From unknown Sun Jun 22 17:15:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 14 Aug 2018 20:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 32441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 32441@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.153427831030928 (code B ref -1); Tue, 14 Aug 2018 20:26:02 +0000 Received: (at submit) by debbugs.gnu.org; 14 Aug 2018 20:25:10 +0000 Received: from localhost ([127.0.0.1]:51087 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfsH-00082Z-6S for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:25:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:40073) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfsE-00081n-Im for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:25:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fpfs4-00024n-NO for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:24:56 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:46831) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fpfs3-00023i-RZ for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:24:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49069) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fpfrx-0004wA-IE for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fpfrt-0001uy-Vp for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:45 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60305) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fpfrt-0001pS-By for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:41 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EA5BF21F75; Tue, 14 Aug 2018 16:24:33 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 14 Aug 2018 16:24:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=mesmtp; bh=Qt5aFkXJggZb/pj4qmHgfnas04ZXcIsIVwgVpZ nuc3A=; b=jjSg4QH5zI7RvQ3iuEnccFEbU0Bc43L0Y2fDBw13IOeZmt0rWWRa81 tBCqd6ZIQdJEG9lT6EZZ7BiahhpNdWcpHT3fRqOqWlScMcfqc3jAlE5VBWVqQ2P5 ebCIO5gNpbzFXktIX6kkUfC9Ly4p6UQh0G/dSQXJC1brxFBXXMCGI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Qt5aFkXJggZb/pj4q mHgfnas04ZXcIsIVwgVpZnuc3A=; b=kxp87bYZFUOUWzKYAJR9oZS4a7D+D+F3B cqOuhrsukNq6AJgWBcQWHLgl2DTS4ktpbn8WFrA5fBxolo0ad6ZI00i1l3QQTL+/ xPkoclAJ8qqcvJm5KOAH9qubAXB6JO/foWN64zmwkriG6i6Wzg83lLLNdwgvp9HH WnN5puC4aG1VT1Fu0FnFORnLbjLFVfNq7EN+cW5bJBbJZTx4iPDHJ4ySUc6VL56b NiAvC0AGMPqszOO5OswClaMg+4rEcF7bu0DUVVChr5tTZzuPXD/P21UAE6qDd4So zevWKwkXY94KCX/VsbYEeTnC8L9joVy/Lddu58H8MsYg4bo1SaiAw== X-ME-Proxy: X-ME-Sender: Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id DE063E405D for ; Tue, 14 Aug 2018 16:24:30 -0400 (EDT) From: Leo Famulari Date: Tue, 14 Aug 2018 16:24:26 -0400 Message-Id: X-Mailer: git-send-email 2.18.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) Please test this! I don't have a graphical GuixSD system to test it with. * gnu/packages/patches/gdm-CVE-2018-14424.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gdm): Use it. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 1 + gnu/packages/patches/gdm-CVE-2018-14424.patch | 172 ++++++++++++++++++ 3 files changed, 174 insertions(+) create mode 100644 gnu/packages/patches/gdm-CVE-2018-14424.patch diff --git a/gnu/local.mk b/gnu/local.mk index 15e7beac6..f433da46e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -714,6 +714,7 @@ dist_patch_DATA = \ %D%/packages/patches/gd-CVE-2018-5711.