From d90d7e22143949d59880981fe53adcfad27a5fd3 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Wed, 23 Jan 2019 23:55:12 +0100

Subject: [PATCH 1/2] panel: Don't allow opening hidden menus via keybindings

We shouldn't allow toggling menus that aren't supported by the

current session mode, but as indicators are hidden rather than

destroyed on mode switches, it is not enough to check for an

indicator's existence.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/851

---

 js/ui/panel.js | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/ui/panel.js b/js/ui/panel.js

index 2f593247d..02667f92f 100644

--- a/js/ui/panel.js

+++ b/js/ui/panel.js

@@ -985,8 +985,8 @@ var Panel = new Lang.Class({

     },

     _toggleMenu(indicator) {

-        if (!indicator) // menu not supported by current session mode

-            return;

+        if (!indicator || !indicator.container.visible)

+            return; // menu not supported by current session mode

         let menu = indicator.menu;

         if (!indicator.actor.reactive)

-- 

2.23.0

From 5083ad899c976f7221848500fc9d4bb393a66327 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Wed, 23 Jan 2019 15:59:42 -0500

Subject: [PATCH 2/2] shellActionModes: disable POPUP keybindings in unlock

 screen

Certain keybindings should continue to work even when a popup

menu is on screen. For instance, the keybinding for showing

the app menu and the keyinding for showing the calendar are

examples.

This is achieved by putting in place a special "POPUP" action

mode, whenever a popup menu is active.  This mode replaces

the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place

for as long as the popup menu is active.

But those keybindings should not work when the user is at the

unlock dialog (which uses an action mode of "UNLOCK").

Unfortunately, since commit c79d24b6 they do.

This commit addresses the problem by forcing the action mode

to NONE at the unlock screen when popups are visible.

CVE-2019-3820

Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851

---

 js/gdm/authPrompt.js  | 3 ++-

 js/gdm/loginDialog.js | 3 ++-

 js/ui/shellEntry.js   | 6 ++++--

 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js

index 27a55246a..15d3273fa 100644

--- a/js/gdm/authPrompt.js

+++ b/js/gdm/authPrompt.js

@@ -14,6 +14,7 @@ const Batch = imports.gdm.batch;

 const GdmUtil = imports.gdm.util;

 const Meta = imports.gi.Meta;

 const Params = imports.misc.params;

+const Shell = imports.gi.Shell;

 const ShellEntry = imports.ui.shellEntry;

 const Tweener = imports.ui.tweener;

 const UserWidget = imports.ui.userWidget;

@@ -110,7 +111,7 @@ var AuthPrompt = new Lang.Class({

                          x_align: St.Align.START });

         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',

                                      can_focus: true });

-        ShellEntry.addContextMenu(this._entry, { isPassword: true });

+        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });

         this.actor.add(this._entry,

                        { expand: true,

diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js

index 912c0e0ca..141ed9265 100644

--- a/js/gdm/loginDialog.js

+++ b/js/gdm/loginDialog.js

@@ -338,7 +338,8 @@ var SessionMenuButton = new Lang.Class({

                  this._button.remove_style_pseudo_class('active');

         });

-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });

+        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },

+                                                       { actionMode: Shell.ActionMode.NONE });

         this._manager.addMenu(this._menu);

         this._button.connect('clicked', () => { this._menu.toggle(); });

diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js

index 72e2fc33b..6d46a0997 100644

--- a/js/ui/shellEntry.js

+++ b/js/ui/shellEntry.js

@@ -10,6 +10,7 @@ const BoxPointer = imports.ui.boxpointer;

 const Main = imports.ui.main;

 const Params = imports.misc.params;

 const PopupMenu = imports.ui.popupMenu;

+const Shell = imports.gi.Shell;

 const LOCKDOWN_SCHEMA = 'org.gnome.desktop.lockdown';

 const DISABLE_SHOW_PASSWORD_KEY = 'disable-show-password';

@@ -171,11 +172,12 @@ function addContextMenu(entry, params) {

     if (entry.menu)

         return;

-    params = Params.parse (params, { isPassword: false });

+    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });

     entry.menu = new EntryMenu(entry);

     entry.menu.isPassword = params.isPassword;

-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });

+    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },

+                                                        { actionMode: params.actionMode });

     entry._menuManager.addMenu(entry.menu);

     // Add an event handler to both the entry and its clutter_text; the former

-- 

2.23.0