lp://staging/ubuntu/oneiric-security/lightdm

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

48. By Marc Deslauriers on 2012-03-12

* SECURITY UPDATE: Guest session arbitrary file deletion (LP: #953044)
  - debian/guest-account: Use find/xargs with 0 separators instead of
    spaces. Thanks to Martin Pitt for the fix.
  - Thanks to Ryan Lortie for reporting this issue.
  - CVE-2012-0943

47. By Marc Deslauriers on 2012-03-04

* SECURITY UPDATE: file descriptor leak to child processes (LP: #927060)
  - debian/patches/12_dont-leak-fds.patch: clean up file descriptors in
    src/*.c, add tests to tests/*.
  - CVE number pending

46. By Marc Deslauriers on 2011-11-15

* SECURITY UPDATE: file contents disclosure via hard link
  - debian/patches/04_CVE-2011-4105.patch: make sure file isn't a symlink
    or a hard link before doing the chown on it.
  - CVE-2011-4105
* SECURITY UPDATE: file contents disclosure via links (LP: #883865)
  - debian/patches/05_CVE-2011-3153.patch: drop privileges before
    accessing file.
  - CVE-2011-3153

45. By Sebastien Bacher on 2011-10-07

* debian/patches/08_correct_ck_ref.patch:
  - backported fix from Mikkel Kamstrup Erlandsen for a refcounting issue
    which leads to sessions where unity can't start (lp: #851345)

44. By Martin Pitt on 2011-10-07

Add debian/patches/00bzr_guest_session_wrapper.diff: Add back the guest
session wrapper part that was uploaded in 1.0.0-0ubuntu4. The patch was
correctly merged into trunk, but the 1.0 branch backport missed this
wrapper part and thus broke AppArmor protection entirely. (LP: #849027)

43. By Robert Ancell on 2011-10-06

* debian/patches/04_language_not_to_LANG.patch:
* debian/patches/04_dmrc_set_LANG_only.patch:
  - Replace LANG disabling code with proper fix (LP: #868149)
* debian/patches/03_launch_dbus.patch:
* debian/patches/05_gdmflexiserver_not_in_PATH.patch:
  - Refreshed
* debian/patches/06_accounts_service_timeout.patch:
  - Fix D-Bus timeout when accounts service not installed (LP: #866035)
* debian/patches/07_long_password_crash.patch:
  - Fix crash with long passwords (LP: #817186)

42. By Michael Terry on 2011-10-05

* debian/patches/05_gdmflexiserver_not_in_PATH.patch:
  - Make sure to insert our own utility path into PATH after PAM
    sets PATH, not before. This ensures gdmflexiserver is present
    in PATH and can be found by gnome-screensaver, gnome-shell, etc.

41. By Gunnar Hjalmarsson on 2011-10-05

debian/patches/04_language_not_to_LANG.patch:
Locale names based on AccountsService's "Language" key may not
go to $LANG, as that property is a language name, not a locale.
(LP: #864618).

40. By Robert Ancell on 2011-10-04

* New upstream release:
  - GTK greeter now remembers last user
  - GTK greeter now initializes i18n (LP: #862427)
  - Start authentication for automatically selected user in GTK greeter
  - Link liblightdm-qt against QtGui
  - Fix liblightdm-qt crashing when face images are installed (LP: #850095)
  - Set correct permissions on session log files (LP: #863119)
  - Prefer a locale with a codeset over one without for setting LANG
    (LP: #864618)
  - Introduce a lightdm-guest-session-wrapper session command which MAC
    systems like AppArmor and SELinux can use for attaching a restrictive
    policy to guest sessions.
  - Provide an AppArmor profile for guest session lockdown.
* debian/patches/01_guest_session_lockdown.patch:
  - Applied upstream

39. By Martin Pitt on 2011-09-30

* Add 01_guest_session_lockdown.patch: Lock down guest session with an
  AppArmor profile. This uses the very same approach as gdm-guest-session,
  and copies the profile from it. (LP: #849027)
* 03_launch_dbus.patch: Refresh.
* debian/lightdm.install: Install AppArmor profile.