gnu: gnome-shell: Fix CVE-2017-8288.

* gnu/packages/patches/gnome-shell-CVE-2017-8288.patch:	New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gnome-shell)[source]: Use it.

Co-authored-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
rennes 2017-05-02 22:46:56 -05:00 committed by Leo Famulari
parent c39a54f431
commit cc3bc027eb
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 57 additions and 1 deletions

View File

@ -627,6 +627,7 @@ dist_patch_DATA = \
%D%/packages/patches/glog-gcc-5-demangling.patch \
%D%/packages/patches/gmp-arm-asm-nothumb.patch \
%D%/packages/patches/gmp-faulty-test.patch \
%D%/packages/patches/gnome-shell-CVE-2017-8288.patch \
%D%/packages/patches/gnome-tweak-tool-search-paths.patch \
%D%/packages/patches/gnucash-price-quotes-perl.patch \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \

View File

@ -12,7 +12,7 @@
;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
;;; Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@ -5000,6 +5000,7 @@ properties, screen resolution, and other GNOME parameters.")
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(patches (search-patches "gnome-shell-CVE-2017-8288.patch"))
(sha256
(base32
"16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))

View File

@ -0,0 +1,54 @@
Fix CVE-2017-8288:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
http://seclists.org/oss-sec/2017/q2/136
Patch copied from upstream source repository:
https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1
From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
Date: Tue, 25 Apr 2017 17:27:42 +0200
Subject: extensionSystem: handle reloading broken extensions
Some extensions out there may fail to reload. When that happens,
we need to catch any exceptions so that we don't leave things in
a broken state that could lead to leaving extensions enabled in
the screen shield.
https://bugzilla.gnome.org/show_bug.cgi?id=781728
---
js/ui/extensionSystem.js | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index a4dc29e..fc352b8 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -282,12 +282,20 @@ function _onVersionValidationChanged() {
// temporarily disable them all
enabledExtensions = [];
for (let uuid in ExtensionUtils.extensions)
- reloadExtension(ExtensionUtils.extensions[uuid]);
+ try {
+ reloadExtension(ExtensionUtils.extensions[uuid]);
+ } catch(e) {
+ logExtensionError(uuid, e);
+ }
enabledExtensions = getEnabledExtensions();
if (Main.sessionMode.allowExtensions) {
enabledExtensions.forEach(function(uuid) {
- enableExtension(uuid);
+ try {
+ enableExtension(uuid);
+ } catch(e) {
+ logExtensionError(uuid, e);
+ }
});
}
}
--
cgit v0.12