fix: audit MEDIUM fixes — timeout guard, POSIX locale, button gate, wallpaper allowlist (v0.8.4) · 0789e8fc27 - moonset

fix: audit MEDIUM fixes — timeout guard, POSIX locale, button gate, wallpaper allowlist (v0.8.4)

- power: RAII DoneGuard sets done=true on every wait() exit path, so the
  timeout thread no longer sleeps its full 30 s holding a spawn_blocking
  slot when child.wait() errors. A separate timed_out AtomicBool marks
  our own SIGKILL so we do not misclassify an external OOM-kill. Memory
  ordering on the flags is now Release/Acquire.
- i18n: detect_locale now reads LC_ALL, LC_MESSAGES, LANG in POSIX
  priority order before falling back to /etc/locale.conf, so systems
  installed in English with LC_ALL=de_DE.UTF-8 pick up the correct UI.
- panel: execute_action desensitizes button_box on entry and re-enables
  it on error paths, so double-click or keyboard repeat cannot fire the
  same power action twice.
- config: accept_wallpaper helper applies an extension allowlist (jpg,
  jpeg, png, webp) plus symlink rejection and a 10 MB size cap, applied
  to both the user-configured path and the Moonarch ecosystem fallback.
  Bounds worst-case decode latency and narrows the gdk-pixbuf parser
  attack surface.

This commit is contained in:

nevaforget

2026-04-24 13:49:48 +02:00

parent 13b5ac1704

commit 0789e8fc27

7 changed files with 97 additions and 28 deletions

									
										Cargo.toml
									
		+1
		-1
	
												View File
												
				@@ -1,6 +1,6 @@

				[package]

				name = "moonset"

				version = "0.8.3"

				version = "0.8.4"

				edition = "2024"

				description = "Wayland session power menu with GTK4 and Layer Shell"

				license = "MIT"