rpms/gnome-screensaver/F-8 gnome-screensaver-2.20-clear-clipboard.patch, NONE, 1.1 gnome-screensaver.spec, 1.173, 1.174

[Ray Strode (rstrode)]

Author: rstrode

Update of /cvs/pkgs/rpms/gnome-screensaver/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21790

Modified Files:
	gnome-screensaver.spec 
Added Files:
	gnome-screensaver-2.20-clear-clipboard.patch 
Log Message:
- Address CVE-2007-6389 (bug 426170)


gnome-screensaver-2.20-clear-clipboard.patch:

--- NEW FILE gnome-screensaver-2.20-clear-clipboard.patch ---
--- gnome-screensaver-2.20/src/gs-lock-plug.c  (revision 1336)
+++ gnome-screensaver-2.20/src/gs-lock-plug.c  (revision 1337)
@@ -1563,6 +1563,19 @@ delete_handler (GSLockPlug  *plug,
         return TRUE; /* Do not destroy */
 }
 
+static void
+clear_clipboards (GSLockPlug *plug)
+{
+        GtkClipboard *clipboard;
+
+        clipboard = gtk_widget_get_clipboard (GTK_WIDGET (plug), GDK_SELECTION_PRIMARY);
+        gtk_clipboard_clear (clipboard);
+        gtk_clipboard_set_text (clipboard, "", -1);
+        clipboard = gtk_widget_get_clipboard (GTK_WIDGET (plug), GDK_SELECTION_CLIPBOARD);
+        gtk_clipboard_clear (clipboard);
+        gtk_clipboard_set_text (clipboard, "", -1);
+}
+
 #define INVISIBLE_CHAR_DEFAULT       '*'
 #define INVISIBLE_CHAR_BLACK_CIRCLE  0x25cf
 #define INVISIBLE_CHAR_WHITE_BULLET  0x25e6
@@ -1578,6 +1591,8 @@ gs_lock_plug_init (GSLockPlug *plug)
 
         plug->priv = GS_LOCK_PLUG_GET_PRIVATE (plug);
 
+        clear_clipboards (plug);
+
 #ifdef WITH_LIBNOTIFY
         plug->priv->leave_note_enabled = TRUE;
 #else




Index: gnome-screensaver.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gnome-screensaver/F-8/gnome-screensaver.spec,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -r1.173 -r1.174
--- gnome-screensaver.spec	12 Nov 2007 21:28:16 -0000	1.173
+++ gnome-screensaver.spec	28 Mar 2008 14:23:23 -0000	1.174
@@ -13,7 +13,7 @@
 Summary: GNOME Screensaver
 Name: gnome-screensaver
 Version: 2.20.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group: Amusements/Graphics
 Source0: http://download.gnome.org/sources/gnome-screensaver/2.20/%{name}-%{version}.tar.bz2
@@ -27,6 +27,7 @@
 Patch6: gnome-screensaver-2.20.0-restore-gamma.patch
 Patch7: gnome-screensaver-2.20.0-blank-by-default.patch
 Patch8: gnome-screensaver-2.20.0-selinux-permit.patch
+Patch9: gnome-screensaver-2.20-clear-clipboard.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
 URL: http://www.gnome.org
@@ -83,6 +84,7 @@
 %patch6 -p1 -b .restore-gamma
 %patch7 -p1 -b .blank-by-default
 %patch8 -p1 -b .selinux-permit
+%patch9 -p1 -b .clear-clipboard
 
 %build
 # grr, autoreconf seems to break with intltool 0.36.0, unless
@@ -148,6 +150,9 @@
 %{_sysconfdir}/pam.d/*
 
 %changelog
+* Fri Mar 28 2008 Ray Strode <rstrode at redhat.com> - 2.20.0-11
+- Address CVE-2007-6389 (bug 426170)
+
 * Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> - 2.20.0-10
 - Add pam_selinux_permit to pam config so that xguest will work properly