diff -Nru language-selector-0.6.6/dbus_backend/ls-dbus-backend language-selector-0.6.9~ja1/dbus_backend/ls-dbus-backend
--- language-selector-0.6.6/dbus_backend/ls-dbus-backend 2010-10-05 10:14:09.000000000 +0000
+++ language-selector-0.6.9~ja1/dbus_backend/ls-dbus-backend 2011-04-19 16:39:27.000000000 +0000
@@ -9,6 +9,7 @@
import logging
import os
import os.path
+import re
import shutil
import string
import subprocess
@@ -28,6 +29,7 @@
bus=bus)
dbus.service.Object.__init__(self, bus_name, '/')
self._datadir = "/usr/share/language-selector/"
+ self._re_locale = re.compile(r'^[\w.@:-]+$')
def _authWithPolicyKit(self, sender, connection, priv):
logging.debug("_authWithPolicyKit")
@@ -63,7 +65,11 @@
sysLanguage - the default system LANGUAGE (e.g. de)
"""
logging.debug("SetSystemDefaultLanguage")
- self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage")
+ if not self._re_locale.search(sysLanguage):
+ logging.error('SetSystemDefaultLanguage: Invalid locale "%s", rejecting', sysLanguage)
+ return False
+ if not self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage"):
+ return False
conffiles = ["/etc/default/locale", "/etc/environment"]
findString = "LANGUAGE="
setString = "LANGUAGE=\"%s\"\n" % sysLanguage
@@ -88,7 +94,11 @@
sysLang: the default LANG (de_DE.UTF-8)
"""
logging.debug("SetSystemDefaultLangEnv")
- self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage")
+ if not self._re_locale.search(sysLang):
+ logging.error('SetSystemDefaultLangEnv: Invalid locale "%s", rejecting', sysLang)
+ return False
+ if not self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage"):
+ return False
conffiles = ["/etc/default/locale", "/etc/environment"]
macr = LanguageSelector.macros.LangpackMacros(self._datadir, sysLang)
findString = "LANG="
diff -Nru language-selector-0.6.6/dbus_backend/lsd.py language-selector-0.6.9~ja1/dbus_backend/lsd.py
--- language-selector-0.6.6/dbus_backend/lsd.py 2010-10-05 10:14:09.000000000 +0000
+++ language-selector-0.6.9~ja1/dbus_backend/lsd.py 2011-04-19 16:39:27.000000000 +0000
@@ -9,6 +9,7 @@
import logging
import os
import os.path
+import re
import shutil
import string
import subprocess
@@ -28,6 +29,7 @@
bus=bus)
dbus.service.Object.__init__(self, bus_name, '/')
self._datadir = "/usr/share/language-selector/"
+ self._re_locale = re.compile(r'^[\w.@:-]+$')
def _authWithPolicyKit(self, sender, connection, priv):
logging.debug("_authWithPolicyKit")
@@ -63,7 +65,11 @@
sysLanguage - the default system LANGUAGE (e.g. de)
"""
logging.debug("SetSystemDefaultLanguage")
- self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage")
+ if not self._re_locale.search(sysLanguage):
+ logging.error('SetSystemDefaultLanguage: Invalid locale "%s", rejecting', sysLanguage)
+ return False
+ if not self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage"):
+ return False
conffiles = ["/etc/default/locale", "/etc/environment"]
findString = "LANGUAGE="
setString = "LANGUAGE=\"%s\"\n" % sysLanguage
@@ -88,7 +94,11 @@
sysLang: the default LANG (de_DE.UTF-8)
"""
logging.debug("SetSystemDefaultLangEnv")
- self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage")
+ if not self._re_locale.search(sysLang):
+ logging.error('SetSystemDefaultLangEnv: Invalid locale "%s", rejecting', sysLang)
+ return False
+ if not self._authWithPolicyKit(sender, connection, "com.ubuntu.languageselector.setsystemdefaultlanguage"):
+ return False
conffiles = ["/etc/default/locale", "/etc/environment"]
macr = LanguageSelector.macros.LangpackMacros(self._datadir, sysLang)
findString = "LANG="
diff -Nru language-selector-0.6.6/debian/changelog language-selector-0.6.9~ja1/debian/changelog
--- language-selector-0.6.6/debian/changelog 2010-10-05 10:26:19.000000000 +0000
+++ language-selector-0.6.9~ja1/debian/changelog 2011-04-20 11:10:09.000000000 +0000
@@ -1,3 +1,40 @@
+language-selector (0.6.9~ja1) maverick; urgency=low
+
+ * fontconfig/69-language-selector-ja-jp.conf:
+ - remove ja
+ - remove DejaVu fonts.
