fix: audit MEDIUM fixes — timeout guard, POSIX locale, button gate, wallpaper allowlist (v0.8.4)
nevaforget
released this
2026-04-24 13:49:48 +02:00
| 1 commits to main since this release
- power: RAII DoneGuard sets done=true on every wait() exit path, so the
timeout thread no longer sleeps its full 30 s holding a spawn_blocking
slot when child.wait() errors. A separate timed_out AtomicBool marks
our own SIGKILL so we do not misclassify an external OOM-kill. Memory
ordering on the flags is now Release/Acquire.
- i18n: detect_locale now reads LC_ALL, LC_MESSAGES, LANG in POSIX
priority order before falling back to /etc/locale.conf, so systems
installed in English with LC_ALL=de_DE.UTF-8 pick up the correct UI.
- panel: execute_action desensitizes button_box on entry and re-enables
it on error paths, so double-click or keyboard repeat cannot fire the
same power action twice.
- config: accept_wallpaper helper applies an extension allowlist (jpg,
jpeg, png, webp) plus symlink rejection and a 10 MB size cap, applied
to both the user-configured path and the Moonarch ecosystem fallback.
Bounds worst-case decode latency and narrows the gdk-pixbuf parser
attack surface.
Downloads