diff options
author | Mart Raudsepp <leio@gentoo.org> | 2017-04-29 20:47:42 +0300 |
---|---|---|
committer | Mart Raudsepp <leio@gentoo.org> | 2017-04-29 20:50:41 +0300 |
commit | fb7831fd8eb23dd60054c6d564631d4b2549b5bf (patch) | |
tree | 0b8a65434914d04ffee7bace3e4e6ccb36bb0d40 /gnome-base | |
parent | media-radio/gpredict: Add missing USE dep (Bug #616414). Thanks J.Haas (diff) | |
download | gentoo-fb7831fd8eb23dd60054c6d564631d4b2549b5bf.tar.gz gentoo-fb7831fd8eb23dd60054c6d564631d4b2549b5bf.tar.bz2 gentoo-fb7831fd8eb23dd60054c6d564631d4b2549b5bf.zip |
gnome-base/gnome-shell: fix bug triggered by version validation ignoring setting toggling
This has a CVE-2017-8288 assigned for some reason.
Gentoo-bug: 616698
Diffstat (limited to 'gnome-base')
-rw-r--r-- | gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch | 45 | ||||
-rw-r--r-- | gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild | 195 |
2 files changed, 240 insertions, 0 deletions
diff --git a/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch b/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch new file mode 100644 index 000000000000..f9c74d62fddd --- /dev/null +++ b/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch @@ -0,0 +1,45 @@ +From 560e976ee9c59d75907b5ef6ed2bc336719e37d3 Mon Sep 17 00:00:00 2001 +From: Emilio Pozuelo Monfort <pochu27@gmail.com> +Date: Tue, 25 Apr 2017 17:27:42 +0200 +Subject: [PATCH] extensionSystem: handle reloading broken extensions + +Some extensions out there may fail to reload. When that happens, +we need to catch any exceptions so that we don't leave things in +a broken state that could lead to leaving extensions enabled in +the screen shield. + +https://bugzilla.gnome.org/show_bug.cgi?id=781728 +--- + js/ui/extensionSystem.js | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js +index ba33222..1feaa2f 100644 +--- a/js/ui/extensionSystem.js ++++ b/js/ui/extensionSystem.js +@@ -276,12 +276,20 @@ function _onVersionValidationChanged() { + // temporarily disable them all + enabledExtensions = []; + for (let uuid in ExtensionUtils.extensions) +- reloadExtension(ExtensionUtils.extensions[uuid]); ++ try { ++ reloadExtension(ExtensionUtils.extensions[uuid]); ++ } catch(e) { ++ logExtensionError(uuid, e); ++ } + enabledExtensions = getEnabledExtensions(); + + if (Main.sessionMode.allowExtensions) { + enabledExtensions.forEach(function(uuid) { +- enableExtension(uuid); ++ try { ++ enableExtension(uuid); ++ } catch(e) { ++ logExtensionError(uuid, e); ++ } + }); + } + } +-- +2.10.1 + diff --git a/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild b/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild new file mode 100644 index 000000000000..f32132e97ef5 --- /dev/null +++ b/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild @@ -0,0 +1,195 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +GNOME2_LA_PUNT="yes" +GNOME2_EAUTORECONF="yes" +PYTHON_COMPAT=( python{3_4,3_5} ) + +inherit gnome2 multilib pax-utils python-r1 systemd + +DESCRIPTION="Provides core UI functions for the GNOME 3 desktop" +HOMEPAGE="https://wiki.gnome.org/Projects/GnomeShell" + +LICENSE="GPL-2+ LGPL-2+" +SLOT="0" +IUSE="+bluetooth +browser-extension +ibus +networkmanager nsplugin -openrc-force" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +KEYWORDS="~amd64 ~x86" + +# libXfixes-5.0 needed for pointer barriers +# FIXME: +# * gstreamer support is currently automagic +COMMON_DEPEND=" + >=app-accessibility/at-spi2-atk-2.5.3 + >=dev-libs/atk-2[introspection] + >=app-crypt/gcr-3.7.5[introspection] + >=dev-libs/glib-2.45.3:2[dbus] + >=dev-libs/gjs-1.39 + >=dev-libs/gobject-introspection-1.49.1:= + dev-libs/libical:= + >=x11-libs/gtk+-3.15.0:3[introspection] + >=dev-libs/libcroco-0.6.8:0.6 + >=gnome-base/gnome-desktop-3.7.90:3=[introspection] + >=gnome-base/gsettings-desktop-schemas-3.21.3 + >=gnome-extra/evolution-data-server-3.17.2:= + >=media-libs/gstreamer-0.11.92:1.0 + >=net-im/telepathy-logger-0.2.4[introspection] + >=net-libs/telepathy-glib-0.19[introspection] + >=sys-auth/polkit-0.100[introspection] + >=x11-libs/libXfixes-5.0 + x11-libs/libXtst + >=x11-wm/mutter-3.22.1[introspection] + >=x11-libs/startup-notification-0.11 + + ${PYTHON_DEPS} + dev-python/pygobject:3[${PYTHON_USEDEP}] + + dev-libs/dbus-glib + dev-libs/libxml2:2 + media-libs/libcanberra[gtk3] + media-libs/mesa + >=media-sound/pulseaudio-2 + >=net-libs/libsoup-2.40:2.4[introspection] + x11-libs/libX11 + x11-libs/gdk-pixbuf:2[introspection] + + x11-apps/mesa-progs + + bluetooth? ( >=net-wireless/gnome-bluetooth-3.9[introspection] ) + networkmanager? ( + app-crypt/libsecret + >=gnome-extra/nm-applet-0.9.8 + >=net-misc/networkmanager-0.9.8:=[introspection] ) + nsplugin? ( >=dev-libs/json-glib-0.13.2 ) +" +# Runtime-only deps are probably incomplete and approximate. +# Introspection deps generated using: +# grep -roe "imports.gi.