From URL: A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in! wow, those little hackers... I thought it was a unique incident, but they managed to do it a second time. So I'd consider this issue... reproducible... by kids Maintainer: Please confirm if we are affected and if so please produce a fixed version, there appears to be patches at URL.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7cf52b42ecfc82e17986f1c026a54be3c900f6 commit 2c7cf52b42ecfc82e17986f1c026a54be3c900f6 Author: Matthew S. Turnbull <sparky@bluefang-logic.com> AuthorDate: 2021-01-16 20:52:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-23 03:44:44 +0000 app-accessibility/caribou: Fix crash due to xserver CVE fix xorg-server 1.20.10 contains a fix for CVE-2020-25712. This causes a previous work-around in caribou to result in a BadLength error, when interacting with XKB, and crashes the hosting application. Fixes provided by Cinnamon upstream from Fedora RPM: https://src.fedoraproject.org/rpms/caribou/tree/master This also includes an upstreamed antler fix and bumps PYTHON_COMPAT for 3.9 support. Bug: https://bugs.gentoo.org/765661 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com> Closes: https://github.com/gentoo/gentoo/pull/19082 Signed-off-by: Sam James <sam@gentoo.org> app-accessibility/caribou/caribou-0.4.21-r2.ebuild | 103 +++++++++++++++++++++ .../files/caribou-fix-antler-style-css.patch | 26 ++++++ .../files/caribou-fix-compilation-error.patch | 25 +++++ .../caribou/files/caribou-fix-subkey-popmenu.patch | 32 +++++++ .../files/caribou-fix-xadapter-xkb-calls.patch | 46 +++++++++ 5 files changed, 232 insertions(+)
We'll give it a little bit of time (until later today) then kick it off for stabling?
Unable to check for sanity: > no match for package: gnome-extra/cinnamon-screensaver-0.4.21-r2
Let's go!
amd64 done
x86 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be71a794e927aa8dc8acf3cb4c163f883b0e504b commit be71a794e927aa8dc8acf3cb4c163f883b0e504b Author: Matthew S. Turnbull <sparky@bluefang-logic.com> AuthorDate: 2021-02-01 16:02:54 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-02-02 13:07:12 +0000 app-accessibility/caribou: Remove unpatched ebuild Bug: https://bugs.gentoo.org/765661 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com> Closes: https://github.com/gentoo/gentoo/pull/19287 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-accessibility/caribou/caribou-0.4.21-r1.ebuild | 95 ---------------------- 1 file changed, 95 deletions(-)
This regression is not a security bug, therefore closing as invalid.
(In reply to Thomas Deutschmann from comment #9) > This regression is not a security bug, therefore closing as invalid. Can you explain your reasoning please? It seems like this affects cinnamon-screensaver because it uses the accessibility tech from caribou?