+ - add bindings for Ubuntu fonts.
+
+ -- Jun Kobayashi Wed, 20 Apr 2011 20:09:14 +0900
+
+language-selector (0.6.8) maverick-security; urgency=low
+
+ * debian/language-selector-common.postinst: allow missing backend.
+
+ -- Kees Cook Tue, 19 Apr 2011 13:08:16 -0700
+
+language-selector (0.6.7) maverick-security; urgency=low
+
+ [ Kees Cook ]
+ * SECURITY UPDATE: language selector backend did not verify policy kit
+ authentication.
+ - debian/language-selector-common.postinst: shut down old backend.
+ - CVE-2011-0729
+
+ [ Martin Pitt ]
+ * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
+ and only proceed if it succeeded. Thanks to Romain Perier for finding this
+ and providing the patch! This fixes a local root privilege escalation, as
+ this allows any authenticated user to write arbitrary shell commands into
+ /etc/default/locale. (LP: #764397)
+ * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
+ in it, to further prevent injecting shell code into /etc/default/locale
+ for authenticated users. Thanks to Felix Geyer for the initial patch!
+ (LP: #764397)
+ * debian/control: Update Vcs-Bzr: for newly created maverick branch.
+
+ -- Kees Cook Tue, 19 Apr 2011 10:31:37 -0700
+
language-selector (0.6.6) maverick; urgency=low
* debian/rules: Disable pkgbinarymangler, to keep translations in the
diff -Nru language-selector-0.6.6/debian/control language-selector-0.6.9~ja1/debian/control
--- language-selector-0.6.6/debian/control 2010-10-05 10:14:09.000000000 +0000
+++ language-selector-0.6.9~ja1/debian/control 2011-04-19 16:39:27.000000000 +0000
@@ -6,7 +6,7 @@
intltool-debian, python-central (>= 0.5.6), pyqt4-dev-tools
XS-Python-Version: current
Standards-Version: 3.8.3
-Vcs-Bzr: http://bazaar.launchpad.net/%7Eubuntu-core-dev/language-selector/ubuntu/
+Vcs-Bzr: http://bazaar.launchpad.net/%7Eubuntu-core-dev/language-selector/maverick/
Package: language-selector
Architecture: all
diff -Nru language-selector-0.6.6/debian/language-selector-common.postinst language-selector-0.6.9~ja1/debian/language-selector-common.postinst
--- language-selector-0.6.6/debian/language-selector-common.postinst 2010-10-05 10:14:09.000000000 +0000
+++ language-selector-0.6.9~ja1/debian/language-selector-common.postinst 2011-04-19 20:09:02.000000000 +0000
@@ -21,6 +21,8 @@
case "$1" in
