Your message dated Mon, 01 Dec 2014 17:49:09 +0000 with message-id <[email protected]> and subject line Bug#683338: fixed in gnome-shell 3.14.2-1 has caused the Debian Bug report #683338, regarding CVE-2013-7273 gdm-3.4.1-8 patch proposal to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 683338: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Subject: gdm3: CVE-2013-7273 gdm-3.4.1-8 patch proposal Package: gdm3 Version: 3.4.1-8 Severity: important Tags: patch Dear Maintainer, I have 120 public debian Wheezy hosts on my network where user list is disabled in gdm. This bug is very annoying for me because it crash gdm and few users know how to restart the X server (ctr-alt-return). So the stations stay unusable. In reality this bug not only occur when cancel or escape is pressed. It is a event order/time issue, on certain station it appears when the login is typed to early after the window reset. So here my bug fix proposal and explanations for the gui/simple-greeter/gdm-greeter-login-window.c source. ------------------- Gdm simple greeter reset the login dialog with the following function : (line 1082) gboolean gdm_greeter_login_window_reset (GdmGreeterLoginWindow *login_window) { g_debug ("GdmGreeterLoginWindow: window reset"); g_return_val_if_fail (GDM_IS_GREETER_LOGIN_WINDOW (login_window), FALSE); reset_dialog_after_messages (login_window, MODE_SELECTION); g_list_foreach (login_window->priv->extensions, (GFunc) restart_extension_conversation, login_window); g_free (login_window->priv->service_name_of_session_ready_to_start); login_window->priv->service_name_of_session_ready_to_start = NULL; return TRUE; } We can see that gdm reset the dialog and next restart the extension conversations. The problem is that the "reset_dialog_after_messages" is not a blocking function. If there are pending messages it return immediately without resetting the dialog. The function is called again when all extension messages are flushed : (line 923) static void reset_dialog_after_messages (GdmGreeterLoginWindow *login_window, guint dialog_mode) { if (has_queued_messages (login_window)) { g_debug ("GdmGreeterLoginWindow: will reset dialog after pending messages"); login_window->priv->next_mode = dialog_mode; } else { g_debug ("GdmGreeterLoginWindow: resetting dialog"); reset_dialog (login_window, dialog_mode); } } Thus, in the public gdm_greeter_login_window_reset call, if there are pending messages, the extension conversations are restarted before the reset_dialog call (that reset all the extensions). So gdm stay in a idle state. If needed I can explain why this bug is only a problem when user list is disabled. In a patch I just added a boolean and moved the restart_conversation code to reset_dialog_after_message to be sure that it is called after reset_dialog. It seems to works. Thanks. PELLEGRIN Baptiste. -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gdm3 depends on: ii accountsservice 0.6.21-8 ii adduser 3.113+nmu3 ii dconf-gsettings-backend 0.12.1-3 ii dconf-tools 0.12.1-3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.12 ii gir1.2-freedesktop 1.32.1-1 ii gir1.2-glib-2.0 1.32.1-1 ii gnome-session [x-session-manager] 3.4.2.1-4 ii gnome-session-bin 3.4.2.1-4 ii gnome-session-fallback [x-session-manage 3.4.2.1-4 ii gnome-settings-daemon 3.4.2+git20121218.7c1322-3+deb7u3 ii gnome-terminal [x-terminal-emulator] 3.4.1.1-2 ii gsettings-desktop-schemas 3.4.2-3 ii libaccountsservice0 0.6.21-8 ii libatk1.0-0 2.4.0-2 ii libattr1 1:2.4.46-8 ii libaudit0 1:1.7.18-1.1 ii libc6 2.13-38 ii libcairo-gobject2 