File gnome-shell-partial-screenlock-bypass-CVE-2019-... of Package gnome-shell

Overview Repositories Revisions Requests Users Attributes Meta

File gnome-shell-partial-screenlock-bypass-CVE-2019-3820.patch of Package gnome-shell

From c3df8262c95b6b7f03c249d98a94c3144acd2bc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Wed, 23 Jan 2019 23:55:12 +0100
Subject: panel: Don't allow opening hidden menus via keybindings

We shouldn't allow toggling menus that aren't supported by the
current session mode, but as indicators are hidden rather than
destroyed on mode switches, it is not enough to check for an
indicator's existence.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/ui/panel.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/ui/panel.js b/js/ui/panel.js
index aad466d..236d380 100644
--- a/js/ui/panel.js
+++ b/js/ui/panel.js
@@ -931,8 +931,8 @@ const Panel = new Lang.Class({
     },
 
     _toggleMenu: function(indicator) {
-        if (!indicator) // menu not supported by current session mode
-            return;
+        if (!indicator || !indicator.container.visible)
+            return; // menu not supported by current session mode
 
         let menu = indicator.menu;
         if (!indicator.actor.reactive)
-- 
2.16.4

From 415e05905694cc0779bcf8df319dbc0947fd1b93 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 23 Jan 2019 15:59:42 -0500
Subject: shellActionModes: disable POPUP keybindings in unlock screen

Certain keybindings should continue to work even when a popup
menu is on screen. For instance, the keybinding for showing
the app menu and the keyinding for showing the calendar are
examples.

This is achieved by putting in place a special "POPUP" action
mode, whenever a popup menu is active.  This mode replaces
the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
for as long as the popup menu is active.

But those keybindings should not work when the user is at the
unlock dialog (which uses an action mode of "UNLOCK").

Unfortunately, since commit c79d24b6 they do.

This commit addresses the problem by forcing the action mode
to NONE at the unlock screen when popups are visible.

CVE-2019-3820

Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/gdm/authPrompt.js  | 3 ++-
 js/gdm/loginDialog.js | 3 ++-
 js/ui/shellEntry.js   | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
index 50c66fd..513704b 100644
--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
@@ -10,6 +10,7 @@ const Animation = imports.ui.animation;
 const Batch = imports.gdm.batch;
 const GdmUtil = imports.gdm.util;
 const Params = imports.misc.params;
+const Shell = imports.gi.Shell;
 const ShellEntry = imports.ui.shellEntry;
 const Tweener = imports.ui.tweener;
 const UserWidget = imports.ui.userWidget;
@@ -100,7 +101,7 @@ const AuthPrompt = new Lang.Class({
                          x_align: St.Align.START });
         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',
                                      can_focus: true });
-        ShellEntry.addContextMenu(this._entry, { isPassword: true });
+        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });
 
         this.actor.add(this._entry,
                        { expand: true,
diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
index 1da5b96..8f4f09a 100644
--- a/js/gdm/loginDialog.js
+++ b/js/gdm/loginDialog.js
@@ -309,7 +309,8 @@ const SessionMenuButton = new Lang.Class({
                                     this._button.remove_style_pseudo_class('active');
                            }));
 
-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });
+        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },
+                                                       { actionMode: Shell.ActionMode.NONE });
         this._manager.addMenu(this._menu);
 
         this._button.connect('clicked', Lang.bind(this, function() {
diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js
index a20d9a4..5044fd5 100644
--- a/js/ui/shellEntry.js
+++ b/js/ui/shellEntry.js
@@ -9,6 +9,7 @@ const BoxPointer = imports.ui.boxpointer;
 const Main = imports.ui.main;
 const Params = imports.misc.params;
 const PopupMenu = imports.ui.popupMenu;
+const Shell = imports.gi.Shell;
 
 const EntryMenu = new Lang.Class({
     Name: 'ShellEntryMenu',
@@ -151,11 +152,12 @@ function addContextMenu(entry, params) {
     if (entry.menu)
         return;
 
-    params = Params.parse (params, { isPassword: false });
+    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });
 
     entry.menu = new EntryMenu(entry);
     entry.menu.isPassword = params.isPassword;
-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });
+    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },
+                                                        { actionMode: params.actionMode });
     entry._menuManager.addMenu(entry.menu);
 
     // Add an event handler to both the entry and its clutter_text; the former
-- 
2.16.4

Places

File gnome-shell-partial-screenlock-bypass-CVE-2019-3820.patch of Package gnome-shell

Places