From d144fb9769ac2ce42bb32f3737265ded02c94e2f Mon Sep 17 00:00:00 2001
From: weijin deng <weijin.deng@turbolinux.com.cn>
Date: Tue, 28 Sep 2021 12:01:08 +0800
Subject: [PATCH] fix CVE-2019-3820

---
 CVE-2019-3820-1.patch | 30 ++++++++++++++
 CVE-2019-3820-2.patch | 91 +++++++++++++++++++++++++++++++++++++++++++
 gnome-shell.spec      |  7 +++-
 3 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-3820-1.patch
 create mode 100644 CVE-2019-3820-2.patch

diff --git a/CVE-2019-3820-1.patch b/CVE-2019-3820-1.patch
new file mode 100644
index 0000000..c2088e9
--- /dev/null
+++ b/CVE-2019-3820-1.patch
@@ -0,0 +1,30 @@
+From 362444c782d205cba63987bc5996c475bf056597 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
+Date: Wed, 23 Jan 2019 23:55:12 +0100
+Subject: [PATCH] panel: Don't allow opening hidden menus via keybindings
+
+We shouldn't allow toggling menus that aren't supported by the
+current session mode, but as indicators are hidden rather than
+destroyed on mode switches, it is not enough to check for an
+indicator's existence.
+
+https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
+
+patch proved:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921490
+
+diff --git a/js/ui/panel.js b/js/ui/panel.js
+index 318ca52..414994f 100644
+--- a/js/ui/panel.js
++++ b/js/ui/panel.js
+@@ -996,8 +996,8 @@ var Panel = new Lang.Class({
+     },
+ 
+     _toggleMenu(indicator) {
+-        if (!indicator) // menu not supported by current session mode
+-            return;
++        if (!indicator || !indicator.container.visible)
++            return; // menu not supported by current session mode
+ 
+         let menu = indicator.menu;
+         if (!indicator.actor.reactive)
diff --git a/CVE-2019-3820-2.patch b/CVE-2019-3820-2.patch
new file mode 100644
index 0000000..5a2576d
--- /dev/null
+++ b/CVE-2019-3820-2.patch
@@ -0,0 +1,91 @@
+From 74b372212f649984b79337c7118495be29cd4871 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Wed, 23 Jan 2019 15:59:42 -0500
+Subject: [PATCH] shellActionModes: disable POPUP keybindings in lock screen
+
+Certain keybindings should continue to work even when a popup
+menu is on screen. For instance, the keybinding for showing
+the app menu and the keyinding for showing the calendar are
+examples.
+
+This is achieved by putting in place a special "POPUP" action
+mode, whenever a popup menu is active.  This mode replaces
+the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
+for as long as the popup menu is active.
+
+But those keybindings should not work when the user is at the
+unlock dialog (which uses an action mode of "UNLOCK").
+
+Unfortunately, right now they do.
+
+This commit addresses the problem by using a compound action
+mode when a popup menu is open at the unlock dialog (the bitwise
+OR of POPUP and UNLOCK).
+
+Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
+
+patch proved:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921490
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index a6a0374..ac441b1 100644
+--- a/js/gdm/authPrompt.js
++++ b/js/gdm/authPrompt.js
+@@ -11,6 +11,7 @@ const Animation = imports.ui.animation;
+ const Batch = imports.gdm.batch;
+ const GdmUtil = imports.gdm.util;
+ const Params = imports.misc.params;
++const Shell = imports.gi.Shell;
+ const ShellEntry = imports.ui.shellEntry;
+ const Tweener = imports.ui.tweener;
+ const UserWidget = imports.ui.userWidget;
+@@ -99,7 +100,7 @@ var AuthPrompt = new Lang.Class({
+                          x_align: St.Align.START });
+         this._entry = new St.Entry({ style_class: 'login-dialog-prompt-entry',
+                                      can_focus: true });
+-        ShellEntry.addContextMenu(this._entry, { isPassword: true });
++        ShellEntry.addContextMenu(this._entry, { isPassword: true, actionMode: Shell.ActionMode.NONE });
+ 
+         this.actor.add(this._entry,
+                        { expand: true,
+diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js
+index 2f89140..1bf8d6f 100644
+--- a/js/gdm/loginDialog.js
++++ b/js/gdm/loginDialog.js
+@@ -342,7 +342,8 @@ var SessionMenuButton = new Lang.Class({
+                  this._button.remove_style_pseudo_class('active');
+         });
+ 
+-        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button });
++        this._manager = new PopupMenu.PopupMenuManager({ actor: this._button },
++                                                       { actionMode: Shell.ActionMode.NONE });
+         this._manager.addMenu(this._menu);
+ 
+         this._button.connect('clicked', () => { this._menu.toggle(); });
+diff --git a/js/ui/shellEntry.js b/js/ui/shellEntry.js
+index 9db5136..09bb9bb 100644
+--- a/js/ui/shellEntry.js
++++ b/js/ui/shellEntry.js
+@@ -9,6 +9,7 @@ const BoxPointer = imports.ui.boxpointer;
+ const Main = imports.ui.main;
+ const Params = imports.misc.params;
+ const PopupMenu = imports.ui.popupMenu;
++const Shell = imports.gi.Shell;
+ 
+ var EntryMenu = new Lang.Class({
+     Name: 'ShellEntryMenu',
+@@ -150,11 +151,12 @@ function addContextMenu(entry, params) {
+     if (entry.menu)
+         return;
+ 
+-    params = Params.parse (params, { isPassword: false });
++    params = Params.parse (params, { isPassword: false, actionMode: Shell.ActionMode.POPUP });
+ 
+     entry.menu = new EntryMenu(entry);
+     entry.menu.isPassword = params.isPassword;
+-    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry });
++    entry._menuManager = new PopupMenu.PopupMenuManager({ actor: entry },
++                                                        { actionMode: params.actionMode });
+     entry._menuManager.addMenu(entry.menu);
+ 
+     // Add an event handler to both the entry and its clutter_text; the former
diff --git a/gnome-shell.spec b/gnome-shell.spec
index bc64266..3e35b9c 100644
--- a/gnome-shell.spec
+++ b/gnome-shell.spec
@@ -1,6 +1,6 @@
 Name:           gnome-shell
 Version:        3.30.1
-Release:        9
+Release:        10
 Summary:        Core user interface functions for the GNOME 3 desktop
 Group:          User Interface/Desktops
 License:        GPLv2+
@@ -15,6 +15,8 @@ Patch5: 0001-Include-the-libcroco-sources-directly-under-src-st-c.patch
 Patch6: CVE-2020-17489-pre1.patch
 Patch7: CVE-2020-17489-pre2.patch
 Patch8: CVE-2020-17489.patch
+Patch9: CVE-2019-3820-1.patch
+Patch10: CVE-2019-3820-2.patch
 
 BuildRequires:  meson git ibus-devel chrpath dbus-glib-devel desktop-file-utils
 BuildRequires:  evolution-data-server-devel gcr-devel gjs-devel glib2-devel
@@ -124,6 +126,9 @@ glib-compile-schemas --allow-any-name %{_datadir}/glib-2.0/schemas &> /dev/null
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Tue Sep 28 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 3.30.1-10
+- fix CVE-2019-3820
+
 * Tue Jul 27 2021 caodongxia<caodongxia@huawei.com> - 3.30.1-9
 - add install require xdg-utils
 
-- 
Gitee