configure)
+ # shut down any old language-selector dbus backends
+ kill $(pgrep -U root '^ls-dbus-backend$') 2>/dev/null || true
fontconfig-voodoo --auto --quiet || true
;;
diff -Nru language-selector-0.6.6/fontconfig/69-language-selector-ja-jp.conf language-selector-0.6.9~ja1/fontconfig/69-language-selector-ja-jp.conf
--- language-selector-0.6.6/fontconfig/69-language-selector-ja-jp.conf 2010-10-05 10:14:09.000000000 +0000
+++ language-selector-0.6.9~ja1/fontconfig/69-language-selector-ja-jp.conf 2011-04-20 11:07:28.000000000 +0000
@@ -3,14 +3,27 @@
-
- ja
+
+ Ubuntu
+
+ Ubuntu
+ Takao Pゴシック
+ IPA Pゴシック
+ IPA モナー Pゴシック
+ UmePlus P Gothic
+ 梅Pゴシック
+ VL Pゴシック
+ さざなみゴシック
+ 東風ゴシック
+
+
+
+
serif
- DejaVu Serif
Takao P明朝
IPA P明朝
IPA モナー P明朝
@@ -21,14 +34,10 @@
-
- ja
-
sans-serif
- DejaVu Sans
Takao Pゴシック
IPA Pゴシック
IPA モナー Pゴシック
@@ -41,9 +50,6 @@
-
- ja
-
monospace
@@ -91,49 +97,92 @@
+ Takaoゴシック
+ Takao Pゴシック
+ TakaoExゴシック
+ Takao明朝
+ Takao P明朝
+ TakaoEx明朝
+ IPAゴシック
IPA Pゴシック
+ IPAexゴシック
+ IPA明朝
IPA P明朝
+ IPAex明朝
+ IPA モナー ゴシック
IPA モナー Pゴシック
- IPA モナー P明朝
IPA モナー UIゴシック
- IPA モナー ゴシック
IPA モナー 明朝
- IPAexゴシック
- IPAex明朝
- IPAゴシック
- IPA明朝
- Takao Pゴシック
- Takao P明朝
- TakaoExゴシック
- TakaoEx明朝
- Takaoゴシック
- Takao明朝
- UmePlus Gothic
- UmePlus P Gothic
- VL Pゴシック
- VL ゴシック
- さざなみゴシック
- さざなみ明朝
- 東風ゴシック
- 東風明朝
+ IPA モナー P明朝
+ 梅ゴシック
+ 梅ゴシックC4
+ 梅ゴシックC5
+ 梅ゴシックO5
+ 梅ゴシックS4
+ 梅ゴシックS5
梅Pゴシック
梅PゴシックC4
梅PゴシックC5
梅PゴシックO5
梅PゴシックS4
梅PゴシックS5
+ 梅明朝
+ 梅明朝S3
梅P明朝
梅P明朝S3
梅UIゴシック
梅UIゴシックO5
- 梅ゴシック
- 梅ゴシックC4
- 梅ゴシックC5
- 梅ゴシックO5
- 梅ゴシックS4
- 梅ゴシックS5
- 梅明朝
- 梅明朝S3
+ UmePlus Gothic
+ UmePlus P Gothic
+ VL ゴシック
+ VL Pゴシック
+ さざなみゴシック
+ さざなみ明朝
+ 東風ゴシック
+ 東風明朝
+ TakaoGothic
+ TakaoPGothic
+ TakaoExGothic
+ TakaoMincho
+ TakaoPMincho
+ TakaoExMincho
+ IPAGothic
+ IPAPGothic
+ IPAexGothic
+ IPAMincho
+ IPAPMincho
+ IPAexMincho
+ IPAMonaGothic
+ IPAMonaPGothic
+ IPAMonaUIGothic
+ IPAMonaMincho
+ IPAMonaPMincho
+ Ume Gothic
+ Ume Gothic C4
+ Ume Gothic C5
+ Ume Gothic O5
+ Ume Gothic S4
+ Ume Gothic S5
+ Ume P Gothic
+ Ume P Gothic C4
+ Ume P Gothic C5
+ Ume P Gothic O5
+ Ume P Gothic S4
+ Ume P Gothic S5
+ Ume Mincho
+ Ume Mincho S3
+ Ume P Mincho
+ Ume P Mincho S3
+ Ume UI Gothic
+ Ume UI Gothic O5
+ Ume Gothic
+ Ume P Gothic
+ VL Gothic
+ VL PGothic
+ Sazanami Gothic
+ Sazanami Mincho
+ Kochi Gothic
+ Kochi Mincho
18