[SCM] kdesu packaging branch, master, updated. debian/5.28.0-2

Didier Raboud odyx at moszumanska.debian.org
Wed Jan 25 19:44:08 UTC 2017 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/frameworks/kdesu.git;a=commitdiff;h=f44b831

The following commit has been merged in the master branch:
commit f44b831ca82b8e1680751d1f2b0433f901cc1bc9
Author: Didier Raboud <odyx at debian.org>
Date:   Wed Jan 25 19:44:50 2017 +0100

    Backport one upstream patch to fix XDG directory traversal
    
    Thanks-To: Hans Schwimmbeck <hans at schwimmbeck.de>
    Closes: #852553
---
 ...G_RUNTIME_DIR-in-processes-run-with-kdesu.patch | 43 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 44 insertions(+)

diff --git a/debian/patches/e3ff52a-Unsets-XDG_RUNTIME_DIR-in-processes-run-with-kdesu.patch b/debian/patches/e3ff52a-Unsets-XDG_RUNTIME_DIR-in-processes-run-with-kdesu.patch
new file mode 100644
index 0000000..cb0ad17
--- /dev/null
+++ b/debian/patches/e3ff52a-Unsets-XDG_RUNTIME_DIR-in-processes-run-with-kdesu.patch
@@ -0,0 +1,43 @@
+From e3ff52adec249b7cfa1a375866c268485a1cd344 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa at kde.org>
+Date: Thu, 10 Nov 2016 15:33:36 +0100
+Subject: Unsets XDG_RUNTIME_DIR in processes run with kdesu
+
+Summary:
+If we keep a XDG_RUNTIME_DIR value from another user then all kind of
+breakages might happen. For example, if user foo runs
+"kdesu -u bar dolphin", then when dolphin tries to get
+QStandardPaths::writableLocation(RuntimeLocation), it returns an empty string
+(because XDG_RUNTIME_DIR is not correct). which makes kio try
+to write a socket to access kio slaves in / . Which, for most users
+results in applications not being able to use kio (so no usable dolphin)
+and for root, it means sockets were created in / .
+
+Look at https://bugzilla.opensuse.org/show_bug.cgi?id=1009510 and
+https://phabricator.kde.org/D3317 for more information
+
+Reviewers: dfaure
+
+Reviewed By: dfaure
+
+Differential Revision: https://phabricator.kde.org/D3331
+---
+ src/kdesu_stub.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/kdesu_stub.c b/src/kdesu_stub.c
+index dcc76d8..49db577 100644
+--- a/src/kdesu_stub.c
++++ b/src/kdesu_stub.c
+@@ -258,6 +258,8 @@ int main()
+         unsetenv("LC_ALL");
+     }
+ 
++    unsetenv("XDG_RUNTIME_DIR");
++
+     /* Do we need to change uid? */
+ 
+     pw = getpwnam(params[P_USER].value);
+-- 
+cgit v0.11.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3606e5a
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+e3ff52a-Unsets-XDG_RUNTIME_DIR-in-processes-run-with-kdesu.patch

-- 
kdesu packaging

More information about the pkg-kde-commits mailing list