[SCM] plasma-workspace packaging branch, master, updated. debian/5.4.3-1-21-g04110f5

Mon Feb 22 19:45:03 UTC 2016

Gitweb-URL: http://git.debian.org/?p=pkg-kde/plasma/plasma-workspace.git;a=commitdiff;h=cb8a783

The following commit has been merged in the master branch:
commit cb8a783a0b4bd58a64dc1dd4c16dc4d2daa3a446
Author: Felix Geyer <fgeyer at debian.org>
Date:   Mon Feb 22 20:13:03 2016 +0100

    Fix CVE-2016-2312: KDE lockscreen bypass by switching display off and on.
    
    * Fix CVE-2016-2312: KDE lockscreen bypass by switching display off and on.
      (Closes: #814355)
      - Add debian/patches/CVE-2016-2312.diff, cherry-picked from upstream
        Plasma/5.4 branch.
---
 debian/changelog                  |  6 ++++++
 debian/patches/CVE-2016-2312.diff | 33 +++++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 40 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index d59b162..ef1d1c2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,12 @@ plasma-workspace (4:5.4.3-2) UNRELEASED; urgency=medium
   [ Dmitry Shachnev ]
   * Stop depending on qtdeclarative5-* transitional packages.
 
+  [ Felix Geyer ]
+  * Fix CVE-2016-2312: KDE lockscreen bypass by switching display off and on.
+    (Closes: #814355)
+    - Add debian/patches/CVE-2016-2312.diff, cherry-picked from upstream
+      Plasma/5.4 branch.
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Tue, 12 Jan 2016 16:57:56 +0300
 
 plasma-workspace (4:5.4.3-1) unstable; urgency=medium
diff --git a/debian/patches/CVE-2016-2312.diff b/debian/patches/CVE-2016-2312.diff
new file mode 100644
index 0000000..9891cb1
--- /dev/null
+++ b/debian/patches/CVE-2016-2312.diff
@@ -0,0 +1,33 @@
+From: Martin Gräßlin <mgraesslin at kde.org>
+Date: Tue, 09 Feb 2016 15:37:50 +0000
+Subject: [greeter] Dont quit when last window closes
+X-Git-Url: http://quickgit.kde.org/?p=plasma-workspace.git&a=commitdiff&h=23a9ed7ba9995570227dbcd69c23f009de7dde49
+---
+[greeter] Dont quit when last window closes
+
+Qt allows to have no screens. If all XRandR screens are disconnected
+there are also no QScreens. This is from an X11 perspective wrong, but
+we have to deal with it. No QScreens means that all views are destroyed
+and no new ones are created. Thus all windows close and the greeter
+exited successfully which in turn unlocked the screen.
+
+This change ensures that the greeter doesn't exit when all windows close.
+
+Funnily this was not a problem with the well known issue of Qt
+crashing when all screens are disconnected. The lock screen handles
+crashes gracefully and just restarts or more likely Qt also crashes
+the application using KSld and thus taking down the complete session.
+
+CCBUG: 358125
+---
+
+--- a/ksmserver/screenlocker/greeter/main.cpp
++++ b/ksmserver/screenlocker/greeter/main.cpp
+@@ -56,6 +56,7 @@
+     // explicitly disable input methods as it makes it impossible to unlock, see BUG 306932
+     qputenv("QT_IM_MODULE", QByteArrayLiteral("compose"));
+     ScreenLocker::UnlockApp app(argc, argv);
++    app.setQuitOnLastWindowClosed(false);
+     QCoreApplication::setApplicationName(QStringLiteral("kscreenlocker_greet"));
+     QCoreApplication::setApplicationVersion(QStringLiteral("0.1"));
+     QCoreApplication::setOrganizationDomain(QStringLiteral("kde.org"));
diff --git a/debian/patches/series b/debian/patches/series
index fed1404..9e55099 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 kubuntu_startkde-qtpath.diff
 install_missing_header
 disable_incompatible_tests
+CVE-2016-2312.diff

-- 
plasma-workspace packaging

