diff --git a/SOURCES/0001-loginDialog-Reset-auth-prompt-on-vt-switch-before-fa.patch b/SOURCES/0001-loginDialog-Reset-auth-prompt-on-vt-switch-before-fa.patch new file mode 100644 index 0000000..85cdbbb --- /dev/null +++ b/SOURCES/0001-loginDialog-Reset-auth-prompt-on-vt-switch-before-fa.patch @@ -0,0 +1,49 @@ +From 6d26b6f9f66e14843f175305441a2464dd255fd1 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 27 Jul 2020 10:58:49 -0400 +Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in + +At the moment, if a user switches to the login screen vt, +the login screen fades in whatever was on screen prior, and +then does a reset. + +It makes more sense to reset first, so we fade in what the +user is going to interact with instead of what they interacted +with before. + +Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 +--- + js/gdm/loginDialog.js | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js +index 214c2f512..eb6846d5c 100644 +--- a/js/gdm/loginDialog.js ++++ b/js/gdm/loginDialog.js +@@ -923,6 +923,9 @@ var LoginDialog = GObject.registerClass({ + if (this.opacity == 255 && this._authPrompt.verificationStatus == AuthPrompt.AuthPromptStatus.NOT_VERIFYING) + return; + ++ if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING) ++ this._authPrompt.reset(); ++ + Tweener.addTween(this, + { opacity: 255, + time: _FADE_ANIMATION_TIME, +@@ -935,12 +938,7 @@ var LoginDialog = GObject.registerClass({ + children[i].opacity = this.opacity; + } + }, +- onUpdateScope: this, +- onComplete() { +- if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING) +- this._authPrompt.reset(); +- }, +- onCompleteScope: this }); ++ onUpdateScope: this }); + } + + _gotGreeterSessionProxy(proxy) { +-- +2.32.0 + diff --git a/SOURCES/0001-networkAgent-add-support-for-SAE-secrets.patch b/SOURCES/0001-networkAgent-add-support-for-SAE-secrets.patch new file mode 100644 index 0000000..dd05d56 --- /dev/null +++ b/SOURCES/0001-networkAgent-add-support-for-SAE-secrets.patch @@ -0,0 +1,29 @@ +From bd4a3186dc21f2c8d3e0f851cf262a34ddb6b625 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Fri, 4 Oct 2019 14:21:25 +0200 +Subject: [PATCH] networkAgent: add support for SAE secrets + +NetworkManager supports "WPA3 Personal" networks for some time now, they +use the SAE authentication. Add support for it alongside other +password-based mechanisms. + +https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/751 +--- + js/ui/components/networkAgent.js | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/js/ui/components/networkAgent.js b/js/ui/components/networkAgent.js +index 32d40fb2b..3ff957bf6 100644 +--- a/js/ui/components/networkAgent.js ++++ b/js/ui/components/networkAgent.js +@@ -216,6 +216,7 @@ var NetworkSecretDialog = class extends ModalDialog.ModalDialog { + // First the easy ones + case 'wpa-none': + case 'wpa-psk': ++ case 'sae': + secrets.push({ label: _("Password: "), key: 'psk', + value: wirelessSecuritySetting.psk || '', + validate: this._validateWpaPsk, password: true }); +-- +2.32.0 + diff --git a/SOURCES/fix-some-js-warnings.patch b/SOURCES/fix-some-js-warnings.patch index 18b12eb..3faa329 100644 --- a/SOURCES/fix-some-js-warnings.patch +++ b/SOURCES/fix-some-js-warnings.patch @@ -1,7 +1,7 @@ -From 43d6305bfbe079a3bf80a96d40a3a176c165ef7a Mon Sep 17 00:00:00 2001 +From 530964cc6e5db02633434853debd96069dc2b8d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 23 May 2019 06:12:56 +0200 -Subject: [PATCH 1/5] realmd: Set login format to null on start and update if +Subject: [PATCH 1/6] realmd: Set login format to null on start and update if invalid We were checking an undefined property but that would lead to a a warning. @@ -35,13 +35,13 @@ index 50f3c5899..04cd99787 100644 this._updateLoginFormat(); -- -2.21.1 +2.33.1 -From 80836cd1ea4ef5d69a35bdfd7931b0e2c202f5b3 Mon Sep 17 00:00:00 2001 +From 988e4b58d64fbf87f0c497315ff2506b269ff7c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Tue, 9 Jun 2020 19:42:21 +0200 -Subject: [PATCH 2/5] popupMenu: Guard against non-menu-item children +Subject: [PATCH 2/6] popupMenu: Guard against non-menu-item children This avoid a harmless but annoying warning. --- @@ -63,13 +63,13 @@ index 44818533a..b5115d7f7 100644 }); } -- -2.21.1 +2.33.1 -From f0af67381cf0fb9a9ab766fa6b3d3e6ff5707122 Mon Sep 17 00:00:00 2001 +From 609a8e22e67b63da1e35167d8511400f22641368 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Tue, 9 Jun 2020 19:48:06 +0200 -Subject: [PATCH 3/5] st/shadow: Check pipeline when painting +Subject: [PATCH 3/6] st/shadow: Check pipeline when painting We shouldn't simply assume that st_shadow_helper_update() has been called before paint() or that the pipeline was created successfully. @@ -98,13 +98,13 @@ index f3a22f034..7665de755 100644 + paint_opacity); } -- -2.21.1 +2.33.1 -From a500f3c59a485755b8361e8f4dd48f8df4af95ba Mon Sep 17 00:00:00 2001 +From b57d6efccbeb139d6c7c1894f83caa7a26fd6bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Tue, 5 Jan 2021 21:42:24 +0100 -Subject: [PATCH 4/5] viewSelector: Don't set page parent during construction +Subject: [PATCH 4/6] viewSelector: Don't set page parent during construction gjs now aggressively garbage-collects objects that fall out of scope, sometimes too aggressively: @@ -147,13 +147,13 @@ index 77146552d..6529ac9a5 100644 Main.ctrlAltTabManager.addGroup(params.a11yFocus, name, a11yIcon); else -- -2.21.1 +2.33.1 -From a53d1a74fed3aee896a6930130bd7e3a39a24255 Mon Sep 17 00:00:00 2001 +From 0c76c91c3d16c8386a242daf367d66057364a5d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Fri, 23 Oct 2020 23:44:48 +0200 -Subject: [PATCH 5/5] workspacesView: Don't set up MetaLater when unparented +Subject: [PATCH 5/6] workspacesView: Don't set up MetaLater when unparented We already do the check in the later handler, but if we got unparented because the actor is destroyed, then the call to @@ -178,5 +178,46 @@ index e302296a6..3270900b2 100644 let newParent = this.actor.get_parent(); if (!newParent) -- -2.21.1 +2.33.1 + + +From 4ba01f2fdada7e4b059a0f57a99dc3ff2ddfa8f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Florian=20M=C3=BCllner?= +Date: Fri, 26 Nov 2021 17:28:54 +0100 +Subject: [PATCH 6/6] workspacesView: Remove later on destroy + +We are careful not to schedule the later when the actor is destroyed, +however it is possible that one is still pending at that point (namely +if the actor was never shown). +--- + js/ui/workspacesView.js | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/js/ui/workspacesView.js b/js/ui/workspacesView.js +index 3270900b2..9dc05fca7 100644 +--- a/js/ui/workspacesView.js ++++ b/js/ui/workspacesView.js +@@ -449,6 +449,11 @@ var WorkspacesDisplay = class { + this.actor._delegate = this; + this.actor.connect('notify::allocation', this._updateWorkspacesActualGeometry.bind(this)); + this.actor.connect('parent-set', this._parentSet.bind(this)); ++ this.actor.connect('destroy', () => { ++ if (this._laterId) ++ Meta.later_remove(this._laterId); ++ this._laterId = 0; ++ }); + + let clickAction = new Clutter.ClickAction(); + clickAction.connect('clicked', action => { +@@ -718,7 +723,7 @@ var WorkspacesDisplay = class { + if (!this.actor.get_parent()) + return; + +- Meta.later_add(Meta.LaterType.BEFORE_REDRAW, () => { ++ this._laterId = Meta.later_add(Meta.LaterType.BEFORE_REDRAW, () => { + let newParent = this.actor.get_parent(); + if (!newParent) + return; +-- +2.33.1 diff --git a/SPECS/gnome-shell.spec b/SPECS/gnome-shell.spec index ce18ea8..762b958 100644 --- a/SPECS/gnome-shell.spec +++ b/SPECS/gnome-shell.spec @@ -1,6 +1,6 @@ Name: gnome-shell Version: 3.32.2 -Release: 40%{?dist} +Release: 44%{?dist} Summary: Window management and application launching for GNOME Group: User Interface/Desktops @@ -61,11 +61,12 @@ Patch51: introspect-backports.patch Patch52: 0001-popupMenu-Handle-keypress-if-numlock-is-enabled.patch Patch53: 0001-theme-Update-window-preview-style.patch Patch54: warn-less.patch +Patch55: 0001-networkAgent-add-support-for-SAE-secrets.patch # Backport JS invalid access warnings (#1651894, #1663171, #1642482, #1637622) -Patch55: fix-invalid-access-warnings.patch -Patch56: more-spurious-allocation-warnings.patch -Patch57: fix-some-js-warnings.patch +Patch57: fix-invalid-access-warnings.patch +Patch58: more-spurious-allocation-warnings.patch +Patch59: fix-some-js-warnings.patch # Backport performance fixes under load (#1820760) Patch60: 0001-environment-reduce-calls-to-g_time_zone_new_local.patch @@ -94,6 +95,9 @@ Patch20002: 0002-extensionSystem-Get-rid-of-_enabled-boolean-optimiza.patch Patch20003: 0003-extensionSystem-Allow-extensions-to-run-on-the-login.patch Patch20004: 0004-sessionMode-Allow-extensions-at-the-login-and-unlock.patch +# CVE-2020-17489 +Patch30001: 0001-loginDialog-Reset-auth-prompt-on-vt-switch-before-fa.patch + %define libcroco_version 0.6.8 %define eds_version 3.17.2 %define gnome_desktop_version 3.7.90 @@ -271,9 +275,21 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/evolution-calendar.de %{_mandir}/man1/%{name}.1.gz %changelog -* Tue Aug 31 2021 Ray Strode - 3.32.2-40 +* Fri Nov 26 2021 Florian Müllner - 3.32.2-44 +- Fix more JS warnings + Resolves: #2025940 + +* Thu Oct 21 2021 Florian Müllner - 3.32.2-43 +- Backport fix for CVE-2020-17489 + Resolves: #1874259 + +* Wed Oct 20 2021 Florian Müllner - 3.32.2-42 +- Backport WPA3 support + Resolves: #1924593 + +* Tue Aug 31 2021 Ray Strode - 3.32.2-41 - Add bugs introduced in backport for #1651378 - Related: #1999758 + Related: #2000918 - Tidy up patch list a bit * Wed Aug 25 2021 Ray Strode - 3.32.2-39