summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2021-03-12 05:36:54 -0500
committerMark H Weaver <mhw@netris.org>2021-03-12 06:08:33 -0500
commit825cc7e0d4bc7f052831f905a92945678441fb55 (patch)
tree991d16068436748a9d7931ac70d118d9f36e2329 /gnu
parentdb7c3410d58a5730c0a4a33e94fa1a2b832fe20a (diff)
downloadguix-825cc7e0d4bc7f052831f905a92945678441fb55.tar.gz
gnu: gnome-shell: Fix CVE-2020-17489.
* gnu/packages/patches/gnome-shell-CVE-2020-17489.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gnome-shell)[source]: Add patch.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnome.scm3
-rw-r--r--gnu/packages/patches/gnome-shell-CVE-2020-17489.patch46
3 files changed, 49 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index fd070d6791..46f76c16cc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1134,6 +1134,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gnash-fix-giflib-version.patch	        \
   %D%/packages/patches/gnome-shell-theme.patch			\
   %D%/packages/patches/gnome-shell-disable-test.patch		\
+  %D%/packages/patches/gnome-shell-CVE-2020-17489.patch		\
   %D%/packages/patches/gnome-settings-daemon-gc.patch		\
   %D%/packages/patches/gnome-todo-delete-esource-duplicate.patch \
   %D%/packages/patches/gnome-tweaks-search-paths.patch		\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f38401f726..d2881dbec6 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -8449,7 +8449,8 @@ properties, screen resolution, and other GNOME parameters.")
               (sha256
                (base32
                 "0l3mdn7g2c22mdhrqkxvvc1pk2w0v32f2v4a6n1phvaalwcg75nj"))
-              (patches (search-patches "gnome-shell-theme.patch"
+              (patches (search-patches "gnome-shell-CVE-2020-17489.patch"
+                                       "gnome-shell-theme.patch"
                                        "gnome-shell-disable-test.patch"))
               (modules '((guix build utils)))
               (snippet
diff --git a/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
new file mode 100644
index 0000000000..4b7748950e
--- /dev/null
+++ b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
@@ -0,0 +1,46 @@
+From 05b7aec747282f62212b605249d518280ff80059 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Mon, 27 Jul 2020 10:58:22 -0400
+Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in
+
+At the moment, if a user switches to the login screen vt,
+the login screen fades in whatever was on screen prior, and
+then does a reset.
+
+It makes more sense to reset first, so we fade in what the
+user is going to interact with instead of what they interacted
+with before.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
+---
+ js/gdm/loginDialog.js | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
+index c3f90dc58..6b35ebb16 100644
+--- a/js/gdm/loginDialog.js
++++ b/js/gdm/loginDialog.js
+@@ -920,16 +920,15 @@ var LoginDialog = GObject.registerClass({
+         if (this.opacity == 255 && this._authPrompt.verificationStatus == AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+             return;
+ 
++        if (this._authPrompt.verificationStatus !== AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
++            this._authPrompt.reset();
++
+         this._bindOpacity();
+         this.ease({
+             opacity: 255,
+             duration: _FADE_ANIMATION_TIME,
+             mode: Clutter.AnimationMode.EASE_OUT_QUAD,
+-            onComplete: () => {
+-                if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+-                    this._authPrompt.reset();
+-                this._unbindOpacity();
+-            }
++            onComplete: () => this._unbindOpacity(),
+         });
+     }
+ 
+-- 
+2.30.1
+