[cinnamon-screensaver] apply upstream fix for CVE-2014-1949 (bz 1064695)

leigh123linux leigh123linux at fedoraproject.org
Mon Aug 25 16:01:08 UTC 2014 

commit fbaecccaf88425ef5df9689a09ba9af1bb40033b
Author: leigh123linux <leigh123linux at googlemail.com>
Date:   Mon Aug 25 17:01:02 2014 +0100

    apply upstream fix for CVE-2014-1949 (bz 1064695)

 CVE-2014-1949.patch       |   30 +++++++++++++++++++++---------
 cinnamon-screensaver.spec |    5 ++++-
 2 files changed, 25 insertions(+), 10 deletions(-)
---
diff --git a/CVE-2014-1949.patch b/CVE-2014-1949.patch
index b270eeb..547d9d5 100644
--- a/CVE-2014-1949.patch
+++ b/CVE-2014-1949.patch
@@ -1,12 +1,24 @@
 --- a/src/gs-window-x11.c
 +++ b/src/gs-window-x11.c
-@@ -1755,6 +1755,9 @@ gs_window_real_key_press_event (GtkWidge
-                 gs_debug ("Ignoring brightness keys");
-                 return TRUE;
-         }
-+        if (event->hardware_keycode == 135) {
-+            return TRUE;
-+        }
- 
-         maybe_handle_activity (GS_WINDOW (widget));
+@@ -417,6 +417,12 @@ gs_window_real_realize (GtkWidget *widge
+                           widget);
+ }
+ 
++static gboolean
++gs_window_real_popup_menu (GtkWidget *widget)
++{
++ return FALSE;
++}
++
+ /* every so often we should raise the window in case
+    another window has somehow gotten on top */
+ static gboolean
+@@ -1981,6 +1987,7 @@ gs_window_class_init (GSWindowClass *kla
+         widget_class->get_preferred_height       = gs_window_real_get_preferred_height;
+         widget_class->grab_broken_event   = gs_window_real_grab_broken;
+         widget_class->visibility_notify_event = gs_window_real_visibility_notify_event;
++        widget_class->popup_menu          = gs_window_real_popup_menu;
+ 
+         g_type_class_add_private (klass, sizeof (GSWindowPrivate));
+ 
  
diff --git a/cinnamon-screensaver.spec b/cinnamon-screensaver.spec
index 226feac..fdf5617 100644
--- a/cinnamon-screensaver.spec
+++ b/cinnamon-screensaver.spec
@@ -7,7 +7,7 @@
 Summary: Cinnamon Screensaver
 Name:    cinnamon-screensaver
 Version: 2.2.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+ and LGPLv2+
 URL:     http://cinnamon.linuxmint.com
 
@@ -82,6 +82,9 @@ desktop-file-install                                     \
 %{_mandir}/man1/cinnamon-screensaver*.1.*
 
 %changelog
+* Mon Aug 25 2014 Leigh Scott <leigh123linux at googlemail.com> - 2.2.4-5
+- apply upstream fix for CVE-2014-1949 (bz 1064695)
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

More information about the scm-commits mailing list