[SCM] sddm packaging branch, master, updated. debian/0.12.0-4-5-g904e50e
Scott Kitterman
kitterman at moszumanska.debian.org
Thu Oct 29 04:34:30 UTC 2015
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-std/sddm.git;a=commitdiff;h=904e50e
The following commit has been merged in the master branch:
commit 904e50e2f4979237bc5bbeeab9fbb00b1c5eeda5
Author: Scott Kitterman <scott at kitterman.com>
Date: Thu Oct 29 00:34:00 2015 -0400
* Add debian/patches/CVE-2015-0856.patch to fix potential issue if an SDDM
theme crashes while running the KDE debug handler (Closes: #803338)
---
debian/changelog | 11 +++++++++--
debian/patches/CVE-2015-0856.patch | 39 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 49 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 170a247..e6289d9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,18 @@
-sddm (0.12.0-5~) UNRELEASED; urgency=medium
+sddm (0.12.0-5) unstable; urgency=medium
+ * Team upload.
+
+ [ Maximiliano Curia ]
* Delete the sddm.log file on purge. (Closes: #793679)
* The themes shipped with sddm need the latest version, using breaks
instead of depends to avoid circular deps. (Closes: #800462) Thanks
to Max Görner
- -- Maximiliano Curia <maxy at debian.org> Thu, 01 Oct 2015 20:45:46 +0200
+ [ Scott Kitterman ]
+ * Add debian/patches/CVE-2015-0856.patch to fix potential issue if an SDDM
+ theme crashes while running the KDE debug handler (Closes: #803338)
+
+ -- Scott Kitterman <scott at kitterman.com> Thu, 29 Oct 2015 00:01:45 -0400
sddm (0.12.0-4) unstable; urgency=medium
diff --git a/debian/patches/CVE-2015-0856.patch b/debian/patches/CVE-2015-0856.patch
new file mode 100644
index 0000000..63445c4
--- /dev/null
+++ b/debian/patches/CVE-2015-0856.patch
@@ -0,0 +1,39 @@
+From 4cfed6b0a625593fb43876f04badc4dd99799d86 Mon Sep 17 00:00:00 2001
+From: David Edmundson <kde at davidedmundson.co.uk>
+Date: Wed, 14 Oct 2015 00:08:59 +0100
+Subject: [PATCH] Disable greeters from loading KDE's debug hander
+
+Some themes may use KDE components which will automatically load KDE's
+crash handler.
+
+If the greeter were to then somehow crash, that would leave a crash
+handler allowing other actions, albeit as the locked down SDDM user.
+
+Only SDDM users using the breeze theme from plasma-workspace are
+affected. Safest and simplest fix is to handle this inside SDDM
+disabling kcrash via an environment variable for all future themes that
+may use these libraries.
+
+CVE-2015-0856
+---
+ src/daemon/Greeter.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp
+index 68c4dc3..8c936b7 100644
+--- a/src/daemon/Greeter.cpp
++++ b/src/daemon/Greeter.cpp
+@@ -145,6 +145,10 @@ namespace SDDM {
+ env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId()));
+ env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter"));
+ env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType());
++
++ //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want
++ //counterintuitively setting this env disables that handler
++ env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1"));
+ m_auth->insertEnvironment(env);
+
+ // log message
+--
+1.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
index eb3a11c..3a4e6cc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
02_kubuntu_use_breeze.diff
03_vt7-minimum-vt.diff
04_set_default_path.diff
+CVE-2015-0856.patch
--
sddm packaging
More information about the pkg-kde-commits
mailing list