gentoo-overlay/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch

Improved patch to fix CVE 2007-5837 - remote code injection.
See Gentoo bug #197660 and #378413.

--- yarssr-0.2.2/lib/Yarssr/GUI.pm
+++ yarssr-0.2.2/lib/Yarssr/GUI.pm
@@ -163,8 +163,15 @@
 		}
 		else {
 			my $b = Yarssr::Config->get_browser;
-			$b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
-			exec($b) or warn "unable to launch browser\n";
+			my @b = split(' ', Yarssr::Config->get_browser);
+			if (grep(/\%s/, @b))
+			{
+				map {grep(s/\%s/$url/, $_) => $_} @b;
+			}
+			else {
+				push(@b, $url);
+			}
+			exec(@b) or warn "unable to launch browser\n";
 			exit;
 		}
 	}