1.12.2-3 ii libcairo2 1.12.2-3 ii libcanberra-gtk3-0 0.28-6 ii libcanberra0 0.28-6 ii libdbus-1-3 1.6.8-1+deb7u1 ii libdbus-glib-1-2 0.100.2-1 ii libfontconfig1 2.9.0-7.1 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libglib2.0-bin 2.33.12+really2.32.4-5 ii libgtk-3-0 3.4.2-7 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libpango1.0-0 1.30.0-1 ii librsvg2-common 2.36.1-2 ii libselinux1 2.1.9-5 ii libupower-glib1 0.9.17-1 ii libwrap0 7.6.q-24 ii libx11-6 2:1.5.0-1+deb7u1 ii libxau6 1:1.0.7-1 ii libxdmcp6 1:1.1.1-1 ii libxklavier16 5.2.1-1 ii libxrandr2 2:1.3.2-2+deb7u1 ii lsb-base 4.1+Debian8+deb7u1 ii metacity [x-window-manager] 1:2.34.3-4 ii policykit-1-gnome 0.105-2 ii upower 0.9.17-1 ii x11-common 1:7.7+3~deb7u1 ii x11-xserver-utils 7.7~3 ii xterm [x-terminal-emulator] 278-4 Versions of packages gdm3 recommends: ii at-spi2-core 2.5.3-2 ii desktop-base 7.0.3 ii gnome-icon-theme 3.4.0-2 ii gnome-icon-theme-symbolic 3.4.0-2 ii x11-xkb-utils 7.7~1 ii xserver-xephyr 2:1.12.4-6+deb7u2 ii xserver-xorg 1:7.7+3~deb7u1 ii zenity 3.4.0-2 Versions of packages gdm3 suggests: ii gnome-orca 3.4.2-2 ii gnome-shell 3.4.2-7+deb7u1 pn gok <none> ii libpam-gnome-keyring 3.4.1-5 -- Configuration Files: /etc/gdm3/daemon.conf changed [not included] -- debconf information excludedIndex: gdm3-3.4.1/gui/simple-greeter/gdm-greeter-login-window.c =================================================================== --- gdm3-3.4.1.orig/gui/simple-greeter/gdm-greeter-login-window.c 2014-06-10 13:36:48.000000000 +0200 +++ gdm3-3.4.1/gui/simple-greeter/gdm-greeter-login-window.c 2014-06-10 14:15:03.811245189 +0200 @@ -147,6 +147,7 @@ guint start_session_handler_id; char *service_name_of_session_ready_to_start; + gboolean restart_conversation_after_reset; }; enum { @@ -187,6 +188,9 @@ static void handle_stopped_conversation (GdmGreeterLoginWindow *login_window, const char *service_name); +static gboolean restart_extension_conversation (GdmLoginExtension *extension, + GdmGreeterLoginWindow *login_window); + static void begin_single_service_verification (GdmGreeterLoginWindow *login_window, const char *service_name); @@ -922,6 +926,12 @@ } else { g_debug ("GdmGreeterLoginWindow: resetting dialog"); reset_dialog (login_window, dialog_mode); + if(login_window->priv->restart_conversation_after_reset) { + g_list_foreach (login_window->priv->extensions, + (GFunc) restart_extension_conversation, + login_window); + login_window->priv->restart_conversation_after_reset = FALSE; + } } } @@ -1085,10 +1095,8 @@ g_return_val_if_fail (GDM_IS_GREETER_LOGIN_WINDOW (login_window), FALSE); + login_window->priv->restart_conversation_after_reset = TRUE; reset_dialog_after_messages (login_window, MODE_SELECTION); - g_list_foreach (login_window->priv->extensions, - (GFunc) restart_extension_conversation, - login_window); g_free (login_window->priv->service_name_of_session_ready_to_start); login_window->priv->service_name_of_session_ready_to_start = NULL; @@ -2565,6 +2573,7 @@ user_list_disable = g_settings_get_boolean (settings, KEY_DISABLE_USER_LIST); login_window->priv->user_list_disabled = user_list_disable; + login_window->priv->restart_conversation_after_reset = FALSE; gtk_window_set_title (GTK_WINDOW (login_window), _("Login Window")); /*gtk_window_set_opacity (GTK_WINDOW (login_window), 0.85);*/
--- End Message ---