*" gnome-shell-* | cut -f2 -d: | sort | uniq +# Each block: +# 1. Introspection stuff needed via imports.gi.* +# 2. gnome-session is needed for gnome-session-quit +# 3. Control shell settings +# 4. Systemd needed for suspending support +# 5. xdg-utils needed for xdg-open, used by extension tool +# 6. adwaita-icon-theme and dejavu font neeed for various icons & arrows +# 7. mobile-broadband-provider-info, timezone-data for shell-mobile-providers.c +# 8. IBus is needed for nls integration +RDEPEND="${COMMON_DEPEND} + app-accessibility/at-spi2-core:2[introspection] + >=app-accessibility/caribou-0.4.8 + dev-libs/libgweather:2[introspection] + >=sys-apps/accountsservice-0.6.14[introspection] + >=sys-power/upower-0.99:=[introspection] + x11-libs/pango[introspection] + + >=gnome-base/gnome-session-2.91.91 + >=gnome-base/gnome-settings-daemon-3.8.3 + + !openrc-force? ( >=sys-apps/systemd-31 ) + + x11-misc/xdg-utils + + media-fonts/dejavu + >=x11-themes/adwaita-icon-theme-3.19.90 + + networkmanager? ( + net-misc/mobile-broadband-provider-info + sys-libs/timezone-data ) + ibus? ( >=app-i18n/ibus-1.4.99[dconf(+),gtk3,introspection] ) +" +# avoid circular dependency, see bug #546134 +PDEPEND=" + >=gnome-base/gdm-3.5[introspection] + >=gnome-base/gnome-control-center-3.8.3[bluetooth(+)?,networkmanager(+)?] + browser-extension? ( gnome-extra/chrome-gnome-shell ) +" +DEPEND="${COMMON_DEPEND} + dev-libs/libxslt + >=dev-util/gdbus-codegen-2.45.3 + >=dev-util/gtk-doc-am-1.17 + gnome-base/gnome-common + >=sys-devel/gettext-0.19.6 + virtual/pkgconfig +" + +PATCHES=( + # Change favorites defaults, bug #479918 + "${FILESDIR}"/${PN}-3.22.0-defaults.patch + # Fix automagic gnome-bluetooth dep, bug #398145 + "${FILESDIR}"/${PN}-3.12-bluetooth-flag.patch + # Add missing path to libmutter-clutter when building .gir, bug #597842 + "${FILESDIR}"/${PN}-3.22.0-gir-build-fix.patch + # Little bug when user has toggled version validation in the session, bug #616698 + "${FILESDIR}"/${PV}-CVE-2017-8288.patch +) + +src_configure() { + # Do not error out on warnings + gnome2_src_configure \ + --enable-man \ + $(use_enable !openrc-force systemd) \ + $(use_with bluetooth) \ + $(use_enable networkmanager) \ + $(use_enable nsplugin browser-plugin) \ + BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins +} + +src_install() { + gnome2_src_install + python_replicate_script "${ED}/usr/bin/gnome-shell-extension-tool" + python_replicate_script "${ED}/usr/bin/gnome-shell-perf-tool" + + # Required for gnome-shell on hardened/PaX, bug #398941 + # Future-proof for >=spidermonkey-1.8.7 following polkit's example + if has_version '<dev-lang/spidermonkey-1.8.7'; then + pax-mark mr "${ED}usr/bin/gnome-shell"{,-extension-prefs} + elif has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then + pax-mark m "${ED}usr/bin/gnome-shell"{,-extension-prefs} + # Required for gnome-shell on hardened/PaX #457146 and #457194 + # PaX EMUTRAMP need to be on + elif has_version '>=dev-libs/libffi-3.0.13[pax_kernel]'; then + pax-mark E "${ED}usr/bin/gnome-shell"{,-extension-prefs} + else + pax-mark m "${ED}usr/bin/gnome-shell"{,-extension-prefs} + fi +} + +pkg_postinst() { + gnome2_pkg_postinst + + if ! has_version 'media-libs/gst-plugins-good:1.0' || \ + ! has_version 'media-plugins/gst-plugins-vpx:1.0'; then + ewarn "To make use of GNOME Shell's built-in screen recording utility," + ewarn "you need to either install media-libs/gst-plugins-good:1.0" + ewarn "and media-plugins/gst-plugins-vpx:1.0, or use dconf-editor to change" + ewarn "apps.gnome-shell.recorder/pipeline to what you want to use." + fi + + if ! has_version "media-libs/mesa[llvm]"; then + elog "llvmpipe is used as fallback when no 3D acceleration" + elog "is available. You will need to enable llvm USE for" + elog "media-libs/mesa." + fi + + # https://bugs.gentoo.org/show_bug.cgi?id=563084 + if has_version "x11-drivers/nvidia-drivers[-kms]"; then + ewarn "You will need to enable kms support in x11-drivers/nvidia-drivers," + ewarn "otherwise Gnome will fail to start" + fi + + if ! systemd_is_booted; then + ewarn "${PN} needs Systemd to be *running* for working" + ewarn "properly. Please follow this guide to migrate:" + ewarn "https://wiki.gentoo.org/wiki/Systemd" + fi + + if use openrc-force; then + ewarn "You are enabling 'openrc-force' USE flag to skip systemd requirement," + ewarn "this can lead to unexpected problems and is not supported neither by" + ewarn "upstream neither by Gnome Gentoo maintainers. If you suffer any problem," + ewarn "you will need to disable this USE flag system wide and retest before" + ewarn "opening any bug report." + fi +} |