gnu: gnome-shell: Fix CVE-2017-8288.
* gnu/packages/patches/gnome-shell-CVE-2017-8288.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gnome-shell)[source]: Use it. Co-authored-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
parent
c39a54f431
commit
cc3bc027eb
|
@ -627,6 +627,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/glog-gcc-5-demangling.patch \
|
||||
%D%/packages/patches/gmp-arm-asm-nothumb.patch \
|
||||
%D%/packages/patches/gmp-faulty-test.patch \
|
||||
%D%/packages/patches/gnome-shell-CVE-2017-8288.patch \
|
||||
%D%/packages/patches/gnome-tweak-tool-search-paths.patch \
|
||||
%D%/packages/patches/gnucash-price-quotes-perl.patch \
|
||||
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2015 David Thompson <davet@gnu.org>
|
||||
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
|
||||
;;; Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
|
||||
;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
|
||||
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
|
||||
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
|
||||
|
@ -5000,6 +5000,7 @@ properties, screen resolution, and other GNOME parameters.")
|
|||
(uri (string-append "mirror://gnome/sources/" name "/"
|
||||
(version-major+minor version) "/"
|
||||
name "-" version ".tar.xz"))
|
||||
(patches (search-patches "gnome-shell-CVE-2017-8288.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
Fix CVE-2017-8288:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
|
||||
http://seclists.org/oss-sec/2017/q2/136
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1
|
||||
|
||||
From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001
|
||||
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
|
||||
Date: Tue, 25 Apr 2017 17:27:42 +0200
|
||||
Subject: extensionSystem: handle reloading broken extensions
|
||||
|
||||
Some extensions out there may fail to reload. When that happens,
|
||||
we need to catch any exceptions so that we don't leave things in
|
||||
a broken state that could lead to leaving extensions enabled in
|
||||
the screen shield.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=781728
|
||||
---
|
||||
js/ui/extensionSystem.js | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
|
||||
index a4dc29e..fc352b8 100644
|
||||
--- a/js/ui/extensionSystem.js
|
||||
+++ b/js/ui/extensionSystem.js
|
||||
@@ -282,12 +282,20 @@ function _onVersionValidationChanged() {
|
||||
// temporarily disable them all
|
||||
enabledExtensions = [];
|
||||
for (let uuid in ExtensionUtils.extensions)
|
||||
- reloadExtension(ExtensionUtils.extensions[uuid]);
|
||||
+ try {
|
||||
+ reloadExtension(ExtensionUtils.extensions[uuid]);
|
||||
+ } catch(e) {
|
||||
+ logExtensionError(uuid, e);
|
||||
+ }
|
||||
enabledExtensions = getEnabledExtensions();
|
||||
|
||||
if (Main.sessionMode.allowExtensions) {
|
||||
enabledExtensions.forEach(function(uuid) {
|
||||
- enableExtension(uuid);
|
||||
+ try {
|
||||
+ enableExtension(uuid);
|
||||
+ } catch(e) {
|
||||
+ logExtensionError(uuid, e);
|
||||
+ }
|
||||
});
|
||||
}
|
||||
}
|
||||
--
|
||||
cgit v0.12
|
||||
|
Loading…
Reference in New Issue