From 3f7cc9dc8f57397174ab0ea6149e674ac081c2350cf0148be7110d7a144fe174 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 1 Oct 2010 07:30:57 +0000 Subject: [PATCH] Accepting request 49569 from home:vuntz:branches:GNOME:Factory Fix looks good.. OBS-URL: https://build.opensuse.org/request/show/49569 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gnome-shell?expand=0&rev=34 --- gnome-shell-secure-LD_LIBRARY_PATH.patch | 32 ++++++++++++++++++++++++ gnome-shell.changes | 6 +++++ gnome-shell.spec | 3 +++ 3 files changed, 41 insertions(+) create mode 100644 gnome-shell-secure-LD_LIBRARY_PATH.patch diff --git a/gnome-shell-secure-LD_LIBRARY_PATH.patch b/gnome-shell-secure-LD_LIBRARY_PATH.patch new file mode 100644 index 0000000..cdca8eb --- /dev/null +++ b/gnome-shell-secure-LD_LIBRARY_PATH.patch @@ -0,0 +1,32 @@ +From c6eb2761c719af47248badb2187866ffaff6e671 Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 30 Sep 2010 15:21:58 +0200 +Subject: [PATCH] gnome-shell.in: Never add empty elements to LD_LIBRARY_PATH + +An empty element means the current directory, and is insecure. + +https://bugzilla.gnome.org/show_bug.cgi?id=631004 +--- + src/gnome-shell.in | 6 +++++- + 1 files changed, 5 insertions(+), 1 deletions(-) + +diff --git a/src/gnome-shell.in b/src/gnome-shell.in +index 163ecfc..b523bde 100755 +--- a/src/gnome-shell.in ++++ b/src/gnome-shell.in +@@ -246,7 +246,11 @@ def start_shell(perf_output=None): + if pkgconfig.returncode == 0: + mozjs_libdir = re.sub('-(sdk|devel)', '', mozjs_sdkdir) + if os.path.exists(mozjs_libdir + '/libmozjs.so'): +- env['LD_LIBRARY_PATH'] = os.environ.get('LD_LIBRARY_PATH', '') + ':' + mozjs_libdir ++ if 'LD_LIBRARY_PATH' in env: ++ ld_library_path = env['LD_LIBRARY_PATH'] + ':' + mozjs_libdir ++ else: ++ ld_library_path = mozjs_libdir ++ env['LD_LIBRARY_PATH'] = ld_library_path + + # Log everything to stderr (make stderr our "log file") + env['GJS_DEBUG_OUTPUT'] = 'stderr' +-- +1.7.2.2 + diff --git a/gnome-shell.changes b/gnome-shell.changes index ed6345c..13bb083 100644 --- a/gnome-shell.changes +++ b/gnome-shell.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Sep 30 15:28:18 CEST 2010 - vuntz@opensuse.org + +- Add gnome-shell-secure-LD_LIBRARY_PATH.patch to make sure to not + add empty elements to LD_LIBRARY_PATH. Fix bnc#642827. + ------------------------------------------------------------------- Mon Sep 20 13:01:39 CEST 2010 - vuntz@opensuse.org diff --git a/gnome-shell.spec b/gnome-shell.spec index 52460ce..1bcc915 100644 --- a/gnome-shell.spec +++ b/gnome-shell.spec @@ -32,6 +32,8 @@ Source2: gnome3.desktop Patch0: gnome-shell-fix-recent-gtk3.patch # PATCH-FIX-UPSTREAM gnome-shell-fix-recent-clutter.patch vuntz@opensuse.org -- Do not use API gone in recent clutter, taken from git Patch1: gnome-shell-fix-recent-clutter.patch +# PATCH-FIX-UPSTREAM gnome-shell-secure-LD_LIBRARY_PATH.patch bgo#631004 bnc#642827 vuntz@opensuse.org -- Never add empty elements to LD_LIBRARY_PATH +Patch2: gnome-shell-secure-LD_LIBRARY_PATH.patch BuildRequires: intltool BuildRequires: update-desktop-files BuildRequires: pkgconfig(clutter-1.0) @@ -67,6 +69,7 @@ documents, and organizing open windows in GNOME. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure \