Hello community,
here is the log from the commit of package gdm for openSUSE:11.4
checked in at Tue May 31 15:46:21 CEST 2011.
--------
--- old-versions/11.4/UPDATES/all/gdm/gdm.changes 2011-03-30 09:35:33.000000000 +0200
+++ 11.4/gdm/gdm.changes 2011-05-31 09:07:05.000000000 +0200
@@ -1,0 +2,10 @@
+Mon May 23 19:21:04 CEST 2011 - vuntz@opensuse.org
+
+- Add gdm-no-uri-handler.patch: gdm is supposed to override the
+ default URI handlers to /bin/true to avoid things like running
+ Firefox in the GDM session. However, this was done in gconf and
+ with the move to glib 2.28, the configuration moved outside of
+ gconf. The patch updates the overrides. Fix bnc#694858 and
+ CVE-2011-1709.
+
+-------------------------------------------------------------------
calling whatdependson for 11.4-i586
New:
----
gdm-no-uri-handler.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gdm.spec ++++++
--- /var/tmp/diff_new_pack.JdKNO9/_old 2011-05-31 15:44:53.000000000 +0200
+++ /var/tmp/diff_new_pack.JdKNO9/_new 2011-05-31 15:44:53.000000000 +0200
@@ -42,7 +42,7 @@
License: GPLv2+
Group: System/GUI/GNOME
Version: 2.32.0
-Release: 9.<RELEASE14>
+Release: 9.<RELEASE16>
Summary: The GNOME Display Manager
Source: %{name}-%{version}.tar.bz2
Source1: gdm.pamd
@@ -87,6 +87,8 @@
Patch37: gdm-autologin-once.patch
# PATCH-FIX-UPSTREAM gdm-look-at-runlevel.patch bnc540482 bgo599180 vuntz@opensuse.org -- Look at the current runlevel before managing the display again, so we don't do this when shutting down or rebooting
Patch40: gdm-look-at-runlevel.patch
+# PATCH-FIX-UPSTREAM gdm-no-uri-handler.patch CVE-2011-1709 bnc#694858 vuntz@opensuse.org -- Use /bin/true as URI handler to avoid security issues where a link could open firefox for the gdm user
+Patch41: gdm-no-uri-handler.patch
# PATCH-FIX-OPENSUSE gdm-selinux.patch -- Small changes to make it compile fine with SELinux
Patch60: gdm-selinux.patch
# PATCH-FIX-UPSTREAM gdm-CVE-2011-0727-bnc679786.patch CVE-2011-0727 bnc#679687 dimstar@opensuse.org -- Change to user before copying user files.
@@ -172,6 +174,7 @@
%patch35 -p0
%patch37 -p1
%patch40 -p1
+%patch41 -p1
%patch60
%patch61 -p1
#gnome-patch-translation-update
@@ -281,6 +284,11 @@
%attr(750,gdm,gdm) %dir %{_localstatedir}/lib/gdm/.gconf.mandatory
%attr(640,gdm,gdm) %{_localstatedir}/lib/gdm/.gconf.mandatory/%gconf-tree.xml
%attr(640,gdm,gdm) %{_localstatedir}/lib/gdm/.gconf.path
+%attr(750,gdm,gdm) %dir %{_localstatedir}/lib/gdm/.local
+%attr(750,gdm,gdm) %dir %{_localstatedir}/lib/gdm/.local/share
+%attr(750,gdm,gdm) %dir %{_localstatedir}/lib/gdm/.local/share/applications
+%attr(750,gdm,gdm) %{_localstatedir}/lib/gdm/.local/share/applications/mimeapps.list
+%attr(750,gdm,gdm) %{_localstatedir}/lib/gdm/.local/share/applications/mime-dummy-handler.desktop
%dir %{_localstatedir}/cache/gdm
%config /etc/pam.d/*
%config %{_sysconfdir}/dbus-1/system.d/gdm.conf
++++++ gdm-no-uri-handler.patch ++++++
commit b9678dab44cfb0f1ab4904ee12ac5b3719599b83
Author: Vincent Untz