--- Begin Message ---Source: gnome-shell Source-Version: 3.14.2-1 We believe that the bug you reported is fixed in the latest version of gnome-shell, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette <[email protected]> (supplier of updated gnome-shell package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 30 Nov 2014 13:52:46 +0100 Source: gnome-shell Binary: gnome-shell gnome-shell-common gnome-shell-dbg Architecture: source all amd64 Version: 3.14.2-1 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <[email protected]> Changed-By: Josselin Mouette <[email protected]> Description: gnome-shell - graphical shell for the GNOME desktop gnome-shell-common - common files for the GNOME graphical shell gnome-shell-dbg - Debugging symbols for GNOME Shell Closes: 683338 Changes: gnome-shell (3.14.2-1) unstable; urgency=medium . * gnome-shell.gsettings-override: remove shotwell which is no longer part of the default installation. * New upstream bugfix release. + Summarize notifications instead of queuing up. * Bump (build-)dependencies on mutter. * 01_network_list.patch: patch from upstream git. Fix an UI bug when removing network connections. * 02_auth_prompt.patch: patch from upstream git. Fix the prompt with disable_user_list after canceling an attempt. Closes: #683338. Checksums-Sha1: c943a1fec81cdaad69e25bf9b816617bade12c7a 3463 gnome-shell_3.14.2-1.dsc fe2b709cdec3fb56a11f0143d37285520bcb1be8 1590640 gnome-shell_3.14.2.orig.tar.xz dda27f02addf11685252bb35afc015de4ae271bd 21904 gnome-shell_3.14.2-1.debian.tar.xz 9723465fc0270546a406ee9f58cf8fc4bd5d17de 639258 gnome-shell-common_3.14.2-1_all.deb 00e20f56fede0a792547f573b3fc98de2a171b9a 637698 gnome-shell_3.14.2-1_amd64.deb fd97606b22191f463218d629db9df8d7eec8fb61 768746 gnome-shell-dbg_3.14.2-1_amd64.deb Checksums-Sha256: d806e10555fc62232713c689d22f4d67bc2c981241b0ecae0631307a00727762 3463 gnome-shell_3.14.2-1.dsc 4166656cac98da9b2fbd5c315ca1c4f34e06f1f5423ae058831ceb51ea5deda1 1590640 gnome-shell_3.14.2.orig.tar.xz a79388735c193259ddad9180b5c8bd2836dd556fb1d8c6bb6b4048eddb46a4f4 21904 gnome-shell_3.14.2-1.debian.tar.xz 27b34b74f48dd52d4e41ea0daf80c1fc2ac60d5a5774a00a5621135d47ac4496 639258 gnome-shell-common_3.14.2-1_all.deb 2ff10d3b89a7202f981064858f6afa34fc95ea65068c649a577bd50cda9a620d 637698 gnome-shell_3.14.2-1_amd64.deb 1b6fa455382ba421e5ca52e5a793abd37d15aee516fabfe0fd135cacc66d3dcb 768746 gnome-shell-dbg_3.14.2-1_amd64.deb Files: 55c4d1f855e3bd3797de1db5ce8f2e29 3463 gnome optional gnome-shell_3.14.2-1.dsc 0144f7a5e4a7bcb2562dfa7e722ff6f2 1590640 gnome optional gnome-shell_3.14.2.orig.tar.xz 9cb7d94824e9271c0c2b8b1ebbdf0f4f 21904 gnome optional gnome-shell_3.14.2-1.debian.tar.xz 5e3022d8a5a89809d21486c6b7531702 639258 gnome optional gnome-shell-common_3.14.2-1_all.deb ca68697bf3bd4bb3891d6bff714c6259 637698 gnome optional gnome-shell_3.14.2-1_amd64.deb e5d36c66d5b1501dd26c7177083a748d 768746 debug extra gnome-shell-dbg_3.14.2-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVHyoieePdRdw6BVUAQKhOxAAlYWvDVSi79kqQbh24gP0Ew+4yL2r8Y0y a+sDt6BTWz77VcwOolbnzU3neK4MajfLyOXvpQNLVMeqe4tWE1t20FWZYsPMMaai +lQHXsB939vvpR3INsuuIJkAzRjp5BNgBdx+l9nFYFbXDLsOYIGqKPJWFAaCNHnB s96mu5bJrc7QnaTm7S4MoND8YF9OzN0daeg4h9d6DZKYAyNvT39OgJelMlSp3mBU FBmONoQxLTQ1YJ4IoWbKzwmR35uK9aaaHleaz14ijg1oJuD+ZkrLfeufGfpUHak1 3GLPgWmBfMvYVFs2usQjxza+KTDuCRRq5iPMFBRgCPxlytuuQUFPMATYBD/jvYzN SAg2N329wl3Xvg52/QZA0O1vTgzwyUk0+OKTm+OiBIXQzq4tt+G9Y+Ge00rH6w2F gXAMDUZ4tBFlvk4/lsVaOUoAZYPSsAoyHuepkZme9sTexjHNxtx2QWqg3RF0nCd+ g8ezY5zUSTP0KVTdMCAV1Zr2l2PNMf862MbHOPrPypAiuyY3N9RKQScqj01D0tKA XQyZzySU2krqfKHUSClGW6VNDQ/Tno/168JQzSkvW88frfQxoJQwXCKKU2LmUWU/ lTQ9t91hOGkjXcETL8FOo05rRxJFVesSlUcbXDnGAzB6DwjojHlr/5KrL+lNo/G2 tj54LE6Wjuc= =RhyH -----END PGP SIGNATURE-----
--- End Message ---
