1 |
commit: fb7831fd8eb23dd60054c6d564631d4b2549b5bf |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Apr 29 17:47:42 2017 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Apr 29 17:50:41 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb7831fd |
7 |
|
8 |
gnome-base/gnome-shell: fix bug triggered by version validation ignoring setting toggling |
9 |
|
10 |
This has a CVE-2017-8288 assigned for some reason. |
11 |
|
12 |
Gentoo-bug: 616698 |
13 |
|
14 |
.../gnome-shell/files/3.22.3-CVE-2017-8288.patch | 45 +++++ |
15 |
.../gnome-shell/gnome-shell-3.22.3-r2.ebuild | 195 +++++++++++++++++++++ |
16 |
2 files changed, 240 insertions(+) |
17 |
|
18 |
diff --git a/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch b/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..f9c74d62fdd |
21 |
--- /dev/null |
22 |
+++ b/gnome-base/gnome-shell/files/3.22.3-CVE-2017-8288.patch |
23 |
@@ -0,0 +1,45 @@ |
24 |
+From 560e976ee9c59d75907b5ef6ed2bc336719e37d3 Mon Sep 17 00:00:00 2001 |
25 |
+From: Emilio Pozuelo Monfort <pochu27@×××××.com> |
26 |
+Date: Tue, 25 Apr 2017 17:27:42 +0200 |
27 |
+Subject: [PATCH] extensionSystem: handle reloading broken extensions |
28 |
+ |
29 |
+Some extensions out there may fail to reload. When that happens, |
30 |
+we need to catch any exceptions so that we don't leave things in |
31 |
+a broken state that could lead to leaving extensions enabled in |
32 |
+the screen shield. |
33 |
+ |
34 |
+https://bugzilla.gnome.org/show_bug.cgi?id=781728 |
35 |
+--- |
36 |
+ js/ui/extensionSystem.js | 12 ++++++++++-- |
37 |
+ 1 file changed, 10 insertions(+), 2 deletions(-) |
38 |
+ |
39 |
+diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js |
40 |
+index ba33222..1feaa2f 100644 |
41 |
+--- a/js/ui/extensionSystem.js |
42 |
++++ b/js/ui/extensionSystem.js |
43 |
+@@ -276,12 +276,20 @@ function _onVersionValidationChanged() { |
44 |
+ // temporarily disable them all |
45 |
+ enabledExtensions = []; |
46 |
+ for (let uuid in ExtensionUtils.extensions) |
47 |
+- reloadExtension(ExtensionUtils.extensions[uuid]); |
48 |
++ try { |
49 |
++ reloadExtension(ExtensionUtils.extensions[uuid]); |
50 |
++ } catch(e) { |
51 |
++ logExtensionError(uuid, e); |
52 |
++ } |
53 |
+ enabledExtensions = getEnabledExtensions(); |
54 |
+ |
55 |
+ if (Main.sessionMode.allowExtensions) { |
56 |
+ enabledExtensions.forEach(function(uuid) { |
57 |
+- enableExtension(uuid); |
58 |
++ try { |
59 |
++ enableExtension(uuid); |
60 |
++ } catch(e) { |
61 |
++ logExtensionError(uuid, e); |
62 |
++ } |
63 |
+ }); |
64 |
+ } |
65 |
+ } |
66 |
+-- |
67 |
+2.10.1 |
68 |
+ |
69 |
|
70 |
diff --git a/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild b/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild |
71 |
new file mode 100644 |
72 |
index 00000000000..f32132e97ef |
73 |
--- /dev/null |
74 |
+++ b/gnome-base/gnome-shell/gnome-shell-3.22.3-r2.ebuild |
75 |
@@ -0,0 +1,195 @@ |
76 |
+# Copyright 1999-2017 Gentoo Foundation |
77 |
+# Distributed under the terms of the GNU General Public License v2 |
78 |
+ |
79 |
+EAPI=6 |
80 |
+GNOME2_LA_PUNT="yes" |
81 |
+GNOME2_EAUTORECONF="yes" |
82 |
+PYTHON_COMPAT=( python{3_4,3_5} ) |
83 |
+ |
84 |
+inherit gnome2 multilib pax-utils python-r1 systemd |
85 |
+ |
86 |
+DESCRIPTION="Provides core UI functions for the GNOME 3 desktop" |
87 |
+HOMEPAGE="https://wiki.gnome.org/Projects/GnomeShell" |
88 |
+ |
89 |
+LICENSE="GPL-2+ LGPL-2+" |
90 |
+SLOT="0" |
91 |
+IUSE="+bluetooth +browser-extension +ibus +networkmanager nsplugin -openrc-force" |
92 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE}" |
93 |
+ |
94 |
+KEYWORDS="~amd64 ~x86" |
95 |
+ |
96 |
+# libXfixes-5.0 needed for pointer barriers |
97 |
+# FIXME: |
98 |
+# * gstreamer support is currently automagic |
99 |
+COMMON_DEPEND=" |
100 |
+ >=app-accessibility/at-spi2-atk-2.5.3 |
101 |
+ >=dev-libs/atk-2[introspection] |
102 |
+ >=app-crypt/gcr-3.7.5[introspection] |
103 |
+ >=dev-libs/glib-2.45.3:2[dbus] |
104 |
+ >=dev-libs/gjs-1.39 |
105 |
+ >=dev-libs/gobject-introspection-1.49.1:= |
106 |
+ dev-libs/libical:= |
107 |
+ >=x11-libs/gtk+-3.15.0:3[introspection] |
108 |
+ >=dev-libs/libcroco-0.6.8:0.6 |
109 |
+ >=gnome-base/gnome-desktop-3.7.90:3=[introspection] |
110 |
+ >=gnome-base/gsettings-desktop-schemas-3.21.3 |
111 |
+ >=gnome-extra/evolution-data-server-3.17.2:= |
112 |
+ >=media-libs/gstreamer-0.11.92:1.0 |
113 |
+ >=net-im/telepathy-logger-0.2.4[introspection] |
114 |
+ >=net-libs/telepathy-glib-0.19[introspection] |
115 |
+ >=sys-auth/polkit-0.100[introspection] |
116 |
+ >=x11-libs/libXfixes-5.0 |
117 |
+ x11-libs/libXtst |
118 |
+ >=x11-wm/mutter-3.22.1[introspection] |
119 |
+ >=x11-libs/startup-notification-0.11 |
120 |
+ |
121 |
+ ${PYTHON_DEPS} |
122 |
+ dev-python/pygobject:3[${PYTHON_USEDEP}] |
123 |
+ |
124 |
+ dev-libs/dbus-glib |
125 |
+ dev-libs/libxml2:2 |
126 |
+ media-libs/libcanberra[gtk3] |
127 |
+ media-libs/mesa |
128 |
+ >=media-sound/pulseaudio-2 |
129 |
+ >=net-libs/libsoup-2.40:2.4[introspection] |
130 |
+ x11-libs/libX11 |
131 |
+ x11-libs/gdk-pixbuf:2[introspection] |
132 |
+ |
133 |
+ x11-apps/mesa-progs |
134 |
+ |
135 |
+ bluetooth? ( >=net-wireless/gnome-bluetooth-3.9[introspection] ) |
136 |
+ networkmanager? ( |
137 |
+ app-crypt/libsecret |
138 |
+ >=gnome-extra/nm-applet-0.9.8 |
139 |
+ >=net-misc/networkmanager-0.9.8:=[introspection] ) |
140 |
+ nsplugin? ( >=dev-libs/json-glib-0.13.2 ) |
141 |
+" |
142 |
+# Runtime-only deps are probably incomplete and approximate. |
143 |
+# Introspection deps generated using: |
144 |
+# grep -roe "imports.gi.*" gnome-shell-* | cut -f2 -d: | sort | uniq |
