This bug was fixed in the package accountsservice - 0.6.21-6ubuntu1 --------------- accountsservice (0.6.21-6ubuntu1) quantal; urgency=low * Reviewed work in progress for the new version, fixed some issues in the GDbus port work. * Resync on Debian, remaining diffs: * debian/patches/0001-formats-locale-property.patch: - readded bit of the patch that seems to not be in the debian version * debian/patches/0002-create-and-manage-groups-like-on-a-ubuntu-system.patch: - updated to gdbus * debian/patches/0007-add-lightdm-support.patch: - used Ubuntu version, they are slightly different * debian/patches/0008-nopasswdlogin-group.patch: - used Ubuntu version, they are slightly different * debian/patches/0009-language-tools.patch: - used Ubuntu version, they are slightly different * debian/patches/0010-set-language.patch: - used Ubuntu version, they are slightly different * debian/patches/0011-add-background-file-support.patch: - updated for the gdbus codebase * debian/patches/0012-add-keyboard-layout-support.patch: - updated for the gdbus codebase * debian/patches/0013-add-has-message-support.patch: - updated for the gdbus codebase [ Robert Ancell ] * New upstream release (lp: #1003764): - include fix for users not listed on some architectures (lp: #952909) * debian/control: - Drop depends on libdbus-glib-1-dev * debian/watch: - Fix download file format * debian/patches/git-icon-reset.patch: - Applied upstream * Updated patch for the new version, especially porting them to gdbus accountsservice (0.6.21-6) unstable; urgency=high * CVE-2012-2737: Add patch to prevent race condition with UID lookup (Closes: #679429): - src/u{ser,til}.c: Use bus daemon to query peer credentials. accountsservice (0.6.21-5) unstable; urgency=medium * Add patch grabbed from upstream git to fix memory leaks in src/libaccountsservice/act-user.c. Set urgency to medium since the package has already migrated to testing. accountsservice (0.6.21-4) unstable; urgency=low * Manage pending consolekit calls with GtkCancellable to fix SIGSEGV in libaccountsservice. (Closes: #673185) accountsservice (0.6.21-3) unstable; urgency=low * Strip SystemdService out of org.freedesktop.Accounts.service service file. (Closes: #675925) accountsservice (0.6.21-2) unstable; urgency=low * Disable systemd support: - Let accountsservice build on non-Linux (Closes: #674433) - Attempt to solve #673185 accountsservice (0.6.21-1) unstable; urgency=low * New upstream release. * Refresh patches. * Add libaccountsservice-dbg package. accountsservice (0.6.18-3) unstable; urgency=low * Revert upstream commit 552a0c856a6e3a7c2e6450ab80e79f4204062281 and then fix a regression introduced since 0.6.16: - Filter out users which have UIDs lower than UID_MIN specified in etc/login.defs instead of checking if they have /usr/sbin/nologin as login shell. (Closes: #673095) Thanks to Michael Biebl for the report. accountsservice (0.6.18-2) unstable; urgency=low * Upload to unstable. accountsservice (0.6.18-1) experimental; urgency=low * Upload to experimental due to the big amount of changes. * Imported Upstream version 0.6.18: - Fix systemd configure check - Add a few more common system accounts to the blacklist - Fix some issues in systemd session handling * Imported Upstream version 0.6.17: - Fix user filtering which was broken in 0.6.16. - Fix double free in user code. * Imported Upstream version 0.6.16: - Don't filter out users below UID_MIN in login.defs - Filter out users with invalid shells - build fixes for srcdir != builddir - Port to GDBus - Add systemd support - vala support and introspection fixes - ppc32 fixes - use infinite timeout for ListCachedUsers calls - Translation updates * Migrate 0007-add-lightdm-support.patch to GDBus: - More testing would be appreciated. * Remove 2001-icon_reset.patch, applied upstream. * Remove 3001-show_more_than_one_user_powerpc.patch, applied upstream. * Remove obsolete patches: - 0003-getpwnam_null_crash.patch - 0004-history-filter-sessions.patch * Refresh systemd's build-deps. * Drop {,build-}dependency on libdbus-glib-1-dev. * Refresh symbols. * Refresh debian/copyright. * Update debian/watch. * Bump Standards. accountsservice (0.6.15-4) unstable; urgency=low * src/user.c: Be more careful when resetting the users icons - When the current icon is in /usr/share, and we reset the icon, we try to delete a nonexisting icon file in /var/lib/AccountsService/icons. Deal with this eventuality. * fix compute_object_path on powerpc (Closes: #635168) - long isn't necessarily 64bit. On big endian architectures, where it's smaller than 64bit, the compute_object_path function will get computed incorrectly; thanks to Ray Strode and Michel Dänzer. * Apply 2001-icon_reset.patch,3001-show_more_than_one_user_powerpc.patch on Ubuntu too. * Integrate Ubuntu patches and apply them in debian/patches/ubuntu.series (for Ubuntu only): - 0001-formats-locale-property.patch - 0002-create-and-manage-groups-like-on-a-ubuntu-system.patch - 0005-gdm_config_file_path_ubuntu.patch - 0008-nopasswdlogin-group.patch - 0009-language-tools.patch - 0010-set-language.patch - 0011-add-background-file-support.patch - 0012-add-keyboard-layout-support.patch - 0013-add-has-message-support.patch accountsservice (0.6.15-3) unstable; urgency=low * Move GIR package into the new section "introspection". * debian/patches/0011-add-background-file-support.patch - Add support for a BackgroundFile property, similar to IconFile. Apply on Ubuntu only. (LP: #844081) * Fix file permissions bypass (LP: #904395), applies on Ubuntu only: - debian/patches/0010-set-language.patch: Drop privileges before letting help scripts in /usr/share/language-tools write to $HOME. - debian/patches/0009-language-tools.patch: Drop chown() call in /usr/share/language-tools/save-to-profile. CVE-2011-4406 * Refresh patches. -- Sebastien Bacher