From d90d7e22143949d59880981fe53adcfad27a5fd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Wed, 23 Jan 2019 23:55:12 +0100
Subject: [PATCH 1/2] panel: Don't allow opening hidden menus via keybindings

We shouldn't allow toggling menus that aren't supported by the
current session mode, but as indicators are hidden rather than
destroyed on mode switches, it is not enough to check for an
indicator's existence.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/ui/panel.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/ui/panel.js b/js/ui/panel.js
index 2f593247d..02667f92f 100644
--- a/js/ui/panel.js
+++ b/js/ui/panel.js
@@ -985,8 +985,8 @@ var Panel = new Lang.Class({
     },
 
     _toggleMenu(indicator) {
-        if (!indicator) // menu not supported by current session mode
-            return;
+        if (!indicator || !indicator.container.visible)
+            return; // menu not supported by current session mode
 
         let menu = indicator.menu;
         if (!indicator.actor.reactive)
-- 
2.23.0


From 5083ad899c976f7221848500fc9d4bb393a66327 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 23 Jan 2019 15:59:42 -0500
Subject: [PATCH 2/2] shellActionModes: disable POPUP keybindings in unlock
 screen

Certain keybindings should continue to work even when a popup
menu is on screen. For instance, the keybinding for showing
the app menu and the keyinding for showing the calendar are
examples.

This is achieved by putting in place a special "POPUP" action
mode, whenever a popup menu is active.  This mode replaces
the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
for as long as the popup menu is active.

But those keybindings should not work when the user is at the
unlock dialog (which uses an action mode of "UNLOCK").

Unfortunately, since commit c79d24b6 they do.

This commit addresses the problem by forcing the action mode
to NONE at the unlock screen when popups are visible.

CVE-2019-3820

Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
---
 js/gdm/authPrompt.js  | 3 ++-
 js/gdm/loginDialog.js | 3 ++-
 js/ui/shellEntry.js   | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
index 27a55246a..15d3273fa 100644
--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
@@ -14,6 +14,7 @@ const Batch = imports.gdm.batch;
 const GdmUtil = imports.gdm.util;
 const Meta = imports.gi.Meta;
 const Params = imports.misc.params;
+const Shell = imports.gi.Shell;
 const ShellEntry = imports.ui.shellEntry;
 const Tweener = imports.ui.tweener;
 const UserWidget = imports.ui.userWidget;
@@ -110,7 +111,7 @@ var AuthPrompt = new Lang.Class({
                          x_align: St.Align.START });
         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',
                                      can_focus: true });
-        ShellEntry.addContextMenu(this._entry, { isPassword: true });
+        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });
 
         this.actor.add(this._entry,
                        { expand: true,
diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
index 912c0e0ca..141ed9265 100644
--- a/js/gdm/loginDialog.js
+++ b/js/gdm/loginDialog.js
@@ -338,7 +338,8 @@ var SessionMenuButton = new Lang.Class({
                  this._button.remove_style_pseudo_class('active');
         });
 
-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });
+        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },
+                                                       { actionMode: Shell.ActionMode.NONE });
         this._manager.addMenu(this._menu);
 
         this._button.connect('clicked', () => { this._menu.toggle(); });
diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js
index 72e2fc33b..6d46a0997 100644
--- a/js/ui/shellEntry.js
+++ b/js/ui/shellEntry.js
@@ -10,6 +10,7 @@ const BoxPointer = imports.ui.boxpointer;
 const Main = imports.ui.main;
 const Params = imports.misc.params;
 const PopupMenu = imports.ui.popupMenu;
+const Shell = imports.gi.Shell;
 
 const LOCKDOWN_SCHEMA = 'org.gnome.desktop.lockdown';
 const DISABLE_SHOW_PASSWORD_KEY = 'disable-show-password';
@@ -171,11 +172,12 @@ function addContextMenu(entry, params) {
     if (entry.menu)
         return;
 
-    params = Params.parse (params, { isPassword: false });
+    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });
 
     entry.menu = new EntryMenu(entry);
     entry.menu.isPassword = params.isPassword;
-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });
+    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },
+                                                        { actionMode: params.actionMode });
     entry._menuManager.addMenu(entry.menu);
 
     // Add an event handler to both the entry and its clutter_text; the former
-- 
2.23.0