Overview

File gnome-shell-partial-screenlock-bypass-CVE-2019-3820.patch of Package gnome-shell.11201

From 8e8a4cac2c0d1de0f1651b45dab0c73bec4a36b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Wed, 23 Jan 2019 23:55:12 +0100
Subject: panel: Don't allow opening hidden menus via keybindings

We shouldn't allow toggling menus that aren't supported by the
current session mode, but as indicators are hidden rather than
destroyed on mode switches, it is not enough to check for an
indicator's existence.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/ui/panel.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/ui/panel.js b/js/ui/panel.js
index d7c8397..a1641e1 100644
--- a/js/ui/panel.js
+++ b/js/ui/panel.js
@@ -966,8 +966,8 @@ var Panel = new Lang.Class({
     },
 
     _toggleMenu: function(indicator) {
-        if (!indicator) // menu not supported by current session mode
-            return;
+        if (!indicator || !indicator.container.visible)
+            return; // menu not supported by current session mode
 
         let menu = indicator.menu;
         if (!indicator.actor.reactive)
-- 
2.16.4


From c10b84fcdc6db81bee6b8beefdc90147d9cf6c62 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 23 Jan 2019 15:59:42 -0500
Subject: shellActionModes: disable POPUP keybindings in unlock screen

Certain keybindings should continue to work even when a popup
menu is on screen. For instance, the keybinding for showing
the app menu and the keyinding for showing the calendar are
examples.

This is achieved by putting in place a special "POPUP" action
mode, whenever a popup menu is active.  This mode replaces
the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
for as long as the popup menu is active.

But those keybindings should not work when the user is at the
unlock dialog (which uses an action mode of "UNLOCK").

Unfortunately, since commit c79d24b6 they do.

This commit addresses the problem by forcing the action mode
to NONE at the unlock screen when popups are visible.

CVE-2019-3820

Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/gdm/authPrompt.js  | 3 ++-
 js/gdm/loginDialog.js | 3 ++-
 js/ui/shellEntry.js   | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
index a436431..c529a50 100644
--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
@@ -11,6 +11,7 @@ const Animation = imports.ui.animation;
 const Batch = imports.gdm.batch;
 const GdmUtil = imports.gdm.util;
 const Params = imports.misc.params;
+const Shell = imports.gi.Shell;
 const ShellEntry = imports.ui.shellEntry;
 const Tweener = imports.ui.tweener;
 const UserWidget = imports.ui.userWidget;
@@ -101,7 +102,7 @@ var AuthPrompt = new Lang.Class({
                          x_align: St.Align.START });
         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',
                                      can_focus: true });
-        ShellEntry.addContextMenu(this._entry, { isPassword: true });
+        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });
 
         this.actor.add(this._entry,
                        { expand: true,
diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
index b831291..b2b9207 100644
--- a/js/gdm/loginDialog.js
+++ b/js/gdm/loginDialog.js
@@ -332,7 +332,8 @@ var SessionMenuButton = new Lang.Class({
                                     this._button.remove_style_pseudo_class('active');
                            }));
 
-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });
+        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },
+                                                       { actionMode: Shell.ActionMode.NONE });
         this._manager.addMenu(this._menu);
 
         this._button.connect('clicked', Lang.bind(this, function() {
diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js
index 8bf84e4..bae4dd0 100644
--- a/js/ui/shellEntry.js
+++ b/js/ui/shellEntry.js
@@ -9,6 +9,7 @@ const BoxPointer = imports.ui.boxpointer;
 const Main = imports.ui.main;
 const Params = imports.misc.params;
 const PopupMenu = imports.ui.popupMenu;
+const Shell = imports.gi.Shell;
 
 var EntryMenu = new Lang.Class({
     Name: 'ShellEntryMenu',
@@ -151,11 +152,12 @@ function addContextMenu(entry, params) {
     if (entry.menu)
         return;
 
-    params = Params.parse (params, { isPassword: false });
+    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });
 
     entry.menu = new EntryMenu(entry);
     entry.menu.isPassword = params.isPassword;
-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });
+    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },
+                                                        { actionMode: params.actionMode });
     entry._menuManager.addMenu(entry.menu);
 
     // Add an event handler to both the entry and its clutter_text; the former
-- 
2.16.4
openSUSE Build Service is sponsored by
Places