145 |
+# Each block: |
146 |
+# 1. Introspection stuff needed via imports.gi.* |
147 |
+# 2. gnome-session is needed for gnome-session-quit |
148 |
+# 3. Control shell settings |
149 |
+# 4. Systemd needed for suspending support |
150 |
+# 5. xdg-utils needed for xdg-open, used by extension tool |
151 |
+# 6. adwaita-icon-theme and dejavu font neeed for various icons & arrows |
152 |
+# 7. mobile-broadband-provider-info, timezone-data for shell-mobile-providers.c |
153 |
+# 8. IBus is needed for nls integration |
154 |
+RDEPEND="${COMMON_DEPEND} |
155 |
+ app-accessibility/at-spi2-core:2[introspection] |
156 |
+ >=app-accessibility/caribou-0.4.8 |
157 |
+ dev-libs/libgweather:2[introspection] |
158 |
+ >=sys-apps/accountsservice-0.6.14[introspection] |
159 |
+ >=sys-power/upower-0.99:=[introspection] |
160 |
+ x11-libs/pango[introspection] |
161 |
+ |
162 |
+ >=gnome-base/gnome-session-2.91.91 |
163 |
+ >=gnome-base/gnome-settings-daemon-3.8.3 |
164 |
+ |
165 |
+ !openrc-force? ( >=sys-apps/systemd-31 ) |
166 |
+ |
167 |
+ x11-misc/xdg-utils |
168 |
+ |
169 |
+ media-fonts/dejavu |
170 |
+ >=x11-themes/adwaita-icon-theme-3.19.90 |
171 |
+ |
172 |
+ networkmanager? ( |
173 |
+ net-misc/mobile-broadband-provider-info |
174 |
+ sys-libs/timezone-data ) |
175 |
+ ibus? ( >=app-i18n/ibus-1.4.99[dconf(+),gtk3,introspection] ) |
176 |
+" |
177 |
+# avoid circular dependency, see bug #546134 |
178 |
+PDEPEND=" |
179 |
+ >=gnome-base/gdm-3.5[introspection] |
180 |
+ >=gnome-base/gnome-control-center-3.8.3[bluetooth(+)?,networkmanager(+)?] |
181 |
+ browser-extension? ( gnome-extra/chrome-gnome-shell ) |
182 |
+" |
183 |
+DEPEND="${COMMON_DEPEND} |
184 |
+ dev-libs/libxslt |
185 |
+ >=dev-util/gdbus-codegen-2.45.3 |
186 |
+ >=dev-util/gtk-doc-am-1.17 |
187 |
+ gnome-base/gnome-common |
188 |
+ >=sys-devel/gettext-0.19.6 |
189 |
+ virtual/pkgconfig |
190 |
+" |
191 |
+ |
192 |
+PATCHES=( |
193 |
+ # Change favorites defaults, bug #479918 |
194 |
+ "${FILESDIR}"/${PN}-3.22.0-defaults.patch |
195 |
+ # Fix automagic gnome-bluetooth dep, bug #398145 |
196 |
+ "${FILESDIR}"/${PN}-3.12-bluetooth-flag.patch |
197 |
+ # Add missing path to libmutter-clutter when building .gir, bug #597842 |
198 |
+ "${FILESDIR}"/${PN}-3.22.0-gir-build-fix.patch |
199 |
+ # Little bug when user has toggled version validation in the session, bug #616698 |
200 |
+ "${FILESDIR}"/${PV}-CVE-2017-8288.patch |
201 |
+) |
202 |
+ |
203 |
+src_configure() { |
204 |
+ # Do not error out on warnings |
205 |
+ gnome2_src_configure \ |
206 |
+ --enable-man \ |
207 |
+ $(use_enable !openrc-force systemd) \ |
208 |
+ $(use_with bluetooth) \ |
209 |
+ $(use_enable networkmanager) \ |
210 |
+ $(use_enable nsplugin browser-plugin) \ |
211 |
+ BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins |
212 |
+} |
213 |
+ |
214 |
+src_install() { |
215 |
+ gnome2_src_install |
216 |
+ python_replicate_script "${ED}/usr/bin/gnome-shell-extension-tool" |
217 |
+ python_replicate_script "${ED}/usr/bin/gnome-shell-perf-tool" |
218 |
+ |
219 |
+ # Required for gnome-shell on hardened/PaX, bug #398941 |
220 |
+ # Future-proof for >=spidermonkey-1.8.7 following polkit's example |
221 |
+ if has_version '<dev-lang/spidermonkey-1.8.7'; then |
222 |
+ pax-mark mr "${ED}usr/bin/gnome-shell"{,-extension-prefs} |
223 |
+ elif has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then |
224 |
+ pax-mark m "${ED}usr/bin/gnome-shell"{,-extension-prefs} |
225 |
+ # Required for gnome-shell on hardened/PaX #457146 and #457194 |
226 |
+ # PaX EMUTRAMP need to be on |
227 |
+ elif has_version '>=dev-libs/libffi-3.0.13[pax_kernel]'; then |
228 |
+ pax-mark E "${ED}usr/bin/gnome-shell"{,-extension-prefs} |
229 |
+ else |
230 |
+ pax-mark m "${ED}usr/bin/gnome-shell"{,-extension-prefs} |
231 |
+ fi |
232 |
+} |
233 |
+ |
234 |
+pkg_postinst() { |
235 |
+ gnome2_pkg_postinst |
236 |
+ |
237 |
+ if ! has_version 'media-libs/gst-plugins-good:1.0' || \ |
238 |
+ ! has_version 'media-plugins/gst-plugins-vpx:1.0'; then |
239 |
+ ewarn "To make use of GNOME Shell's built-in screen recording utility," |
240 |
+ ewarn "you need to either install media-libs/gst-plugins-good:1.0" |
241 |
+ ewarn "and media-plugins/gst-plugins-vpx:1.0, or use dconf-editor to change" |
242 |
+ ewarn "apps.gnome-shell.recorder/pipeline to what you want to use." |
243 |
+ fi |
244 |
+ |
245 |
+ if ! has_version "media-libs/mesa[llvm]"; then |
246 |
+ elog "llvmpipe is used as fallback when no 3D acceleration" |
247 |
+ elog "is available. You will need to enable llvm USE for" |
248 |
+ elog "media-libs/mesa." |
249 |
+ fi |
250 |
+ |
251 |
+ # https://bugs.gentoo.org/show_bug.cgi?id=563084 |
252 |
+ if has_version "x11-drivers/nvidia-drivers[-kms]"; then |
253 |
+ ewarn "You will need to enable kms support in x11-drivers/nvidia-drivers," |
254 |
+ ewarn "otherwise Gnome will fail to start" |
255 |
+ fi |
256 |
+ |
257 |
+ if ! systemd_is_booted; then |
258 |
+ ewarn "${PN} needs Systemd to be *running* for working" |
259 |
+ ewarn "properly. Please follow this guide to migrate:" |
260 |
+ ewarn "https://wiki.gentoo.org/wiki/Systemd" |
261 |
+ fi |
262 |
+ |
263 |
+ if use openrc-force; then |
264 |
+ ewarn "You are enabling 'openrc-force' USE flag to skip systemd requirement," |
265 |
+ ewarn "this can lead to unexpected problems and is not supported neither by" |
266 |
+ ewarn "upstream neither by Gnome Gentoo maintainers. If you suffer any problem," |
267 |
+ ewarn "you will need to disable this USE flag system wide and retest before" |
268 |
+ ewarn "opening any bug report." |
269 |
+ fi |
270 |
+} |