[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#781392: marked as done (unblock (pre-approval): mate-desktop/1.8.1+dfsg1-3)



Your message dated Mon, 06 Apr 2015 20:24:19 +0200
with message-id <5522CF53.4000702@thykier.net>
and subject line Re: Bug#781392: unblock (pre-approval): mate-desktop/1.8.1+dfsg1-3
has caused the Debian Bug report #781392,
regarding unblock (pre-approval): mate-desktop/1.8.1+dfsg1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
781392: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781392
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please consider unblocking planned upload of package mate-desktop.

+  * debian/patches:
+    + Add 0001_fix-pkexec-calls-in-desktop-launcher.patch. In
+      mate-desktop-item.c: Add a child watch if "do not reap child" flag is set.
+      This avoids double forking with desktop files that have "exec pkexec ..."
+      inside. (Closes: #781246).

-> Applications launched via pkexec via a .desktop file in MATE double
fork, which let's the pkexec call fail in some situations.

light+love,
Mike

unblock mate-desktop/1.8.1+dfsg1-3

-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru mate-desktop-1.8.1+dfsg1/debian/changelog mate-desktop-1.8.1+dfsg1/debian/changelog
--- mate-desktop-1.8.1+dfsg1/debian/changelog	2014-10-25 23:38:01.000000000 +0200
+++ mate-desktop-1.8.1+dfsg1/debian/changelog	2015-03-28 14:54:56.000000000 +0100
@@ -1,3 +1,14 @@
+mate-desktop (1.8.1+dfsg1-3) unstable; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
+    + Add 0001_fix-pkexec-calls-in-desktop-launcher.patch. In
+      mate-desktop-item.c: Add a child watch if "do not reap child" flag is set.
+      This avoids double forking with desktop files that have "exec pkexec ..."
+      inside. (Closes: #781246).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 28 Mar 2015 14:53:31 +0100
+
 mate-desktop (1.8.1+dfsg1-2) unstable; urgency=medium
 
   [ Vangelis Mouhtsis ]
diff -Nru mate-desktop-1.8.1+dfsg1/debian/patches/0001_fix-pkexec-calls-in-desktop-launcher.patch mate-desktop-1.8.1+dfsg1/debian/patches/0001_fix-pkexec-calls-in-desktop-launcher.patch
--- mate-desktop-1.8.1+dfsg1/debian/patches/0001_fix-pkexec-calls-in-desktop-launcher.patch	1970-01-01 01:00:00.000000000 +0100
+++ mate-desktop-1.8.1+dfsg1/debian/patches/0001_fix-pkexec-calls-in-desktop-launcher.patch	2015-03-28 14:41:53.000000000 +0100
@@ -0,0 +1,64 @@
+From 1a779ce4a20e578e6e73789dbc75876838f2e012 Mon Sep 17 00:00:00 2001
+From: Monsta <monsta@inbox.ru>
+Date: Wed, 25 Mar 2015 15:21:34 +0300
+Subject: [PATCH] mate-desktop-item: add a child watch if "do not reap child"
+ flag set
+
+similar to https://git.gnome.org/browse/gnome-panel/commit/?id=76acc5b
+
+avoids double forking with desktop files that have "exec pkexec ..."
+inside.
+---
+ libmate-desktop/mate-desktop-item.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/libmate-desktop/mate-desktop-item.c b/libmate-desktop/mate-desktop-item.c
+index eb004d9..c0ee1da 100644
+--- a/libmate-desktop/mate-desktop-item.c
++++ b/libmate-desktop/mate-desktop-item.c
+@@ -1721,6 +1721,17 @@ make_environment_for_screen (GdkScreen  *screen,
+ 	return retval;
+ }
+ 
++static void
++dummy_child_watch (GPid         pid,
++		   gint         status,
++		   gpointer user_data)
++{
++	/* Nothing, this is just to ensure we don't double fork
++	 * and break pkexec:
++	 * https://bugzilla.gnome.org/show_bug.cgi?id=675789
++	 */
++}
++
+ static int
+ ditem_execute (const MateDesktopItem *item,
+ 	       const char *exec,
+@@ -1749,6 +1760,7 @@ ditem_execute (const MateDesktopItem *item,
+ 	char *new_exec, *uris, *temp;
+ 	char *exec_locale;
+ 	int launched = 0;
++	GPid pid;
+ #ifdef HAVE_STARTUP_NOTIFICATION
+ 	GdkDisplay *gdkdisplay;
+ 	SnLauncherContext *sn_context;
+@@ -1957,14 +1969,17 @@ ditem_execute (const MateDesktopItem *item,
+ 				      (do_not_reap_child ? G_SPAWN_DO_NOT_REAP_CHILD : 0) | G_SPAWN_SEARCH_PATH /* flags */,
+ 				      NULL, /* child_setup_func */
+ 				      NULL, /* child_setup_func_data */
+-				      &ret /* child_pid */,
++				      (do_not_reap_child ? &pid : NULL) /* child_pid */,
+ 				      error)) {
+ 			/* The error was set for us,
+ 			 * we just can't launch this thingie */
+ 			ret = -1;
+ 			g_strfreev (real_argv);
+ 			break;
++		} else if (do_not_reap_child) {
++			g_child_watch_add (pid, dummy_child_watch, NULL);
+ 		}
++
+ 		launched ++;
+ 
+ 		g_strfreev (real_argv);
+
diff -Nru mate-desktop-1.8.1+dfsg1/debian/patches/series mate-desktop-1.8.1+dfsg1/debian/patches/series
--- mate-desktop-1.8.1+dfsg1/debian/patches/series	2014-05-21 09:35:05.000000000 +0200
+++ mate-desktop-1.8.1+dfsg1/debian/patches/series	2015-03-28 14:41:53.000000000 +0100
@@ -1 +1,2 @@
+0001_fix-pkexec-calls-in-desktop-launcher.patch
 2001_omit-gfdl-licensed-user-guide.patch

--- End Message ---
--- Begin Message ---
On 2015-04-06 11:57, Mike Gabriel wrote:
> Control: tags -1 - moreinfo
> 
> ----- Original message -----
>> [...]
>> Approved, provided it is uploaded in time to reach testing before the
>> quiet period (i.e. it is in testing before the 18th of April).
> 
> Uploaded and accepted in unstable.
> 
> Mike
> 

Unblocked, thanks.

~Niels

--- End Message ---

Reply to: