unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424.
@ 2018-08-14 20:24 Leo Famulari
  2018-08-14 20:31 ` Leo Famulari
  0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2018-08-14 20:24 UTC (permalink / raw)
  To: 32441

Please test this! I don't have a graphical GuixSD system to test it
with.

* gnu/packages/patches/gdm-CVE-2018-14424.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gdm): Use it.
---
 gnu/local.mk                                  |   1 +
 gnu/packages/gnome.scm                        |   1 +
 gnu/packages/patches/gdm-CVE-2018-14424.patch | 172 ++++++++++++++++++
 3 files changed, 174 insertions(+)
 create mode 100644 gnu/packages/patches/gdm-CVE-2018-14424.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 15e7beac6..f433da46e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -714,6 +714,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gd-CVE-2018-5711.patch			\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
+  %D%/packages/patches/gdm-CVE-2018-14424.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 4ef96ffa5..fe26bc35c 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5305,6 +5305,7 @@ libxml2.")
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
+              (patches (search-patches "gdm-CVE-2018-14424.patch"))
               (sha256
                (base32
                 "0mxdal6hh345xk2xqmw5192jgpprkbcv1d4bwmnl4arcc00cpp8p"))))
diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch
new file mode 100644
index 000000000..88a71f415
--- /dev/null
+++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch
@@ -0,0 +1,172 @@
+Fix CVE-2018-14424:
+
+https://gitlab.gnome.org/GNOME/gdm/issues/401
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424
+
+Patch copied from upstream source repository:
+
+https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da
+
+From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Thu, 19 Jul 2018 18:26:05 +0100
+Subject: [PATCH] display-store: Pass the display object rather than the id in
+ the removed signal
+
+By the time GdmDisplayStore emits the "display-removed" signal, the display
+is no longer in the store and gdm_display_store_lookup will not work in
+signal handlers.
+
+Change the "display-removed" parameter from the display id to the GdmDisplay
+object, so that signal handers can perform any cleanup they need to do
+
+CVE-2018-14424
+
+Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401
+---
+ daemon/gdm-display-store.c         | 11 +++--------
+ daemon/gdm-display-store.h         |  2 +-
+ daemon/gdm-local-display-factory.c | 13 +++----------
+ daemon/gdm-manager.c               | 19 +++++++++----------
+ daemon/gdm-manager.h               |  3 ++-
+ 5 files changed, 18 insertions(+), 30 deletions(-)
+
+diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c
+index af76f519..fd24334e 100644
+--- a/daemon/gdm-display-store.c
++++ b/daemon/gdm-display-store.c
+@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
+ static void
+ stored_display_free (StoredDisplay *stored_display)
+ {
+-        char *id;
+-
+-        gdm_display_get_id (stored_display->display, &id, NULL);
+-
+         g_signal_emit (G_OBJECT (stored_display->store),
+                        signals[DISPLAY_REMOVED],
+                        0,
+-                       id);
+-        g_free (id);
++                       stored_display->display);
+ 
+         g_debug ("GdmDisplayStore: Unreffing display: %p",
+                  stored_display->display);
+@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
+                               G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
+                               NULL,
+                               NULL,
+-                              g_cclosure_marshal_VOID__STRING,
++                              g_cclosure_marshal_VOID__OBJECT,
+                               G_TYPE_NONE,
+-                              1, G_TYPE_STRING);
++                              1, G_TYPE_OBJECT);
+ 
+         g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
+ }
+diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h
+index 28359933..0aff8ee2 100644
+--- a/daemon/gdm-display-store.h
++++ b/daemon/gdm-display-store.h
+@@ -49,7 +49,7 @@ typedef struct
+         void          (* display_added)    (GdmDisplayStore *display_store,
+                                             const char      *id);
+         void          (* display_removed)  (GdmDisplayStore *display_store,
+-                                            const char      *id);
++                                            GdmDisplay      *display);
+ } GdmDisplayStoreClass;
+ 
+ typedef enum
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index 5f1ae89e..39f3e30a 100644
+--- a/daemon/gdm-local-display-factory.c
++++ b/daemon/gdm-local-display-factory.c
+@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore        *display_store,
+ 
+ static void
+ on_display_removed (GdmDisplayStore        *display_store,
+-                    const char             *id,
++                    GdmDisplay             *display,
+                     GdmLocalDisplayFactory *factory)
+ {
+-        GdmDisplay *display;
+-
+-        display = gdm_display_store_lookup (display_store, id);
+-
+-        if (display != NULL) {
+-                g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
+-                g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+-
+-        }
++        g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
++        g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+ }
+ 
+ static gboolean
+diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
+index f17bd1a5..f6684a8b 100644
+--- a/daemon/gdm-manager.c
++++ b/daemon/gdm-manager.c
+@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display,
+ 
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+-                    const char      *id,
++                    GdmDisplay      *display,
+                     GdmManager      *manager)
+ {
+-        GdmDisplay *display;
++        char    *id;
+ 
+-        display = gdm_display_store_lookup (display_store, id);
+-        if (display != NULL) {
+-                g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++        gdm_display_get_id (display, &id, NULL);
++        g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++        g_free (id);
+ 
+-                g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
++        g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
+ 
+-                g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
+-        }
++        g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
+ }
+ 
+ static void
+@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
+                               G_STRUCT_OFFSET (GdmManagerClass, display_removed),
+                               NULL,
+                               NULL,
+-                              g_cclosure_marshal_VOID__STRING,
++                              g_cclosure_marshal_VOID__OBJECT,
+                               G_TYPE_NONE,
+-                              1, G_TYPE_STRING);
++                              1, G_TYPE_OBJECT);
+ 
+         g_object_class_install_property (object_class,
+                                          PROP_XDMCP_ENABLED,
+diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h
+index 41c68a7a..c8fb3f22 100644
+--- a/daemon/gdm-manager.h
++++ b/daemon/gdm-manager.h
+@@ -24,6 +24,7 @@
+ 
+ #include <glib-object.h>
+ 
++#include "gdm-display.h"
+ #include "gdm-manager-glue.h"
+ 
+ G_BEGIN_DECLS
+@@ -50,7 +51,7 @@ typedef struct
+         void          (* display_added)    (GdmManager      *manager,
+                                             const char      *id);
+         void          (* display_removed)  (GdmManager      *manager,
+-                                            const char      *id);
++                                            GdmDisplay      *display);
+ } GdmManagerClass;
+ 
+ typedef enum
+-- 
+2.17.1
+
-- 
2.18.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424.
  2018-08-14 20:24 [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424 Leo Famulari
@ 2018-08-14 20:31 ` Leo Famulari
  2018-08-14 20:54   ` bug#32441: " Leo Famulari
  0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2018-08-14 20:31 UTC (permalink / raw)
  To: 32441

[-- Attachment #1: Type: text/plain, Size: 154 bytes --]

It was pointed out to me that GDM currently doesn't work in GuixSD,
anyways, so there is not that much testing to do. I can handle it
without assistance.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#32441: [PATCH] gnu: gdm: Fix CVE-2018-14424.
  2018-08-14 20:31 ` Leo Famulari
@ 2018-08-14 20:54   ` Leo Famulari
  0 siblings, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2018-08-14 20:54 UTC (permalink / raw)
  To: 32441-done

[-- Attachment #1: Type: text/plain, Size: 274 bytes --]

On Tue, Aug 14, 2018 at 04:31:49PM -0400, Leo Famulari wrote:
> It was pointed out to me that GDM currently doesn't work in GuixSD,
> anyways, so there is not that much testing to do. I can handle it
> without assistance.

Pushed as feccc81013c410494b68894aad75bd7d135f5525

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-08-14 20:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-14 20:24 [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424 Leo Famulari
2018-08-14 20:31 ` Leo Famulari
2018-08-14 20:54   ` bug#32441: " Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).