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ + %D%/packages/patches/gdm-CVE-2018-14424.patch \ %D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 4ef96ffa5..fe26bc35c 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -5305,6 +5305,7 @@ libxml2.") (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "gdm-CVE-2018-14424.patch")) (sha256 (base32 "0mxdal6hh345xk2xqmw5192jgpprkbcv1d4bwmnl4arcc00cpp8p")))) diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch new file mode 100644 index 000000000..88a71f415 --- /dev/null +++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch @@ -0,0 +1,172 @@ +Fix CVE-2018-14424: + +https://gitlab.gnome.org/GNOME/gdm/issues/401 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424 + +Patch copied from upstream source repository: + +https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da + +From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 19 Jul 2018 18:26:05 +0100 +Subject: [PATCH] display-store: Pass the display object rather than the id in + the removed signal + +By the time GdmDisplayStore emits the "display-removed" signal, the display +is no longer in the store and gdm_display_store_lookup will not work in +signal handlers. + +Change the "display-removed" parameter from the display id to the GdmDisplay +object, so that signal handers can perform any cleanup they need to do + +CVE-2018-14424 + +Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401 +--- + daemon/gdm-display-store.c | 11 +++-------- + daemon/gdm-display-store.h | 2 +- + daemon/gdm-local-display-factory.c | 13 +++---------- + daemon/gdm-manager.c | 19 +++++++++---------- + daemon/gdm-manager.h | 3 ++- + 5 files changed, 18 insertions(+), 30 deletions(-) + +diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c +index af76f519..fd24334e 100644 +--- a/daemon/gdm-display-store.c ++++ b/daemon/gdm-display-store.c +@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store, + static void + stored_display_free (StoredDisplay *stored_display) + { +- char *id; +- +- gdm_display_get_id (stored_display->display, &id, NULL); +- + g_signal_emit (G_OBJECT (stored_display->store), + signals[DISPLAY_REMOVED], + 0, +- id); +- g_free (id); ++ stored_display->display); + + g_debug ("GdmDisplayStore: Unreffing display: %p", + stored_display->display); +@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass) + G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate)); + } +diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h +index 28359933..0aff8ee2 100644 +--- a/daemon/gdm-display-store.h ++++ b/daemon/gdm-display-store.h +@@ -49,7 +49,7 @@ typedef struct + void (* display_added) (GdmDisplayStore *display_store, + const char *id); + void (* display_removed) (GdmDisplayStore *display_store, +- const char *id); ++ GdmDisplay *display); + } GdmDisplayStoreClass; + + typedef enum +diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c +index 5f1ae89e..39f3e30a 100644 +--- a/daemon/gdm-local-display-factory.c ++++ b/daemon/gdm-local-display-factory.c +@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmLocalDisplayFactory *factory) + { +- GdmDisplay *display; +- +- display = gdm_display_store_lookup (display_store, id); +- +- if (display != NULL) { +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); +- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); +- +- } ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); ++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); + } + + static gboolean +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index f17bd1a5..f6684a8b 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmManager *manager) + { +- GdmDisplay *display; ++ char *id; + +- display = gdm_display_store_lookup (display_store, id); +- if (display != NULL) { +- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ gdm_display_get_id (display, &id, NULL); ++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ g_free (id); + +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); + +- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id); +- } ++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display); + } + + static void +@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass) + G_STRUCT_OFFSET (GdmManagerClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_object_class_install_property (object_class, + PROP_XDMCP_ENABLED, +diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h +index 41c68a7a..c8fb3f22 100644 +--- a/daemon/gdm-manager.h ++++ b/daemon/gdm-manager.h +@@ -24,6 +24,7 @@ + + #include + ++#include "gdm-display.h" + #include "gdm-manager-glue.h" + + G_BEGIN_DECLS +@@ -50,7 +51,7 @@ typedef struct + void (* display_added) (GdmManager *manager, + const char *id); + void (* display_removed) (GdmManager *manager, +- const char *id); ++ GdmDisplay *display); + } GdmManagerClass; + + typedef enum +-- +2.17.1 + -- 2.18.0 From unknown Sun Jun 22 17:15:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#32441] [PATCH] gnu: gdm: Fix CVE-2018-14424. References: In-Reply-To: Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 14 Aug 2018 20:32:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 32441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 32441@debbugs.gnu.org Received: via spool by 32441-submit@debbugs.gnu.org id=B32441.153427871332365 (code B ref 32441); Tue, 14 Aug 2018 20:32:01 +0000 Received: (at 32441) by debbugs.gnu.org; 14 Aug 2018 20:31:53 +0000 Received: from localhost ([127.0.0.1]:51100 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfyr-0008Pw-7U for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:31:53 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:59779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfyq-0008Pm-35 for 32441@debbugs.gnu.org; Tue, 14 Aug 2018 16:31:52 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9FF5721CB9; Tue, 14 Aug 2018 16:31:51 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 14 Aug 2018 16:31:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=mesmtp; bh=yTZIe5vZwF8TVi MV12S0gRntMXac6ZKiNOTAl2alieU=; b=UMKV47d6mLeG0jBU76oIZXk+bQdEWf UjYPrcSpPMCfhaiRVZkw478n/V9+Su4a1g4Xsqcs5fVXpubmu+38D+z9gESmYczW yAuglG6ELdBujzrx9/hPMJJT37apdltDpNJ+VDGkHLJHQNeHjjm5hxjgA498cyd3 0AkVKYNVZiqfA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=yTZIe5vZwF8TViMV12S0gRntMXac6ZKiNOTAl2alieU=; b=pLxYQy0l SclKcWg7IZH32ywJ03wlfBGF0Rms481FjaajbPlpotcKDxMMQHTKD3liV+B9SydA bOP2NV9dZGvP/HlR4NIhzaOv1mlCuwlkM+AJZeTDDBD2U8oGAMFRzjfNXHXOxGaI oN8UvsyVR46Kcy0+maQmDYDHnMjKzEvV/tdFpy2UF7/TW6b8HK48VOt4BM3r3MrU 2/opXyX1xYLjLmu82gNfMZApH0ETkw/EpypPBLCl3KuvbTpFj+AlSWZpriq2ideE unEo+n/vJZucbOwlGaZ2CswQz4ggZKMxZOm86eM8SpFFvwzm1ubk60U4bXZ4IcLP u6Z4MEdnKvj11g== X-ME-Proxy: X-ME-Sender: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 57DFC1025D for <32441@debbugs.gnu.org>; Tue, 14 Aug 2018 16:31:50 -0400 (EDT) Date: Tue, 14 Aug 2018 16:31:49 -0400 From: Leo Famulari Message-ID: <20180814203149.GA4849@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It was pointed out to me that GDM currently doesn't work in GuixSD, anyways, so there is not that much testing to do. I can handle it without assistance. --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltzPDQACgkQJkb6MLrK fwgMXA/+KSNNCza2PeV7KQouIuRItGoKYekSdkBkL8MiDyN24Xl4wC9myGu1SN7a b8MJY/77m38c1dsh89UjtkIGXCMvYGf+/kvZe1GuDohW9ad70JkYDXQDna87sJk4 nwRHeYpCJYSTujbLsnH0Pfpkk2mpAVulPcMZd87LFPwcpx2+B3yER0acH3yL2b6k JZRy2cYWEt5dcYMYELKqSvrCKVGI+XGt8HeNPidkUUXn8i07pTjAhz3p6vnRvmjH ys6d+yAj8klNOMY1a8emZQ9UcvJi0vXX/4LRzMWcx/EXxZ5yc+yhuXePF/ssm65E 1eu1p3kXEjjoezxcQCnHFf8JuHVqB9R51GaafHlw1yHb6Y/JW7k0ya5webGHUzJk ugULGmkyA/kFXXPa6Er+lhcXpAJxibB0yaa6jbu302uUVklcUM544S/iwThYCmXb gAGuSRREJPYvvoIHBTzJNKkupuHN5T5HzgzALD63YqvPUM3Y/VqLrW25K3X2mtXx G0hBnMotB1/bjrdFpXTpKBv8yjaK37Rpa6Zrdbzhte6YvLwEi+3ik8Ewkp/xCF/G iaYL525kr6k0orYNTePwb3oswU+yQOHlzyb+Kymw4RVVi3VCBCkf44+ZS5waptN0 fs4gPFlbQMQlO4Y46qoEpUWvfkZ0eek1nV2t3SvwESqr5ArHcDw= =j4E8 -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- From unknown Sun Jun 22 17:15:09 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Leo Famulari Subject: bug#32441: closed (Re: [PATCH] gnu: gdm: Fix CVE-2018-14424.) Message-ID: References: <20180814205443.GA28582@jasmine.lan> X-Gnu-PR-Message: they-closed 32441 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 32441@debbugs.gnu.org Date: Tue, 14 Aug 2018 20:55:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1534280102-3519-1" This is a multi-part message in MIME format... ------------=_1534280102-3519-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #32441: [PATCH] gnu: gdm: Fix CVE-2018-14424. