quoting.patch
new file mode 100644
index 0000000..8970e02
--- /dev/null
+++ b/0002-nuke-some-extra-quoting.patch
@@ -0,0 +1,26 @@
+From c93e804e27d8013a455ccaf523758bd86bad0498 Mon Sep 17 00:00:00 2001
+From: Rex Dieter <rdieter@math.unl.edu>
+Date: Tue, 6 Jan 2015 17:37:24 -0600
+Subject: [PATCH 2/3] nuke some extra quoting
+
+easy(?) fix while working on BR66670
+---
+ scripts/xdg-open.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
+index 0145be3..c12dcdd 100644
+--- a/scripts/xdg-open.in
++++ b/scripts/xdg-open.in
+@@ -186,7 +186,7 @@ search_desktop_file()
+         # FIXME: Actually LC_MESSAGES should be used as described in
+         # http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
+         localised_name="'$(get_key "${file}" "Name")'"
+-        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \
++        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
+                                                   -e 's*%i*'"$icon"'*g' \
+                                                   -e 's*%c*'"$localised_name"'*g')"
+ 
+-- 
+2.1.0
+
diff --git a/0002-xdg-open-command-injection-vulnerability-BR66670.patch b/0002-xdg-open-command-injection-vulnerability-BR66670.patch
deleted file mode 100644
index ed43cd4..0000000
--- a/0002-xdg-open-command-injection-vulnerability-BR66670.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 11a4bd44692f74a8b8b4615e44dc897c929ef1e5 Mon Sep 17 00:00:00 2001
-From: Rex Dieter <rdieter@math.unl.edu>
-Date: Mon, 5 Jan 2015 13:09:05 -0600
-Subject: [PATCH 2/2] xdg-open: command injection vulnerability (BR66670)
-
----
- ChangeLog           | 3 +++
- scripts/xdg-open.in | 6 +++---
- 2 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 735fee7..e309517 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,5 +1,8 @@
- === xdg-utils 1.1.x ===
- 
-+2015-01-05 Rex Dieter <rdieter@fedoraproject.org>
-+   * xdg-open: command injection vulnerability (BR66670)
-+
- 2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
-    * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
- 
-diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
-index 0145be3..9f01747 100644
---- a/scripts/xdg-open.in
-+++ b/scripts/xdg-open.in
-@@ -186,17 +186,17 @@ search_desktop_file()
-         # FIXME: Actually LC_MESSAGES should be used as described in
-         # http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
-         localised_name="'$(get_key "${file}" "Name")'"
--        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \
-+        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
-                                                   -e 's*%i*'"$icon"'*g' \
-                                                   -e 's*%c*'"$localised_name"'*g')"
- 
-         if [ -x "$command_exec" ] ; then
-             if echo "$arguments" | grep -iq '%[fFuU]' ; then
-                 echo START "$command_exec" "$arguments_exec"
--                eval "$command_exec" "$arguments_exec"
-+                eval "$command_exec" '$arguments_exec'
-             else
-                 echo START "$command_exec" "$arguments_exec" "$arg"
--                eval "$command_exec" "$arguments_exec" "$arg"
-+                eval "$command_exec" '$arguments_exec' '$arg'
-             fi
- 
-             if [ $? -eq 0 ]; then
--- 
-1.9.3
-
diff --git a/0003-xdg-open-command-injection-vulnerability-BR66670.patch b/0003-xdg-open-command-injection-vulnerability-BR66670.patch
new file mode 100644
index 0000000..a7f18b5
--- /dev/null
+++ b/0003-xdg-open-command-injection-vulnerability-BR66670.patch
@@ -0,0 +1,43 @@
+From 4bd30419c5f404f2a108c5a6bbda0e40551ffd24 Mon Sep 17 00:00:00 2001
+From: Rex Dieter <rdieter@math.unl.edu>
+Date: Tue, 6 Jan 2015 17:39:05 -0600
+Subject: [PATCH 3/3] xdg-open: command injection vulnerability (BR66670)
+
+---
+ ChangeLog           | 3 +++
+ scripts/xdg-open.in | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 735fee7..65df80c 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,8 @@
+ === xdg-utils 1.1.x ===
+ 
++2015-01-06 Rex Dieter <rdieter@fedoraproject.org>
++   * xdg-open: command injection vulnerability (BR66670)
++
+ 2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
+    * xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
+ 
+diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
+index c12dcdd..b6045f8 100644
+--- a/scripts/xdg-open.in
++++ b/scripts/xdg-open.in
+@@ -193,10 +193,10 @@ search_desktop_file()
+         if [ -x "$command_exec" ] ; then
+             if echo "$arguments" | grep -iq '%[fFuU]' ; then
+                 echo START "$command_exec" "$arguments_exec"
+-                eval "$command_exec" "$arguments_exec"
++                eval "'$command_exec'" "'$arguments_exec'"
+             else
+                 echo START "$command_exec" "$arguments_exec" "$arg"
+-                eval "$command_exec" "$arguments_exec" "$arg"
++                eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
+             fi
+ 
+             if [ $? -eq 0 ]; then
+-- 
+2.1.0
+
diff --git a/xdg-utils.spec b/xdg-utils.spec
index e58d5c2..3d3f627 100644
--- a/xdg-utils.spec
+++ b/xdg-utils.spec
@@ -4,7 +4,7 @@
 Summary: Basic desktop integration functions 
 Name:    xdg-utils
 Version: 1.1.0
-Release: 0.33.%{pre}%{?dist}
+Release: 0.34.%{pre}%{?dist}
 
 URL:     http://portland.freedesktop.org/ 
 %if 0%{?pre:1}
@@ -17,7 +17,8 @@ License: MIT
 
 ## upstream patches
 Patch1: 0001-xdg-screensaver-should-control-X11-s-screensaver-in-.patch
-Patch2: 0002-xdg-open-command-injection-vulnerability-BR66670.patch
+Patch2: 0002-nuke-some-extra-quoting.patch
+Patch3: 0003-xdg-open-command-injection-vulnerability-BR66670.patch
 
 # make sure BuildArch comes *after* patches, to ensure %%autosetup works right
 # http://bugzilla.redhat.com/1084309
@@ -92,6 +93,9 @@ make install DESTDIR=%{buildroot}
 
 
 %changelog
+* Tue Jan 06 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.34.rc3
+- refresh for latest attepmt to fix upstream BR66670
+
 * Mon Jan 05 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.33.rc3
 - pull in latest commits