!35 fix CVE-2019-3820

From: @weijin-deng Reviewed-by: @dwl301 Signed-off-by: @dwl301
2021-09-28 07:17:01 +00:00 · 2021-09-28 07:17:01 +00:00 · 120c57f1c0
commit 120c57f1c0
parent 19bb89117f 544f698f9e
3 changed files with 131 additions and 2 deletions
--- a/CVE-2019-3820-1.patch
+++ b/CVE-2019-3820-1.patch
@ -0,0 +1,30 @@
+From 362444c782d205cba63987bc5996c475bf056597 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
+Date: Wed, 23 Jan 2019 23:55:12 +0100
+Subject: [PATCH] panel: Don't allow opening hidden menus via keybindings
+
+We shouldn't allow toggling menus that aren't supported by the
+current session mode, but as indicators are hidden rather than
+destroyed on mode switches, it is not enough to check for an
+indicator's existence.
+
+https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
+
+patch proved:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921490
+
+diff --git a/js/ui/panel.js b/js/ui/panel.js
+index 318ca52..414994f 100644
+--- a/js/ui/panel.js
+++ b/js/ui/panel.js
+@@ -996,8 +996,8 @@ var Panel = new Lang.Class({
+     },
+ 
+     _toggleMenu(indicator) {
+-        if (!indicator) // menu not supported by current session mode
+-            return;
+        if (!indicator || !indicator.container.visible)
+            return; // menu not supported by current session mode
+ 
+         let menu = indicator.menu;
+         if (!indicator.actor.reactive)
--- a/CVE-2019-3820-2.patch
+++ b/CVE-2019-3820-2.patch
@ -0,0 +1,91 @@
+From 74b372212f649984b79337c7118495be29cd4871 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Wed, 23 Jan 2019 15:59:42 -0500
+Subject: [PATCH] shellActionModes: disable POPUP keybindings in lock screen
+
+Certain keybindings should continue to work even when a popup
+menu is on screen. For instance, the keybinding for showing
+the app menu and the keyinding for showing the calendar are
+examples.
+
+This is achieved by putting in place a special "POPUP" action
+mode, whenever a popup menu is active.  This mode replaces
+the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
+for as long as the popup menu is active.
+
+But those keybindings should not work when the user is at the
+unlock dialog (which uses an action mode of "UNLOCK").
+
+Unfortunately, right now they do.
+
+This commit addresses the problem by using a compound action
+mode when a popup menu is open at the unlock dialog (the bitwise
+OR of POPUP and UNLOCK).
+
+Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
+
+patch proved:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921490
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index a6a0374..ac441b1 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -11,6 +11,7 @@ const Animation = imports.ui.animation;
+ const Batch = imports.gdm.batch;
+ const GdmUtil = imports.gdm.util;
+ const Params = imports.misc.params;
+const Shell = imports.gi.Shell;
+ const ShellEntry = imports.ui.shellEntry;
+ const Tweener = imports.ui.tweener;
+ const UserWidget = imports.ui.userWidget;
+@@ -99,7 +100,7 @@ var AuthPrompt = new Lang.Class({
+                          x_align: St.Align.START });
+         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',
+                                      can_focus: true });
+-        ShellEntry.addContextMenu(this._entry, { isPassword: true });
+        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });
+ 
+         this.actor.add(this._entry,
+                        { expand: true,
+diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
+index 2f89140..1bf8d6f 100644
+--- a/js/gdm/loginDialog.js
+++ b/js/gdm/loginDialog.js
+@@ -342,7 +342,8 @@ var SessionMenuButton = new Lang.Class({
+                  this._button.remove_style_pseudo_class('active');
+         });
+ 
+-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });
+        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },
+                                                       { actionMode: Shell.ActionMode.NONE });
+         this._manager.addMenu(this._menu);
+ 
+         this._button.connect('clicked', () => { this._menu.toggle(); });
+diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js
+index 9db5136..09bb9bb 100644
+--- a/js/ui/shellEntry.js
+++ b/js/ui/shellEntry.js
+@@ -9,6 +9,7 @@ const BoxPointer = imports.ui.boxpointer;
+ const Main = imports.ui.main;
+ const Params = imports.misc.params;
+ const PopupMenu = imports.ui.popupMenu;
+const Shell = imports.gi.Shell;
+ 
+ var EntryMenu = new Lang.Class({
+     Name: 'ShellEntryMenu',
+@@ -150,11 +151,12 @@ function addContextMenu(entry, params) {
+     if (entry.menu)
+         return;
+ 
+-    params = Params.parse (params, { isPassword: false });
+    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });
+ 
+     entry.menu = new EntryMenu(entry);
+     entry.menu.isPassword = params.isPassword;
+-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });
+    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },
+                                                        { actionMode: params.actionMode });
+     entry._menuManager.addMenu(entry.menu);
+ 
+     // Add an event handler to both the entry and its clutter_text; the former
--- a/gnome-shell.spec
+++ b/gnome-shell.spec
@ -1,6 +1,6 @@
 Name:           gnome-shell
 Version:        3.30.1
-Release:        8
+Release:        10
 Summary:        Core user interface functions for the GNOME 3 desktop
 Group:          User Interface/Desktops
 License:        GPLv2+
@ -15,6 +15,8 @@ Patch5: 0001-Include-the-libcroco-sources-directly-under-src-st-c.patch
 Patch6: CVE-2020-17489-pre1.patch
 Patch7: CVE-2020-17489-pre2.patch
 Patch8: CVE-2020-17489.patch
+Patch9: CVE-2019-3820-1.patch
+Patch10: CVE-2019-3820-2.patch

 BuildRequires:  meson git ibus-devel chrpath dbus-glib-devel desktop-file-utils
 BuildRequires:  evolution-data-server-devel gcr-devel gjs-devel glib2-devel
@ -28,7 +30,7 @@ Requires:       gnome-desktop3 gobject-introspection gjs gtk3 libnma librsvg2
 Requires:       json-glib mozilla-filesystem mutter upower polkit glib2
 Requires:       gsettings-desktop-schemas gstreamer1 at-spi2-atk
 Requires:       ibus accountsservice-libs gdm control-center python3
-Requires:       switcheroo-control geoclue2 libgweather bolt
+Requires:       switcheroo-control geoclue2 libgweather bolt xdg-utils

 Provides:       desktop-notification-daemon

@ -124,6 +126,12 @@ glib-compile-schemas --allow-any-name %{_datadir}/glib-2.0/schemas &> /dev/null
 %{_mandir}/man1/%{name}.1.gz

 %changelog
+* Tue Sep 28 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 3.30.1-10
+- fix CVE-2019-3820
+
+* Tue Jul 27 2021 caodongxia<caodongxia@huawei.com> - 3.30.1-9
+- add install require xdg-utils
+
 * Tue Mar 30 2021 wangyue<wangyue92@huawei.com> - 3.30.1-8
 - fix CVE-2020-17489