aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2021-03-12 05:36:54 -0500
committerMark H Weaver <mhw@netris.org>2021-03-12 06:08:33 -0500
commit825cc7e0d4bc7f052831f905a92945678441fb55 (patch)
tree991d16068436748a9d7931ac70d118d9f36e2329 /gnu
parentdb7c3410d58a5730c0a4a33e94fa1a2b832fe20a (diff)
downloadguix-825cc7e0d4bc7f052831f905a92945678441fb55.tar
guix-825cc7e0d4bc7f052831f905a92945678441fb55.tar.gz
gnu: gnome-shell: Fix CVE-2020-17489.
* gnu/packages/patches/gnome-shell-CVE-2020-17489.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gnome-shell)[source]: Add patch.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnome.scm3
-rw-r--r--gnu/packages/patches/gnome-shell-CVE-2020-17489.patch46
3 files changed, 49 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index fd070d6791..46f76c16cc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1134,6 +1134,7 @@ dist_patch_DATA = \
%D%/packages/patches/gnash-fix-giflib-version.patch \
%D%/packages/patches/gnome-shell-theme.patch \
%D%/packages/patches/gnome-shell-disable-test.patch \
+ %D%/packages/patches/gnome-shell-CVE-2020-17489.patch \
%D%/packages/patches/gnome-settings-daemon-gc.patch \
%D%/packages/patches/gnome-todo-delete-esource-duplicate.patch \
%D%/packages/patches/gnome-tweaks-search-paths.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f38401f726..d2881dbec6 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -8449,7 +8449,8 @@ properties, screen resolution, and other GNOME parameters.")
(sha256
(base32
"0l3mdn7g2c22mdhrqkxvvc1pk2w0v32f2v4a6n1phvaalwcg75nj"))
- (patches (search-patches "gnome-shell-theme.patch"
+ (patches (search-patches "gnome-shell-CVE-2020-17489.patch"
+ "gnome-shell-theme.patch"
"gnome-shell-disable-test.patch"))
(modules '((guix build utils)))
(snippet
diff --git a/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
new file mode 100644
index 0000000000..4b7748950e
--- /dev/null
+++ b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch
@@ -0,0 +1,46 @@
+From 05b7aec747282f62212b605249d518280ff80059 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Mon, 27 Jul 2020 10:58:22 -0400
+Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in
+
+At the moment, if a user switches to the login screen vt,
+the login screen fades in whatever was on screen prior, and
+then does a reset.
+
+It makes more sense to reset first, so we fade in what the
+user is going to interact with instead of what they interacted
+with before.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
+---
+ js/gdm/loginDialog.js | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
+index c3f90dc58..6b35ebb16 100644
+--- a/js/gdm/loginDialog.js
++++ b/js/gdm/loginDialog.js
+@@ -920,16 +920,15 @@ var LoginDialog = GObject.registerClass({
+ if (this.opacity == 255 && this._authPrompt.verificationStatus == AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+ return;
+
++ if (this._authPrompt.verificationStatus !== AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
++ this._authPrompt.reset();
++
+ this._bindOpacity();
+ this.ease({
+ opacity: 255,
+ duration: _FADE_ANIMATION_TIME,
+ mode: Clutter.AnimationMode.EASE_OUT_QUAD,
+- onComplete: () => {
+- if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING)
+- this._authPrompt.reset();
+- this._unbindOpacity();
+- }
++ onComplete: () => this._unbindOpacity(),
+ });
+ }
+
+--
+2.30.1
+