diff options
author | Mark H Weaver <mhw@netris.org> | 2021-03-12 05:36:54 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2021-03-12 06:08:33 -0500 |
commit | 825cc7e0d4bc7f052831f905a92945678441fb55 (patch) | |
tree | 991d16068436748a9d7931ac70d118d9f36e2329 /gnu | |
parent | db7c3410d58a5730c0a4a33e94fa1a2b832fe20a (diff) | |
download | guix-825cc7e0d4bc7f052831f905a92945678441fb55.tar guix-825cc7e0d4bc7f052831f905a92945678441fb55.tar.gz |
gnu: gnome-shell: Fix CVE-2020-17489.
* gnu/packages/patches/gnome-shell-CVE-2020-17489.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gnome-shell)[source]: Add patch.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/gnome.scm | 3 | ||||
-rw-r--r-- | gnu/packages/patches/gnome-shell-CVE-2020-17489.patch | 46 |
3 files changed, 49 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index fd070d6791..46f76c16cc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1134,6 +1134,7 @@ dist_patch_DATA = \ %D%/packages/patches/gnash-fix-giflib-version.patch \ %D%/packages/patches/gnome-shell-theme.patch \ %D%/packages/patches/gnome-shell-disable-test.patch \ + %D%/packages/patches/gnome-shell-CVE-2020-17489.patch \ %D%/packages/patches/gnome-settings-daemon-gc.patch \ %D%/packages/patches/gnome-todo-delete-esource-duplicate.patch \ %D%/packages/patches/gnome-tweaks-search-paths.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index f38401f726..d2881dbec6 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -8449,7 +8449,8 @@ properties, screen resolution, and other GNOME parameters.") (sha256 (base32 "0l3mdn7g2c22mdhrqkxvvc1pk2w0v32f2v4a6n1phvaalwcg75nj")) - (patches (search-patches "gnome-shell-theme.patch" + (patches (search-patches "gnome-shell-CVE-2020-17489.patch" + "gnome-shell-theme.patch" "gnome-shell-disable-test.patch")) (modules '((guix build utils))) (snippet diff --git a/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch new file mode 100644 index 0000000000..4b7748950e --- /dev/null +++ b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch @@ -0,0 +1,46 @@ +From 05b7aec747282f62212b605249d518280ff80059 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Mon, 27 Jul 2020 10:58:22 -0400 +Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in + +At the moment, if a user switches to the login screen vt, +the login screen fades in whatever was on screen prior, and +then does a reset. + +It makes more sense to reset first, so we fade in what the +user is going to interact with instead of what they interacted +with before. + +Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 +--- + js/gdm/loginDialog.js | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js +index c3f90dc58..6b35ebb16 100644 +--- a/js/gdm/loginDialog.js ++++ b/js/gdm/loginDialog.js +@@ -920,16 +920,15 @@ var LoginDialog = GObject.registerClass({ + if (this.opacity == 255 && this._authPrompt.verificationStatus == AuthPrompt.AuthPromptStatus.NOT_VERIFYING) + return; + ++ if (this._authPrompt.verificationStatus !== AuthPrompt.AuthPromptStatus.NOT_VERIFYING) ++ this._authPrompt.reset(); ++ + this._bindOpacity(); + this.ease({ + opacity: 255, + duration: _FADE_ANIMATION_TIME, + mode: Clutter.AnimationMode.EASE_OUT_QUAD, +- onComplete: () => { +- if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING) +- this._authPrompt.reset(); +- this._unbindOpacity(); +- } ++ onComplete: () => this._unbindOpacity(), + }); + } + +-- +2.30.1 + |