[mate-settings-daemon/f18] Fix CVE-2012-5560 and stop generating version specific libdirs

Sat Nov 24 01:04:46 UTC 2012

commit b2d3195c8a4b6f533eaf7a54b52f8d9fd65d307d
Author: Dan Mashal <dan.mashal at gmail.com>
Date:   Fri Nov 23 17:04:08 2012 -0800

    Fix CVE-2012-5560 and stop generating version specific libdirs

 commit_rollup.patch       |   98 +++++++++++++++++++++++++++++++++++++++++++++
 mate-settings-daemon.spec |   12 +++++-
 2 files changed, 108 insertions(+), 2 deletions(-)
---

diff --git a/commit_rollup.patch b/commit_rollup.patch
new file mode 100644
index 0000000..72bcb79
--- /dev/null
+++ b/commit_rollup.patch
@@ -0,0 +1,98 @@
+diff -uNrp a/configure.ac b/configure.ac
+--- a/configure.ac	2012-10-27 07:58:47.000000000 -0700
++++ b/configure.ac	2012-11-23 16:26:42.388325974 -0800
+@@ -394,7 +394,7 @@ fi
+ # Plugins
+ # ---------------------------------------------------------------------------
+ 
+-plugindir='$(libdir)/mate-settings-daemon-msd_api_version'
++plugindir='$(libdir)/mate-settings-daemon'
+ AC_SUBST([plugindir])
+ 
+ dnl ---------------------------------------------------------------------------
+diff -uNrp a/distro/archlinux/mate-settings-daemon.install b/distro/archlinux/mate-settings-daemon.install
+--- a/distro/archlinux/mate-settings-daemon.install	1969-12-31 16:00:00.000000000 -0800
++++ b/distro/archlinux/mate-settings-daemon.install	2012-11-23 16:26:42.389326115 -0800
+@@ -0,0 +1,22 @@
++pkgname=mate-settings-daemon
++
++post_install() {
++	usr/sbin/mateconfpkg --install ${pkgname}
++	gtk-update-icon-cache -q -t -f usr/share/icons/hicolor
++}
++
++pre_upgrade() {
++	pre_remove $1
++}
++
++post_upgrade() {
++	post_install $1
++}
++
++pre_remove() {
++	usr/sbin/mateconfpkg --uninstall ${pkgname}
++}
++
++post_remove() {
++	gtk-update-icon-cache -q -t -f usr/share/icons/hicolor
++}
+diff -uNrp a/distro/archlinux/PKGBUILD b/distro/archlinux/PKGBUILD
+--- a/distro/archlinux/PKGBUILD	1969-12-31 16:00:00.000000000 -0800
++++ b/distro/archlinux/PKGBUILD	2012-11-23 16:26:42.389326115 -0800
+@@ -0,0 +1,39 @@
++pkgname=mate-settings-daemon
++pkgver=1.1.1
++pkgrel=2
++pkgdesc="The MATE Settings daemon"
++arch=('i686' 'x86_64')
++license=('GPL')
++depends=('libmatekbd' 'mate-desktop' 'libmatenotify' 'gstreamer0.10-base' 'hicolor-icon-theme')
++makedepends=('intltool' 'pkgconfig')
++options=('!libtool')
++url="http://matsusoft.com.ar/projects/mate/"
++install=mate-settings-daemon.install
++groups=('mate')
++source=()
++sha256sums=()
++
++build() {
++    cd "$srcdir/../../../"
++    # Remove --disable-pulse if you want pulseaudio support
++    ./autogen.sh \
++        --prefix=/usr \
++        --sysconfdir=/etc \
++        --localstatedir=/var \
++        --libexecdir=/usr/lib/mate-settings-daemon \
++        --disable-static \
++        --disable-pulse \
++        --disable-schemas-install \
++        --enable-polkit || return 1
++    make || return 1
++}
++
++package() {
++    cd "${srcdir}/../../../"
++
++    make DESTDIR="${pkgdir}" MATECONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1 install || return 1
++
++    install -d -m755 "${pkgdir}/usr/share/mateconf/schemas"
++    mateconf-merge-schema "${pkgdir}/usr/share/mateconf/schemas/${pkgname}.schemas" --domain ${pkgname} ${pkgdir}/etc/mateconf/schemas/*.schemas || return 1
++    rm -f ${pkgdir}/etc/mateconf/schemas/*.schemas
++}
+diff -uNrp a/plugins/datetime/org.mate.SettingsDaemon.DateTimeMechanism.conf b/plugins/datetime/org.mate.SettingsDaemon.DateTimeMechanism.conf
+--- a/plugins/datetime/org.mate.SettingsDaemon.DateTimeMechanism.conf	2012-10-27 07:58:43.000000000 -0700
++++ b/plugins/datetime/org.mate.SettingsDaemon.DateTimeMechanism.conf	2012-11-23 16:28:12.241937824 -0800
+@@ -9,11 +9,13 @@
+   <policy user="root">
+     <allow own="org.mate.SettingsDaemon.DateTimeMechanism"/>
+     <allow send_destination="org.mate.SettingsDaemon.DateTimeMechanism"/>
++    <allow receive_sender="org.mate.SettingsDaemon.DateTimeMechanism"/>
+   </policy>
+ 
+   <!-- Allow anyone to invoke methods on the interfaces -->
+   <policy context="default">
+     <allow send_destination="org.mate.SettingsDaemon.DateTimeMechanism"/>
++    <allow receive_sender="org.mate.SettingsDaemon.DateTimeMechanism"/>
+   </policy>
+ 
+ </busconfig>
diff --git a/mate-settings-daemon.spec b/mate-settings-daemon.spec
index 0bb077a..b860ae7 100644
--- a/mate-settings-daemon.spec
+++ b/mate-settings-daemon.spec
@@ -1,6 +1,6 @@
 Name:           mate-settings-daemon
 Version:        1.5.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        MATE Desktop settings daemon
 License:        GPLv2+
 URL:            http://mate-desktop.org
@@ -24,6 +24,10 @@ BuildRequires:  pkgconfig(gsettings-desktop-schemas)
 Requires: gsettings-desktop-schemas
 Requires: mate-icon-theme
 
+#Fix CVE-2012-5560 and stop generating version specific libdirs
+#https://github.com/mate-desktop/mate-settings-daemon/pull/22
+Patch0: commit_rollup.patch
+
 %description
 MATE Desktop settings daemon
 
@@ -36,6 +40,7 @@ Development files for mate-settings-daemon
 
 %prep
 %setup -q
+%patch0 -p1 -b .commit_rollup.patch
 NOCONFIGURE=1 ./autogen.sh
 
 
@@ -77,7 +82,7 @@ fi
 %doc AUTHORS COPYING README
 %config %{_sysconfdir}/dbus-1/system.d/org.mate.SettingsDaemon.DateTimeMechanism.conf
 %config %{_sysconfdir}/xdg/autostart/mate-settings-daemon.desktop
-%{_libdir}/mate-settings-daemon-*/
+%{_libdir}/mate-settings-daemon
 %{_libexecdir}/mate-settings-daemon
 %{_libexecdir}/msd-datetime-mechanism
 %{_libexecdir}/msd-locate-pointer
@@ -94,6 +99,9 @@ fi
 
 
 %changelog
+* Fri Nov 23 2012 Dan Mashal <dan.mashal at fedoraproject.org> - 1.5.3-4
+- stop generating version specific libdirs for plugins and fix CVE-2012-5560
+
 * Thu Nov 22 2012 Dan Mashal <dan.mashal at fedoraproject.org> - 1.5.3-3
 - fix build failures
 