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 32441@debbugs.gnu.org. --=20 32441: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D32441 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1534280102-3519-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 32441-done) by debbugs.gnu.org; 14 Aug 2018 20:54:49 +0000 Received: from localhost ([127.0.0.1]:51122 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpgL3-0000uI-HC for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:54:49 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:55031) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpgKz-0000u7-9v for 32441-done@debbugs.gnu.org; Tue, 14 Aug 2018 16:54:46 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C2FFF21B6F; Tue, 14 Aug 2018 16:54:44 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 14 Aug 2018 16:54:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=6VX/GG8lbq0M78gCDESiztEixjjUFMOlYt3EPFn/o08=; b=TevCR E6BcArXXuC7TMMMkTxbiVqmnjpaSss8vNoJCnGyA/MYcv+UNdJWy4qLZ73o2r68z gJ2pCm1eFJcNvG4oHXQ1KjNBT0QBTQoPNh43wpAt5QVp8q33utoT/DBLQgDo8J7m hEZH26YHOG6IVE6m/CDqXlT6aqu8tXcMQsnfOk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=6VX/GG8lbq0M78gCDESiztEixjjUF MOlYt3EPFn/o08=; b=l5BDc7k1yKLMsSSPs+HryajcskjLkHBwE93Rp/pit/08d fpM5Up2taIumCITaVBTmKQbtoppJD7gFL9pkgvhsj2BJ47zH8TKyIFCKniQYVMn4 n3q1p2z5nWORgpvsBcnD88LX2shzcd9Cb9UNOImAMP9y64cvTFwQQYWFcx1VkuXV qOKWecJQ67it9tg1lPxSsugQb9wjD3VkU9R+nbL8Qk/koS4Ci7lS0QfNuRwwNb9Q MgjtVyzcl6N3wkUZAFK/5DB3awB5CokWDaA8zAmbNYk18a6brC/RkKCD/dwvuJui UM1HTtuEn4B59RnhfGIqXHm98Ulapll74hna6GI0g== X-ME-Proxy: X-ME-Sender: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 4F32A1025C for <32441-done@debbugs.gnu.org>; Tue, 14 Aug 2018 16:54:44 -0400 (EDT) Date: Tue, 14 Aug 2018 16:54:43 -0400 From: Leo Famulari To: 32441-done@debbugs.gnu.org Subject: Re: [PATCH] gnu: gdm: Fix CVE-2018-14424. Message-ID: <20180814205443.GA28582@jasmine.lan> References: <20180814203149.GA4849@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline In-Reply-To: <20180814203149.GA4849@jasmine.lan> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32441-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Aug 14, 2018 at 04:31:49PM -0400, Leo Famulari wrote: > It was pointed out to me that GDM currently doesn't work in GuixSD, > anyways, so there is not that much testing to do. I can handle it > without assistance. Pushed as feccc81013c410494b68894aad75bd7d135f5525 --jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltzQZMACgkQJkb6MLrK fwh/JBAAgluWxstnNMB5zXHN6+sTGxVS2GWeZipmmClApiioYA54iz5tewhsWe3i b18mN2fJ5O6OOT+G1V5e6DjfAJz6bu3lTUwqypUCr0owJDkh6DwO9d0QuIl/fZh9 lIJLMAerI7vYMtkIbZSnOwdctKmGKiSQLB6nSLNNDBwk7ty88UQsVTTS/dLPoMED Nzx9O7C5rer+NKVeB9u4Udff3bcpN0SkMIY3nnUV/ChLt3tUZGzgtmYcNZDRmkaT Xwv2KP9IY3hXCLg1Uerj8CX6s5WVysNHvN7IRztV/TDwiri6BX2ni7tV9Zfg9YpE 9fHGjFJ/R4oMPJoI3Ox4SKWW6PIBnUpm8tLLY8c3l08hSf90a4lm0+F3zBFYzLC5 tIDgGoPGkbkMEg8qqtDrAyrBajjYmi+PwXDIsTOTa84h7Ff4oPva8owXijSdikSP i1QvVajrzHpWMzXUY4IfEAn7Fh4ZbXw1kKW0uX+PJjLg9971n2KDq4f5qsbQ2CNJ 7XvmfpuCTIs3QQv27FkIFNTNNrUX4cCsNrBPOOYhQ5R06UOfdxG7pDsAIAqjKCRR HrRjxQWbUx9p4w7AKxtSbBN8K2s/SGb6Gfi3am44m2rLACXdNlkROIPBYsfBZuaL rkOfLEDJMEN0zVvn7qmx7Z0YFF5yfMjcYFrU3xWPPAu/FjGtPm0= =HCAw -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- ------------=_1534280102-3519-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 14 Aug 2018 20:25:10 +0000 Received: from localhost ([127.0.0.1]:51087 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfsH-00082Z-6S