ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-12 06:06:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: gdm: Fix CVE-2018-14424.

Browse source 
* gnu/packages/patches/gdm-CVE-2018-14424.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gdm): Use it.
This commit is contained in:
Leo Famulari 2018-08-14 14:50:46 -04:00
parent e09dbdeb78
commit feccc81013
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 174 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -714,6 +714,7 @@ dist_patch_DATA = \
%D%/packages/patches/gd-CVE-2018-5711.patch \ %D%/packages/patches/gd-CVE-2018-5711.patch \
%D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \
%D%/packages/patches/gd-freetype-test-failure.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \
%D%/packages/patches/gdm-CVE-2018-14424.patch \
%D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/gemma-intel-compat.patch \
%D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \

1
gnu/packages/gnome.scm
View file

@ -5305,6 +5305,7 @@ (define-public gdm
(uri (string-append "mirror://gnome/sources/" name "/" (uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/" (version-major+minor version) "/"
name "-" version ".tar.xz")) name "-" version ".tar.xz"))
(patches (search-patches "gdm-CVE-2018-14424.patch"))
(sha256 (sha256
(base32 (base32
"0mxdal6hh345xk2xqmw5192jgpprkbcv1d4bwmnl4arcc00cpp8p")))) "0mxdal6hh345xk2xqmw5192jgpprkbcv1d4bwmnl4arcc00cpp8p"))))

172
gnu/packages/patches/gdm-CVE-2018-14424.patch Normal file
View file

@ -0,0 +1,172 @@
Fix CVE-2018-14424:
https://gitlab.gnome.org/GNOME/gdm/issues/401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424
Patch copied from upstream source repository:
https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da
From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Thu, 19 Jul 2018 18:26:05 +0100
Subject: [PATCH] display-store: Pass the display object rather than the id in
the removed signal
By the time GdmDisplayStore emits the "display-removed" signal, the display
is no longer in the store and gdm_display_store_lookup will not work in
signal handlers.
Change the "display-removed" parameter from the display id to the GdmDisplay
object, so that signal handers can perform any cleanup they need to do
CVE-2018-14424
Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401
---
daemon/gdm-display-store.c | 11 +++--------
daemon/gdm-display-store.h | 2 +-
daemon/gdm-local-display-factory.c | 13 +++----------
daemon/gdm-manager.c | 19 +++++++++----------
daemon/gdm-manager.h | 3 ++-
5 files changed, 18 insertions(+), 30 deletions(-)
diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c
index af76f519..fd24334e 100644
--- a/daemon/gdm-display-store.c
+++ b/daemon/gdm-display-store.c
@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
static void
stored_display_free (StoredDisplay *stored_display)
{
- char *id;
-
- gdm_display_get_id (stored_display->display, &id, NULL);
-
g_signal_emit (G_OBJECT (stored_display->store),
signals[DISPLAY_REMOVED],
0,
- id);
- g_free (id);
+ stored_display->display);
g_debug ("GdmDisplayStore: Unreffing display: %p",
stored_display->display);
@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
NULL,
NULL,
- g_cclosure_marshal_VOID__STRING,
+ g_cclosure_marshal_VOID__OBJECT,
G_TYPE_NONE,
- 1, G_TYPE_STRING);
+ 1, G_TYPE_OBJECT);
g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
}
diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h
index 28359933..0aff8ee2 100644
--- a/daemon/gdm-display-store.h
+++ b/daemon/gdm-display-store.h
@@ -49,7 +49,7 @@ typedef struct
void (* display_added) (GdmDisplayStore *display_store,
const char *id);
void (* display_removed) (GdmDisplayStore *display_store,
- const char *id);
+ GdmDisplay *display);
} GdmDisplayStoreClass;
typedef enum
diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
index 5f1ae89e..39f3e30a 100644
--- a/daemon/gdm-local-display-factory.c
+++ b/daemon/gdm-local-display-factory.c
@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store,
static void
on_display_removed (GdmDisplayStore *display_store,
- const char *id,
+ GdmDisplay *display,
GdmLocalDisplayFactory *factory)
{
- GdmDisplay *display;
-
- display = gdm_display_store_lookup (display_store, id);
-
- if (display != NULL) {
- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
-
- }
+ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
+ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
}
static gboolean
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index f17bd1a5..f6684a8b 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display,
static void
on_display_removed (GdmDisplayStore *display_store,
- const char *id,
+ GdmDisplay *display,
GdmManager *manager)
{
- GdmDisplay *display;
+ char *id;
- display = gdm_display_store_lookup (display_store, id);
- if (display != NULL) {
- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
+ gdm_display_get_id (display, &id, NULL);
+ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
+ g_free (id);
- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
+ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
- }
+ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
}
static void
@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
G_STRUCT_OFFSET (GdmManagerClass, display_removed),
NULL,
NULL,
- g_cclosure_marshal_VOID__STRING,
+ g_cclosure_marshal_VOID__OBJECT,
G_TYPE_NONE,
- 1, G_TYPE_STRING);
+ 1, G_TYPE_OBJECT);
g_object_class_install_property (object_class,
PROP_XDMCP_ENABLED,
diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h
index 41c68a7a..c8fb3f22 100644
--- a/daemon/gdm-manager.h
+++ b/daemon/gdm-manager.h
@@ -24,6 +24,7 @@
#include <glib-object.h>
+#include "gdm-display.h"
#include "gdm-manager-glue.h"
G_BEGIN_DECLS
@@ -50,7 +51,7 @@ typedef struct
void (* display_added) (GdmManager *manager,
const char *id);
void (* display_removed) (GdmManager *manager,
- const char *id);
+ GdmDisplay *display);
} GdmManagerClass;
typedef enum
--
2.17.1