gnu: gnome-shell: Fix CVE-2017-8288.

* gnu/packages/patches/gnome-shell-CVE-2017-8288.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gnome-shell)[source]: Use it. Co-authored-by: Leo Famulari <leo@famulari.name>
2017-05-02 22:46:56 -05:00 · 2017-05-02 22:46:56 -05:00 · cc3bc027eb
parent c39a54f431
commit cc3bc027eb
3 changed files with 57 additions and 1 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -627,6 +627,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/glog-gcc-5-demangling.patch		\
  %D%/packages/patches/gmp-arm-asm-nothumb.patch		\
  %D%/packages/patches/gmp-faulty-test.patch			\
  %D%/packages/patches/gnome-shell-CVE-2017-8288.patch		\
  %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
  %D%/packages/patches/gnucash-price-quotes-perl.patch		\
  %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@ -12,7 +12,7 @@
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@ -5000,6 +5000,7 @@ properties, screen resolution, and other GNOME parameters.")
              (uri (string-append "mirror://gnome/sources/" name "/"
                                  (version-major+minor version) "/"
                                  name "-" version ".tar.xz"))
              (patches (search-patches "gnome-shell-CVE-2017-8288.patch"))
              (sha256
               (base32
                "16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))
--- a/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
+++ b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
@ -0,0 +1,54 @@
 Fix CVE-2017-8288:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
 http://seclists.org/oss-sec/2017/q2/136
 Patch copied from upstream source repository:
 https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1
 From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001
 From: Emilio Pozuelo Monfort <pochu27@gmail.com>
 Date: Tue, 25 Apr 2017 17:27:42 +0200
 Subject: extensionSystem: handle reloading broken extensions
 Some extensions out there may fail to reload. When that happens,
 we need to catch any exceptions so that we don't leave things in
 a broken state that could lead to leaving extensions enabled in
 the screen shield.
 https://bugzilla.gnome.org/show_bug.cgi?id=781728
 ---
 js/ui/extensionSystem.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
 diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
 index a4dc29e..fc352b8 100644
 --- a/js/ui/extensionSystem.js
 +++ b/js/ui/extensionSystem.js
@@ -282,12 +282,20 @@ function _onVersionValidationChanged() {
     // temporarily disable them all
     enabledExtensions = [];
     for (let uuid in ExtensionUtils.extensions)
 -        reloadExtension(ExtensionUtils.extensions[uuid]);
 +        try {
 +            reloadExtension(ExtensionUtils.extensions[uuid]);
 +        } catch(e) {
 +            logExtensionError(uuid, e);
 +        }
     enabledExtensions = getEnabledExtensions();
     if (Main.sessionMode.allowExtensions) {
         enabledExtensions.forEach(function(uuid) {
 -            enableExtension(uuid);
 +            try {
 +                enableExtension(uuid);
 +            } catch(e) {
 +                logExtensionError(uuid, e);
 +            }
         });
     }
 }
 -- 
 cgit v0.12