01/01: gnu: gnome-shell: Fix CVE-2017-8288.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: gnome-shell: Fix CVE-2017-8288.

From:	Leo Famulari
Subject:	01/01: gnu: gnome-shell: Fix CVE-2017-8288.
Date:	Fri, 5 May 2017 16:15:48 -0400 (EDT)

lfam pushed a commit to branch master
in repository guix.

commit cc3bc027ebbc924cc60fdcd8e7c8572bd0adf90c
Author: rennes <address@hidden>
Date:   Tue May 2 22:46:56 2017 -0500

    gnu: gnome-shell: Fix CVE-2017-8288.
    
    * gnu/packages/patches/gnome-shell-CVE-2017-8288.patch:     New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/gnome.scm (gnome-shell)[source]: Use it.
    
    Co-authored-by: Leo Famulari <address@hidden>
---
 gnu/local.mk                                       |  1 +
 gnu/packages/gnome.scm                             |  3 +-
 .../patches/gnome-shell-CVE-2017-8288.patch        | 54 ++++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 03412c6..558239f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -627,6 +627,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/glog-gcc-5-demangling.patch             \
   %D%/packages/patches/gmp-arm-asm-nothumb.patch               \
   %D%/packages/patches/gmp-faulty-test.patch                   \
+  %D%/packages/patches/gnome-shell-CVE-2017-8288.patch         \
   %D%/packages/patches/gnome-tweak-tool-search-paths.patch     \
   %D%/packages/patches/gnucash-price-quotes-perl.patch         \
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index be11442..ef67961 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -12,7 +12,7 @@
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <address@hidden>
 ;;; Copyright © 2015 David Thompson <address@hidden>
 ;;; Copyright © 2015, 2016 Efraim Flashner <address@hidden>
-;;; Copyright © 2016 Rene Saavedra <address@hidden>
+;;; Copyright © 2016, 2017 Rene Saavedra <address@hidden>
 ;;; Copyright © 2016 Jochem Raat <address@hidden>
 ;;; Copyright © 2016 Kei Kebreau <address@hidden>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <address@hidden>
@@ -5000,6 +5000,7 @@ properties, screen resolution, and other GNOME 
parameters.")
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
+              (patches (search-patches "gnome-shell-CVE-2017-8288.patch"))
               (sha256
                (base32
                 "16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))
diff --git a/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch 
b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
new file mode 100644
index 0000000..5d8e315
--- /dev/null
+++ b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
@@ -0,0 +1,54 @@
+Fix CVE-2017-8288:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
+http://seclists.org/oss-sec/2017/q2/136
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1
+
+From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <address@hidden>
+Date: Tue, 25 Apr 2017 17:27:42 +0200
+Subject: extensionSystem: handle reloading broken extensions
+
+Some extensions out there may fail to reload. When that happens,
+we need to catch any exceptions so that we don't leave things in
+a broken state that could lead to leaving extensions enabled in
+the screen shield.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781728
+---
+ js/ui/extensionSystem.js | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
+index a4dc29e..fc352b8 100644
+--- a/js/ui/extensionSystem.js
++++ b/js/ui/extensionSystem.js
+@@ -282,12 +282,20 @@ function _onVersionValidationChanged() {
+     // temporarily disable them all
+     enabledExtensions = [];
+     for (let uuid in ExtensionUtils.extensions)
+-        reloadExtension(ExtensionUtils.extensions[uuid]);
++        try {
++            reloadExtension(ExtensionUtils.extensions[uuid]);
++        } catch(e) {
++            logExtensionError(uuid, e);
++        }
+     enabledExtensions = getEnabledExtensions();
+ 
+     if (Main.sessionMode.allowExtensions) {
+         enabledExtensions.forEach(function(uuid) {
+-            enableExtension(uuid);
++            try {
++                enableExtension(uuid);
++            } catch(e) {
++                logExtensionError(uuid, e);
++            }
+         });
+     }
+ }
+-- 
+cgit v0.12
+

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (c39a54f -> cc3bc02), Leo Famulari, 2017/05/05
- 01/01: gnu: gnome-shell: Fix CVE-2017-8288., Leo Famulari <=

Prev by Date: branch master updated (c39a54f -> cc3bc02)
Next by Date: branch master updated (cc3bc02 -> 6cf8e57)
Previous by thread: branch master updated (c39a54f -> cc3bc02)
Next by thread: branch master updated (cc3bc02 -> 6cf8e57)
Index(es):
- Date
- Thread