From f83c476ec7d98189c8fd8451c8e6c15804ba64aeb2c1e8586cf82c3d0ee6928e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 6 Aug 2024 11:56:37 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main gnome-shell revision d16c52f732245df2e73d2c8d899a2613 --- CVE-2024-36472.patch | 55 ++++++++++++++++++++++++++++++++++++++++++++ gnome-shell.changes | 7 ++++++ gnome-shell.spec | 3 +++ 3 files changed, 65 insertions(+) create mode 100644 CVE-2024-36472.patch diff --git a/CVE-2024-36472.patch b/CVE-2024-36472.patch new file mode 100644 index 0000000..36309c5 --- /dev/null +++ b/CVE-2024-36472.patch @@ -0,0 +1,55 @@ +diff --git a/js/ui/status/network.js b/dev/shm/leap/gnome-shell-js/ui/status/network.js +index 469c2d3..3bd428b 100644 +--- a/js/ui/status/network.js ++++ b/dev/shm/leap/gnome-shell-js/ui/status/network.js +@@ -1982,6 +1982,7 @@ class Indicator extends SystemIndicator { + this._mainConnection = null; + + this._notification = null; ++ this._PortalNotification = null; + + this._wiredToggle = new NMWiredToggle(); + this._wirelessToggle = new NMWirelessToggle(); +@@ -2092,8 +2093,10 @@ class Indicator extends SystemIndicator { + } + + _mainConnectionStateChanged() { +- if (this._mainConnection.state === NM.ActiveConnectionState.ACTIVATED) ++ if (this._mainConnection.state === NM.ActiveConnectionState.ACTIVATED) { + this._notification?.destroy(); ++ this._PortalNotification?.destroy(); ++ } + } + + _flushConnectivityQueue() { +@@ -2146,10 +2149,30 @@ class Indicator extends SystemIndicator { + if (!isPortal || Main.sessionMode.isGreeter) + return; + ++ let name = this._mainConnection.get_id(); + let path = this._mainConnection.get_path(); + if (this._connectivityQueue.has(path)) + return; + ++ this._PortalNotification?.destroy(); ++ const source = new MessageTray.Source( ++ _('Network Manager'), 'network-wireless-acquiring-symbolic'); ++ source.policy = ++ new MessageTray.NotificationApplicationPolicy('gnome-network-panel') ++ ++ this._PortalNotification = new MessageTray.Notification(source, ++ _('Sign Into Wi–Fi Network'), ++ _(name)); ++ this._PortalNotification.connect('destroy', ++ () => (this._PortalNotification = null)) ++ this._PortalNotification.connect('activated', ++ () => this._onNotificationActivated(path)); ++ ++ Main.messageTray.add(source); ++ source.showNotification(this._PortalNotification) ++ } ++ ++ async _onNotificationActivated(path) { + let timestamp = global.get_current_time(); + if (!this._portalHelperProxy) { + this._portalHelperProxy = new Gio.DBusProxy({ diff --git a/gnome-shell.changes b/gnome-shell.changes index 4ca7aff..b2d979f 100644 --- a/gnome-shell.changes +++ b/gnome-shell.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jul 12 08:23:12 UTC 2024 - Xiaoguang Wang + +- Add CVE-2024-36472.patch: Show notification when detecting + captive portal + (glgo#GNOME/gnome-shell#7688 bsc#1225567 CVE-2024-36472). + ------------------------------------------------------------------- Tue May 21 08:24:13 UTC 2024 - Alynx Zhou diff --git a/gnome-shell.spec b/gnome-shell.spec index ecd67de..506d7a7 100644 --- a/gnome-shell.spec +++ b/gnome-shell.spec @@ -43,6 +43,8 @@ Patch7: gnome-shell-executable-path-not-absolute.patch Patch8: gnome-shell-exit-crash-workaround.patch # PATCH-FIX-UPSTREAM gnome-shell-fix-cursor-on-hide-preedit.patch glgo#GNOME/gnome-shell!3318 alynx.zhou@suse.com -- Correctly reset cursor when hide preedit Patch9: gnome-shell-fix-cursor-on-hide-preedit.patch +# PATCH-FIX-UPSTREAM CVE-2024-36472.patch glgo#GNOME/gnome-shell#7688 bsc#1225567 xiaoguang.wang@suse.com -- Show notification when detecting captive portal +Patch10: CVE-2024-36472.patch ## NOTE: Keep SLE-only patches at bottom (starting on 1000). # PATCH-FEATURE-SLE gnome-shell-gdm-login-applet.patch fate#314545 dliang@suse.com -- Add an applet on login UI to display suse icon, product name, hostname. @@ -190,6 +192,7 @@ This package contains an optional extensions app for managing GNOME Shell extens %patch -P 7 -p1 %patch -P 8 -p1 %patch -P 9 -p1 +%patch -P 10 -p1 %if 0%{?sle_version} %patch -P 1001 -p1