r36541 - in /desktop/squeeze/gdm3/debian: applications/ applications/mime-dummy-handler.desktop applications/mimeapps.list changelog gdm3.install patches/38_greeter_datadir.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Mon Jan 7 11:10:15 UTC 2013
Author: joss
Date: Mon Jan 7 11:10:14 2013
New Revision: 36541
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=36541
Log:
* Handle partial upgrades to wheezy, where a glib version that relies
on x-scheme-* for URL handlers gets installed. In this case, using
the defaults in /usr/share/applications leads to a security
vulnerability where anyone can launch an URI handler from the
greeter session.
+ 38_greeter_datadir.patch: modified patch from version 3.0. Add
XDG_DATA_DIRS to the greeter session.
+ debian/applications/{mime-dummy-handler.desktop,mimeapps.list}:
copied from version 3.4. The former is a dummy handler for URIs,
the latter associates it with every known URI scheme.
+ gdm3.install: install these in /usr/share/gdm/greeter/applications
Added:
desktop/squeeze/gdm3/debian/applications/
desktop/squeeze/gdm3/debian/applications/mime-dummy-handler.desktop
desktop/squeeze/gdm3/debian/applications/mimeapps.list
desktop/squeeze/gdm3/debian/patches/38_greeter_datadir.patch
Modified:
desktop/squeeze/gdm3/debian/changelog
desktop/squeeze/gdm3/debian/gdm3.install
desktop/squeeze/gdm3/debian/patches/series
Added: desktop/squeeze/gdm3/debian/applications/mime-dummy-handler.desktop
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/applications/mime-dummy-handler.desktop?rev=36541&op=file
==============================================================================
--- desktop/squeeze/gdm3/debian/applications/mime-dummy-handler.desktop (added)
+++ desktop/squeeze/gdm3/debian/applications/mime-dummy-handler.desktop [utf-8] Mon Jan 7 11:10:14 2013
@@ -1,0 +1,6 @@
+[Desktop Entry]
+Type=Application
+Name=Dummy URI Handler
+Exec=/bin/true %U
+Terminal=false
+StartupNotify=false
Added: desktop/squeeze/gdm3/debian/applications/mimeapps.list
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/applications/mimeapps.list?rev=36541&op=file
==============================================================================
--- desktop/squeeze/gdm3/debian/applications/mimeapps.list (added)
+++ desktop/squeeze/gdm3/debian/applications/mimeapps.list [utf-8] Mon Jan 7 11:10:14 2013
@@ -1,0 +1,19 @@
+[Default Applications]
+x-scheme-handler/file=mime-dummy-handler.desktop
+x-scheme-handler/ftp=mime-dummy-handler.desktop
+x-scheme-handler/ghelp=mime-dummy-handler.desktop
+x-scheme-handler/help=mime-dummy-handler.desktop
+x-scheme-handler/http=mime-dummy-handler.desktop
+x-scheme-handler/https=mime-dummy-handler.desktop
+x-scheme-handler/info=mime-dummy-handler.desktop
+x-scheme-handler/irc=mime-dummy-handler.desktop
+x-scheme-handler/itms=mime-dummy-handler.desktop
+x-scheme-handler/mailto=mime-dummy-handler.desktop
+x-scheme-handler/man=mime-dummy-handler.desktop
+x-scheme-handler/mms=mime-dummy-handler.desktop
+x-scheme-handler/rtp=mime-dummy-handler.desktop
+x-scheme-handler/rtsp=mime-dummy-handler.desktop
+x-scheme-handler/sip=mime-dummy-handler.desktop
+x-scheme-handler/trash=mime-dummy-handler.desktop
+x-scheme-handler/webcal=mime-dummy-handler.desktop
+x-scheme-handler/xmpp=mime-dummy-handler.desktop
Modified: desktop/squeeze/gdm3/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/changelog?rev=36541&op=diff
==============================================================================
--- desktop/squeeze/gdm3/debian/changelog [utf-8] (original)
+++ desktop/squeeze/gdm3/debian/changelog [utf-8] Mon Jan 7 11:10:14 2013
@@ -1,3 +1,19 @@
+gdm3 (2.30.5-6squeeze5) UNRELEASED; urgency=low
+
+ * Handle partial upgrades to wheezy, where a glib version that relies
+ on x-scheme-* for URL handlers gets installed. In this case, using
+ the defaults in /usr/share/applications leads to a security
+ vulnerability where anyone can launch an URI handler from the
+ greeter session.
