Hello community, here is the log from the commit of package accountsservice for openSUSE:Factory checked in at Sun Oct 2 09:46:55 CEST 2011.
-------- --- openSUSE:Factory/accountsservice/accountsservice.changes 2011-09-23 01:51:29.000000000 +0200 +++ /mounts/work_src_done/STABLE/accountsservice/accountsservice.changes 2011-09-29 10:54:13.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Sep 29 08:46:11 UTC 2011 - [email protected] + +- Add accountsservice-regular-file-for-icon.patch: only use regular + files when setting user icon. Part of bnc#676638. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- accountsservice-regular-file-for-icon.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ accountsservice.spec ++++++ --- /var/tmp/diff_new_pack.9XhBEn/_old 2011-10-02 09:46:51.000000000 +0200 +++ /var/tmp/diff_new_pack.9XhBEn/_new 2011-10-02 09:46:51.000000000 +0200 @@ -28,6 +28,8 @@ # WARNING: do not remove/significantly change patch0 without updating the relevant patch in gdm too # PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 [email protected] -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch) Patch0: accountsservice-sysconfig.patch +# PATCH-FIX-UPSTREAM accountsservice-regular-file-for-icon.patch fdo#41320 bnc#676638 [email protected] -- Check files are regular files before using them as user icons +Patch1: accountsservice-regular-file-for-icon.patch # needed for patch0 BuildRequires: gnome-common BuildRequires: gobject-introspection-devel @@ -75,6 +77,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build # needed for patch0 ++++++ accountsservice-regular-file-for-icon.patch ++++++ commit d7c5d29a1f5d1305f66a24209ddb0719fecf2160 Author: Vincent Untz <[email protected]> Date: Thu Sep 29 10:44:18 2011 +0200 daemon: Only accept regular files when setting icon We don't want to call cat on a FIFO, for instance. diff --git a/src/user.c b/src/user.c index 4587bbb..8f0bdd3 100644 --- a/src/user.c +++ b/src/user.c @@ -1370,6 +1370,7 @@ user_change_icon_file_authorized_cb (Daemon *daemon, GFile *file; GFileInfo *info; guint32 mode; + GFileType type; guint64 size; filename = g_strdup (data); @@ -1400,14 +1401,23 @@ user_change_icon_file_authorized_cb (Daemon *daemon, file = g_file_new_for_path (filename); info = g_file_query_info (file, G_FILE_ATTRIBUTE_UNIX_MODE "," + G_FILE_ATTRIBUTE_STANDARD_TYPE "," G_FILE_ATTRIBUTE_STANDARD_SIZE, 0, NULL, NULL); mode = g_file_info_get_attribute_uint32 (info, G_FILE_ATTRIBUTE_UNIX_MODE); + type = g_file_info_get_file_type (info); size = g_file_info_get_attribute_uint64 (info, G_FILE_ATTRIBUTE_STANDARD_SIZE); g_object_unref (info); g_object_unref (file); + if (type != G_FILE_TYPE_REGULAR) { + g_debug ("not a regular file\n"); + throw_error (context, ERROR_FAILED, "file '%s' is not a regular file", filename); + g_free (filename); + return; + } + if (size > 1048576) { g_debug ("file too large\n"); /* 1MB ought to be enough for everybody */ continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
