Package: ibus / 1.5.19-4+deb10u1

Metadata

Package Version Patches format
ibus 1.5.19-4+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
remove popup | (download)

ui/gtk3/panel.vala | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 don't show the notification if not actually upgrading

from a previous version

Bug: http://code.google.com/p/ibus/issues/detail?id=1677
Bug-Ubuntu: https://bugs.launchpad.net/ibus/+bug/1255542
dconf Use dbus run session to set up dconf overrides.patch | (download)

configure.ac | 2 1 + 1 - 0 !
data/dconf/make-dconf-override-db.sh | 14 3 + 11 - 0 !
2 files changed, 4 insertions(+), 12 deletions(-)

 dconf: use dbus-run-session to set up dconf overrides

dbus-launch is not particularly well designed to be used to run
individual processes with a temporary D-Bus session bus. Since
dbus 1.8, the dbus-run-session utility provides a better way to do this.

Signed-off-by: Simon McVittie <smcv@debian.org>

dconf Create a temporary XDG_RUNTIME_DIR.patch | (download)

data/dconf/make-dconf-override-db.sh | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 dconf: create a temporary xdg_runtime_dir

Some chroot-based autobuilder environments, including Debian's sbuild,
have a tendency to inherit the XDG_RUNTIME_DIR variable from outside
the chroot but not create a corresponding directory inside the chroot.

If we do have a valid XDG_RUNTIME_DIR, we probably don't want to
touch it during the build anyway: it's better to use a temporary one
in all cases.

Signed-off-by: Simon McVittie <smcv@debian.org>

wayland.patch | (download)

client/wayland/Makefile.am | 46 24 + 22 - 0 !
client/wayland/input-method-client-protocol.h | 419 0 + 419 - 0 !
client/wayland/input-method-protocol.c | 115 0 + 115 - 0 !
client/wayland/input-method-unstable-v1-client-protocol.h | 752 752 + 0 - 0 !
client/wayland/input-method-unstable-v1-protocol.c | 114 114 + 0 - 0 !
client/wayland/main.c | 164 82 + 82 - 0 !
configure.ac | 1 1 + 0 - 0 !
m4/Makefile.am | 1 1 + 0 - 0 !
m4/wayland-scanner.m4 | 11 11 + 0 - 0 !
9 files changed, 985 insertions(+), 638 deletions(-)

 client/wayland: update wayland protocol to unstable

https://bugs.debian.org/905001
https://github.com/ibus/ibus/issues/2030

This patch is taken from a branch of the current ibus maintainer which
was created about a week before the 1.5.19 release.

This wasn't included to 1.5.19 which seems to aim at RHEL.  This is
reasonable since the upstream didn't test it.

As for Debian, my choice to the RC bug #905001 is either drop
ibus-wayland package or just apply this unverified patch and close the
bug.  Quite frankly, use of ibus-wayland is very complicated so no one
really uses it.  (See https://github.com/ibus/ibus/issues/2030 ).  So
risk is minimal and merit is having one rarely used experimental
feature package for buster.

If a RC bug happens again, all I need to do is drop ibus-wayland and drop
this patch.

CVE 2019 14822.patch | (download)

bus/server.c | 86 71 + 15 - 0 !
1 file changed, 71 insertions(+), 15 deletions(-)

 [patch] bus: implement gdbusauthobserver callback

ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS,
and doesn't set a GDBusAuthObserver, which allows anyone who can connect
to its AF_UNIX socket to authenticate and be authorized to send method calls.
It also seems to use an abstract AF_UNIX socket, which does not have
filesystem permissions, so the practical effect might be that a local
attacker can connect to another user's ibus service and make arbitrary
method calls.

BUGS=rhbz#1717958
[Salvatore Bonaccorso: Backport to 1.5.19
 - Adjust for context changes
 - Drop update to copyright statements
]