+ + 38_greeter_datadir.patch: modified patch from version 3.0. Add
+ XDG_DATA_DIRS to the greeter session.
+ + debian/applications/{mime-dummy-handler.desktop,mimeapps.list}:
+ copied from version 3.4. The former is a dummy handler for URIs,
+ the latter associates it with every known URI scheme.
+ + gdm3.install: install these in /usr/share/gdm/greeter/applications
+
+ -- Josselin Mouette <joss at debian.org> Mon, 07 Jan 2013 12:03:06 +0100
+
gdm3 (2.30.5-6squeeze4) stable; urgency=low
* 35_double_free.patch: stolen from 2.30.7. Fix a double free issue in
Modified: desktop/squeeze/gdm3/debian/gdm3.install
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/gdm3.install?rev=36541&op=diff
==============================================================================
--- desktop/squeeze/gdm3/debian/gdm3.install [utf-8] (original)
+++ desktop/squeeze/gdm3/debian/gdm3.install [utf-8] Mon Jan 7 11:10:14 2013
@@ -8,3 +8,4 @@
debian/default.desktop usr/share/gdm/BuiltInSessions
data/session-setup.entries usr/share/gdm/greeter-config
debian/insserv.conf.d etc
+debian/applications usr/share/gdm/greeter
Added: desktop/squeeze/gdm3/debian/patches/38_greeter_datadir.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/patches/38_greeter_datadir.patch?rev=36541&op=file
==============================================================================
--- desktop/squeeze/gdm3/debian/patches/38_greeter_datadir.patch (added)
+++ desktop/squeeze/gdm3/debian/patches/38_greeter_datadir.patch [utf-8] Mon Jan 7 11:10:14 2013
@@ -1,0 +1,49 @@
+From 48705abd751e6e2f1d20b51098e1b97d74855338 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Mon, 20 Jun 2011 17:21:35 +0000
+Subject: daemon: use gnome-session session files instead of autostart
+
+Before we were doing some sort of weird hybrid thing with
+a session file and an autostart directory that wasn't that
+much different than just having an autostart directory by
+itself.
+
+Now we fully define the session component list from the session
+file, and merely provide a pool of new candidate desktop files to
+select that sessoin from.
+
+This modernizes how we use gnome-session and as a side-effect
+enables us the ability to have fallback sessions (which will
+be important when defaulting to a shell based greeter later).
+---
+(limited to 'daemon/gdm-welcome-session.c')
+(refreshed against 2.30)
+
+Index: gdm3-2.30.5/daemon/gdm-welcome-session.c
+===================================================================
+--- gdm3-2.30.5.orig/daemon/gdm-welcome-session.c 2013-01-07 12:02:30.717944131 +0100
++++ gdm3-2.30.5/daemon/gdm-welcome-session.c 2013-01-07 12:02:42.682002617 +0100
+@@ -356,6 +356,7 @@ get_welcome_environment (GdmWelcomeSessi
+ "LC_IDENTIFICATION", "LC_ALL",
+ NULL
+ };
++ char *system_data_dirs;
+ int i;
+
+ load_lang_config_file (LANG_CONFIG_FILE,
+@@ -375,6 +376,15 @@ get_welcome_environment (GdmWelcomeSessi
+ g_strdup (g_getenv (optional_environment[i])));
+ }
+
++ system_data_dirs = g_strjoinv (":", (char **) g_get_system_data_dirs ());
++
++ g_hash_table_insert (hash,
++ g_strdup ("XDG_DATA_DIRS"),
++ g_strdup_printf ("%s:%s",
++ DATADIR "/gdm/greeter",
++ system_data_dirs));
++ g_free (system_data_dirs);
++
+ if (welcome_session->priv->dbus_bus_address != NULL) {
+ g_hash_table_insert (hash,
+ g_strdup ("DBUS_SESSION_BUS_ADDRESS"),
Modified: desktop/squeeze/gdm3/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/patches/series?rev=36541&op=diff
==============================================================================
--- desktop/squeeze/gdm3/debian/patches/series [utf-8] (original)
+++ desktop/squeeze/gdm3/debian/patches/series [utf-8] Mon Jan 7 11:10:14 2013
@@ -35,5 +35,6 @@
35_double_free.patch
36_windowpath.patch
37_shutdown_buttons.patch
+38_greeter_datadir.patch
90_relibtoolize.patch
99_CVE-2011-0727.patch
More information about the pkg-gnome-commits
mailing list