1 files changed, 55 insertions, 0 deletions

diff --git a/debian/patches/util-Log-variables-excluded-from-environment-upload.patch b/debian/patches/util-Log-variables-excluded-from-environment-upload.patch
new file mode 100644
index 0000000..dc3a323
--- /dev/null
+++ b/debian/patches/util-Log-variables-excluded-from-environment-upload.patch
@@ -0,0 +1,55 @@
+From: Benjamin Berg <bberg@redhat.com>
+Date: Mon, 19 Oct 2020 16:34:33 +0200
+Subject: util: Log variables excluded from environment upload
+
+See: #71
+
+Origin: upstream, 40, commit:a24600d75e2da1e379411d1c5fdf8759b00b6320
+---
+ gnome-session/gsm-util.c | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
+index 9d05fd7..bcad0eb 100644
+--- a/gnome-session/gsm-util.c
++++ b/gnome-session/gsm-util.c
+@@ -568,17 +568,14 @@ gsm_util_export_activation_environment (GError     **error)
+                 if (g_strv_contains (variable_blacklist, entry_name))
+                     continue;
+ 
+-                if (!g_utf8_validate (entry_name, -1, NULL))
+-                    continue;
+-
+-                if (!g_regex_match (name_regex, entry_name, 0, NULL))
+-                    continue;
+-
+-                if (!g_utf8_validate (entry_value, -1, NULL))
+-                    continue;
++                if (!g_utf8_validate (entry_name, -1, NULL) ||
++                    !g_regex_match (name_regex, entry_name, 0, NULL) ||
++                    !g_utf8_validate (entry_value, -1, NULL) ||
++                    !g_regex_match (value_regex, entry_value, 0, NULL)) {
+ 
+-                if (!g_regex_match (value_regex, entry_value, 0, NULL))
++                    g_message ("Environment variable is unsafe to export to dbus: %s", entry_name);
+                     continue;
++                }
+ 
+                 child_environment = g_environ_setenv (child_environment,
+                                                       entry_name, entry_value,
+@@ -655,11 +652,12 @@ gsm_util_export_user_environment (GError     **error)
+         for (i = 0; entries[i] != NULL; i++) {
+                 const char *entry = entries[i];
+ 
+-                if (!g_utf8_validate (entry, -1, NULL))
+-                    continue;
++                if (!g_utf8_validate (entry, -1, NULL) ||
++                    !g_regex_match (regex, entry, 0, NULL)) {
+ 
+-                if (!g_regex_match (regex, entry, 0, NULL))
++                    g_message ("Environment entry is unsafe to upload into user environment: %s", entry);
+                     continue;
++                }
+ 
+                 g_variant_builder_add (&builder, "s", entry);
+         }