diff --git a/gnome-shell-CVE-2010-4000.patch b/gnome-shell-CVE-2010-4000.patch new file mode 100644 index 0000000..d0ac268 --- /dev/null +++ b/gnome-shell-CVE-2010-4000.patch @@ -0,0 +1,35 @@ +commit 7beb7e0f65c6f66daebd307c492381249ddd41be +Author: Vincent Untz +Date: Wed Jan 5 10:32:44 2011 +0100 + + gnome-shell.in: Really never add empty elements to LD_LIBRARY_PATH + + This complements the fix from c6eb2761, to make sure that we don't use + the pre-existing $LD_LIBRARY_PATH if it's set but empty. + + Both commits fix CVE-2010-4000. + + https://bugzilla.gnome.org/show_bug.cgi?id=638728 + +diff --git a/src/gnome-shell.in b/src/gnome-shell.in +index 2abd7d5..e422adb 100755 +--- a/src/gnome-shell.in ++++ b/src/gnome-shell.in +@@ -152,7 +152,7 @@ def start_dconf_await_service(): + # dconf is linked without libtool, so unlike other GNOME modules, + # won't have an embedded rpath for its library directory. + env = dict(os.environ) +- if 'LD_LIBRARY_PATH' in env: ++ if 'LD_LIBRARY_PATH' in env and env['LD_LIBRARY_PATH']: + ld_library_path = '@libdir@:' + env['LD_LIBRARY_PATH'] + else: + ld_library_path = '@libdir@' +@@ -246,7 +246,7 @@ def start_shell(perf_output=None): + if pkgconfig.returncode == 0: + mozjs_libdir = re.sub('-(sdk|devel)', '', mozjs_sdkdir) + if os.path.exists(mozjs_libdir + '/libmozjs.so'): +- if 'LD_LIBRARY_PATH' in env: ++ if 'LD_LIBRARY_PATH' in env and env['LD_LIBRARY_PATH']: + ld_library_path = env['LD_LIBRARY_PATH'] + ':' + mozjs_libdir + else: + ld_library_path = mozjs_libdir diff --git a/gnome-shell-fix-include.patch b/gnome-shell-fix-include.patch new file mode 100644 index 0000000..fe98fcc --- /dev/null +++ b/gnome-shell-fix-include.patch @@ -0,0 +1,24 @@ +commit ad624d546f154685cefdb477df2d5eeda36f7b0c +Author: Florian Müllner +Date: Thu Nov 11 01:38:17 2010 +0100 + + st-texture-cache: Fix include + + The file gnome-desktop-thumbnail.h was moved from libgnomeui to + libgnome-desktop. + + https://bugzilla.gnome.org/show_bug.cgi?id=634555 + +diff --git a/src/st/st-texture-cache.c b/src/st/st-texture-cache.c +index a40590e..0d8aac2 100644 +--- a/src/st/st-texture-cache.c ++++ b/src/st/st-texture-cache.c +@@ -5,7 +5,7 @@ + #include "st-texture-cache.h" + #include + #define GNOME_DESKTOP_USE_UNSTABLE_API +-#include ++#include + #include + #include + diff --git a/gnome-shell-gtk3-2.91.6.patch b/gnome-shell-gtk3-2.91.6.patch new file mode 100644 index 0000000..7ca7643 --- /dev/null +++ b/gnome-shell-gtk3-2.91.6.patch @@ -0,0 +1,79 @@ +commit 7ce65e421b0123d3a86fa26aca5f991c5987f45e +Author: Jason D. Clinton +Date: Thu Dec 2 16:07:34 2010 -0600 + + Fix compilation against latest GTK+-3 changes + + GDK_WINDOW_XWINDOW has been removed. All calls should use + gdk_x11_window_get_xid() instead. + +diff --git a/src/shell-embedded-window.c b/src/shell-embedded-window.c +index a3b9153..01a5a4d 100644 +--- a/src/shell-embedded-window.c ++++ b/src/shell-embedded-window.c +@@ -106,7 +106,7 @@ shell_embedded_window_realize (GtkWidget *widget) + * modifying the GDK hierarchy. + */ + XReparentWindow (GDK_DISPLAY_XDISPLAY (gtk_widget_get_display (widget)), +- GDK_WINDOW_XWINDOW (gtk_widget_get_window (widget)), ++ gdk_x11_window_get_xid (gtk_widget_get_window (widget)), + window->priv->stage_xwindow, + window->priv->position.x, window->priv->position.y); + } +diff --git a/src/shell-gtk-embed.c b/src/shell-gtk-embed.c +index c138418..a7c7bbe 100644 +--- a/src/shell-gtk-embed.c ++++ b/src/shell-gtk-embed.c +@@ -39,7 +39,7 @@ shell_gtk_embed_on_window_realize (GtkWidget *widget, + * screen. + */ + clutter_x11_texture_pixmap_set_window (CLUTTER_X11_TEXTURE_PIXMAP (embed), +- GDK_WINDOW_XWINDOW (gtk_widget_get_window (widget)), ++ gdk_x11_window_get_xid (gtk_widget_get_window (widget)), + FALSE); + } + +diff --git a/src/tray/na-tray-child.c b/src/tray/na-tray-child.c +index e5cc2a6..37db2e0 100644 +--- a/src/tray/na-tray-child.c ++++ b/src/tray/na-tray-child.c +@@ -420,7 +420,7 @@ na_tray_child_force_redraw (NaTrayChild *child) + gtk_widget_get_allocation (widget, &allocation); + + xev.xexpose.type = Expose; +- xev.xexpose.window = GDK_WINDOW_XWINDOW (plug_window); ++ xev.xexpose.window = gdk_x11_window_get_xid (plug_window); + xev.xexpose.x = 0; + xev.xexpose.y = 0; + xev.xexpose.width = allocation.width; +diff --git a/src/tray/na-tray-manager.c b/src/tray/na-tray-manager.c +index bccda63..64300bc 100644 +--- a/src/tray/na-tray-manager.c ++++ b/src/tray/na-tray-manager.c +@@ -601,7 +601,7 @@ na_tray_manager_set_orientation_property (NaTrayManager *manager) + SYSTEM_TRAY_ORIENTATION_VERT; + + XChangeProperty (GDK_DISPLAY_XDISPLAY (display), +- GDK_WINDOW_XWINDOW (window), ++ gdk_x11_window_get_xid (window), + orientation_atom, + XA_CARDINAL, 32, + PropModeReplace, +@@ -646,7 +646,7 @@ na_tray_manager_set_visual_property (NaTrayManager *manager) + data[0] = XVisualIDFromVisual (xvisual); + + XChangeProperty (GDK_DISPLAY_XDISPLAY (display), +- GDK_WINDOW_XWINDOW (window), ++ gdk_x11_window_get_xid (window), + visual_atom, + XA_VISUALID, 32, + PropModeReplace, +@@ -724,7 +724,7 @@ na_tray_manager_manage_screen_x11 (NaTrayManager *manager, + xev.data.l[0] = timestamp; + xev.data.l[1] = gdk_x11_atom_to_xatom_for_display (display, + manager->selection_atom); +- xev.data.l[2] = GDK_WINDOW_XWINDOW (window); ++ xev.data.l[2] = gdk_x11_window_get_xid (window); + xev.data.l[3] = 0; /* manager specific data */ + xev.data.l[4] = 0; /* manager specific data */ + diff --git a/gnome-shell.changes b/gnome-shell.changes index 97a506b..2324883 100644 --- a/gnome-shell.changes +++ b/gnome-shell.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Jan 5 11:01:48 CET 2011 - vuntz@opensuse.org + +- Add gnome-shell-CVE-2010-4000.patch to really safely set + LD_LIBRARY_PATH. Fix bnc#642827 and CVE-2010-4000. + +------------------------------------------------------------------- +Wed Dec 15 13:16:11 CET 2010 - vuntz@opensuse.org + +- Add gnome-shell-fix-include.patch to fix the build after a change + in gnome-desktop; taken from git. +- Add gnome-shell-gtk3-2.91.6.patch to fix build with gtk3 2.91.6; + taken from git. + ------------------------------------------------------------------- Thu Nov 18 10:35:51 CET 2010 - vuntz@opensuse.org diff --git a/gnome-shell.spec b/gnome-shell.spec index f523dc6..4610fdf 100644 --- a/gnome-shell.spec +++ b/gnome-shell.spec @@ -28,6 +28,12 @@ Source: %{name}-%{version}.tar.bz2 # Note: this also explains the Requires on gnome-session below. Source1: gnome-shell-session Source2: gnome3.desktop +# PATCH-FIX-UPSTREAM gnome-shell-fix-include.patch vuntz@opensuse.org -- Taken from git, to fix the build after an include moved in gnome-desktop +Patch0: gnome-shell-fix-include.patch +# PATCH-FIX-UPSTREAM gnome-shell-gtk3-2.91.6.patch vuntz@opensuse.org -- Fix build with recent gtk3, taken from git +Patch1: gnome-shell-gtk3-2.91.6.patch +# PATCH-FIX-UPSTREAM gnome-shell-CVE-2010-4000.patch bnc#642827 bgo#638728 CVE-2010-4000 vuntz@opensuse.org -- Really safely set LD_LIBRARY_PATH +Patch2: gnome-shell-CVE-2010-4000.patch BuildRequires: intltool BuildRequires: update-desktop-files BuildRequires: pkgconfig(clutter-1.0) @@ -63,6 +69,9 @@ documents, and organizing open windows in GNOME. %lang_package %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build %configure \