for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:25:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:40073) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fpfsE-00081n-Im for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:25:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fpfs4-00024n-NO for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:24:56 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:46831) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fpfs3-00023i-RZ for submit@debbugs.gnu.org; Tue, 14 Aug 2018 16:24:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49069) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fpfrx-0004wA-IE for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fpfrt-0001uy-Vp for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:45 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60305) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fpfrt-0001pS-By for guix-patches@gnu.org; Tue, 14 Aug 2018 16:24:41 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EA5BF21F75; Tue, 14 Aug 2018 16:24:33 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 14 Aug 2018 16:24:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=mesmtp; bh=Qt5aFkXJggZb/pj4qmHgfnas04ZXcIsIVwgVpZ nuc3A=; b=jjSg4QH5zI7RvQ3iuEnccFEbU0Bc43L0Y2fDBw13IOeZmt0rWWRa81 tBCqd6ZIQdJEG9lT6EZZ7BiahhpNdWcpHT3fRqOqWlScMcfqc3jAlE5VBWVqQ2P5 ebCIO5gNpbzFXktIX6kkUfC9Ly4p6UQh0G/dSQXJC1brxFBXXMCGI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Qt5aFkXJggZb/pj4q mHgfnas04ZXcIsIVwgVpZnuc3A=; b=kxp87bYZFUOUWzKYAJR9oZS4a7D+D+F3B cqOuhrsukNq6AJgWBcQWHLgl2DTS4ktpbn8WFrA5fBxolo0ad6ZI00i1l3QQTL+/ xPkoclAJ8qqcvJm5KOAH9qubAXB6JO/foWN64zmwkriG6i6Wzg83lLLNdwgvp9HH WnN5puC4aG1VT1Fu0FnFORnLbjLFVfNq7EN+cW5bJBbJZTx4iPDHJ4ySUc6VL56b NiAvC0AGMPqszOO5OswClaMg+4rEcF7bu0DUVVChr5tTZzuPXD/P21UAE6qDd4So zevWKwkXY94KCX/VsbYEeTnC8L9joVy/Lddu58H8MsYg4bo1SaiAw== X-ME-Proxy: X-ME-Sender: Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id DE063E405D for ; Tue, 14 Aug 2018 16:24:30 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: gdm: Fix CVE-2018-14424. Date: Tue, 14 Aug 2018 16:24:26 -0400 Message-Id: X-Mailer: git-send-email 2.18.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) Please test this! I don't have a graphical GuixSD system to test it with. * gnu/packages/patches/gdm-CVE-2018-14424.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gdm): Use it. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 1 + gnu/packages/patches/gdm-CVE-2018-14424.patch | 172 ++++++++++++++++++ 3 files changed, 174 insertions(+) create mode 100644 gnu/packages/patches/gdm-CVE-2018-14424.patch diff --git a/gnu/local.mk b/gnu/local.mk index 15e7beac6..f433da46e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -714,6 +714,7 @@ dist_patch_DATA = \ %D%/packages/patches/gd-CVE-2018-5711.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ + %D%/packages/patches/gdm-CVE-2018-14424.patch \ %D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 4ef96ffa5..fe26bc35c 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -5305,6 +5305,7 @@ libxml2.") (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "gdm-CVE-2018-14424.patch")) (sha256 (base32 "0mxdal6hh345xk2xqmw5192jgpprkbcv1d4bwmnl4arcc00cpp8p")))) diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch new file mode 100644 index 000000000..88a71f415 --- /dev/null +++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch @@ -0,0 +1,172 @@ +Fix CVE-2018-14424: + +https://gitlab.gnome.org/GNOME/gdm/issues/401 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424 + +Patch copied from upstream source repository: + +https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da + +From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 19 Jul 2018 18:26:05 +0100 +Subject: [PATCH] display-store: Pass the display object rather than the id in + the removed signal + +By the time GdmDisplayStore emits the "display-removed" signal, the display +is no longer in the store and gdm_display_store_lookup will not work in +signal handlers. + +Change the "display-removed" parameter from the display id to the GdmDisplay +object, so that signal handers can perform any cleanup they need to do + +CVE-2018-14424 + +Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401 +--- + daemon/gdm-display-store.c | 11 +++-------- + daemon/gdm-display-store.h | 2 +- + daemon/gdm-local-display-factory.c | 13 +++---------- + daemon/gdm-manager.c | 19 +++++++++---------- + daemon/gdm-manager.h | 3 ++- + 5 files changed, 18 insertions(+), 30 deletions(-) + +diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c +index af76f519..fd24334e 100644 +--- a/daemon/gdm-display-store.c ++++ b/daemon/gdm-display-store.c +@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store, + static void + stored_display_free (StoredDisplay *stored_display) + { +- char *id; +- +- gdm_display_get_id (stored_display->display, &id, NULL); +- + g_signal_emit (G_OBJECT (stored_display->store), + signals[DISPLAY_REMOVED], + 0, +- id); +- g_free (id); ++ stored_display->display); + + g_debug ("GdmDisplayStore: Unreffing display: %p", + stored_display->display); +@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass) + G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate)); + } +diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h +index 28359933..0aff8ee2 100644 +--- a/daemon/gdm-display-store.h ++++ b/daemon/gdm-display-store.h +@@ -49,7 +49,7 @@ typedef struct + void (* display_added) (GdmDisplayStore *display_store, + const char *id); + void (* display_removed) (GdmDisplayStore *display_store, +- const char *id); ++ GdmDisplay *display); + } GdmDisplayStoreClass; + + typedef enum +diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c +index 5f1ae89e..39f3e30a 100644 +--- a/daemon/gdm-local-display-factory.c ++++ b/daemon/gdm-local-display-factory.c +@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmLocalDisplayFactory *factory) + { +- GdmDisplay *display; +- +- display = gdm_display_store_lookup (display_store, id); +- +- if (display != NULL) { +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); +- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); +- +- } ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); ++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); + } + + static gboolean +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index f17bd1a5..f6684a8b 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmManager *manager) + { +- GdmDisplay *display; ++ char *id; + +- display = gdm_display_store_lookup (display_store, id); +- if (display != NULL) { +- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ gdm_display_get_id (display, &id, NULL); ++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ g_free (id); + +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); + +- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id); +- } ++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display); + } + + static void +@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass) + G_STRUCT_OFFSET (GdmManagerClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_object_class_install_property (object_class, + PROP_XDMCP_ENABLED, +diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h +index 41c68a7a..c8fb3f22 100644 +--- a/daemon/gdm-manager.h ++++ b/daemon/gdm-manager.h +@@ -24,6 +24,7 @@ + + #include + ++#include "gdm-display.h" + #include "gdm-manager-glue.h" + + G_BEGIN_DECLS +@@ -50,7 +51,7 @@ typedef struct + void (* display_added) (GdmManager *manager, + const char *id); + void (* display_removed) (GdmManager *manager, +- const char *id); ++ GdmDisplay *display); + } GdmManagerClass; + + typedef enum +-- +2.17.1 + -- 2.18.0 ------------=_1534280102-3519-1--