[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
05/05: gnu: gnome-shell: Fix CVE-2020-17489.
|
From: |
guix-commits |
|
Subject: |
05/05: gnu: gnome-shell: Fix CVE-2020-17489. |
|
Date: |
Fri, 12 Mar 2021 06:09:39 -0500 (EST) |
mhw pushed a commit to branch master
in repository guix.
commit 825cc7e0d4bc7f052831f905a92945678441fb55
Author: Mark H Weaver <mhw@netris.org>
AuthorDate: Fri Mar 12 05:36:54 2021 -0500
gnu: gnome-shell: Fix CVE-2020-17489.
* gnu/packages/patches/gnome-shell-CVE-2020-17489.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gnome-shell)[source]: Add patch.
---
gnu/local.mk | 1 +
gnu/packages/gnome.scm | 3 +-
.../patches/gnome-shell-CVE-2020-17489.patch | 46 ++++++++++++++++++++++
3 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index fd070d6..46f76c1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1134,6 +1134,7 @@ dist_patch_DATA =
\
%D%/packages/patches/gnash-fix-giflib-version.patch \
%D%/packages/patches/gnome-shell-theme.patch \
%D%/packages/patches/gnome-shell-disable-test.patch \
+ %D%/packages/patches/gnome-shell-CVE-2020-17489.patch \
%D%/packages/patches/gnome-settings-daemon-gc.patch \
%D%/packages/patches/gnome-todo-delete-esource-duplicate.patch \
%D%/packages/patches/gnome-tweaks-search-paths.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f38401f..d2881db 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -8449,7 +8449,8 @@ properties, screen resolution, and other GNOME
parameters.")
(sha256
(base32
"0l3mdn7g2c22mdhrqkxvvc1pk2w0v32f2v4a6n1phvaalwcg75nj"))
- (patches (search-patches "gnome-shell-theme.patch"
+ (patches (search-patches "gnome-shell-CVE-2020-17489.patch"
+ "gnome-shell-theme.patch"
"gnome-shell-disable-test.patch"))
(modules '((guix build utils)))
(snippet
diff --git a/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
new file mode 100644
index 0000000..4b77489
--- /dev/null
+++ b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
@@ -0,0 +1,46 @@
+From 05b7aec747282f62212b605249d518280ff80059 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Mon, 27 Jul 2020 10:58:22 -0400
+Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in
+
+At the moment, if a user switches to the login screen vt,
+the login screen fades in whatever was on screen prior, and
+then does a reset.
+
+It makes more sense to reset first, so we fade in what the
+user is going to interact with instead of what they interacted
+with before.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
+---
+ js/gdm/loginDialog.js | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
+index c3f90dc58..6b35ebb16 100644
+--- a/js/gdm/loginDialog.js
++++ b/js/gdm/loginDialog.js
+@@ -920,16 +920,15 @@ var LoginDialog = GObject.registerClass({
+ if (this.opacity == 255 && this._authPrompt.verificationStatus ==
AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+ return;
+
++ if (this._authPrompt.verificationStatus !==
AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
++ this._authPrompt.reset();
++
+ this._bindOpacity();
+ this.ease({
+ opacity: 255,
+ duration: _FADE_ANIMATION_TIME,
+ mode: Clutter.AnimationMode.EASE_OUT_QUAD,
+- onComplete: () => {
+- if (this._authPrompt.verificationStatus !=
AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+- this._authPrompt.reset();
+- this._unbindOpacity();
+- }
++ onComplete: () => this._unbindOpacity(),
+ });
+ }
+
+--
+2.30.1
+