Date: Wed, 18 Nov 2015 16:28:17 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r401878 - in branches/2015Q4/x11/gdm: . files Message-ID: <201511181628.tAIGSHSN079969@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Wed Nov 18 16:28:17 2015 New Revision: 401878 URL: https://svnweb.freebsd.org/changeset/ports/401878 Log: MFH: r401858 Fix lockscreen bypass. Approved by: portmgr (swills@) Security: 68847b20-8ddc-11e5-b69c-c86000169601 Added: branches/2015Q4/x11/gdm/files/patch-CVE-2015-7496 - copied unchanged from r401858, head/x11/gdm/files/patch-CVE-2015-7496 Modified: branches/2015Q4/x11/gdm/Makefile Directory Properties: branches/2015Q4/ (props changed) Modified: branches/2015Q4/x11/gdm/Makefile ============================================================================== --- branches/2015Q4/x11/gdm/Makefile Wed Nov 18 16:23:46 2015 (r401877) +++ branches/2015Q4/x11/gdm/Makefile Wed Nov 18 16:28:17 2015 (r401878) @@ -3,6 +3,7 @@ PORTNAME= gdm PORTVERSION= 3.16.2 +PORTREVISION= 1 CATEGORIES= x11 gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome3 Copied: branches/2015Q4/x11/gdm/files/patch-CVE-2015-7496 (from r401858, head/x11/gdm/files/patch-CVE-2015-7496) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q4/x11/gdm/files/patch-CVE-2015-7496 Wed Nov 18 16:28:17 2015 (r401878, copy of r401858, head/x11/gdm/files/patch-CVE-2015-7496) @@ -0,0 +1,207 @@ +From 05e5fc24b0f803098c1d05dae86f5eb05bd0c2a4 Mon Sep 17 00:00:00 2001 +From: Rui Matos <tiagomatos@gmail.com> +Date: Sun, 15 Nov 2015 14:07:53 -0500 +Subject: session: Cancel worker proxy async ops when freeing conversations + +We need to cancel ongoing async ops for worker proxies when freeing +conversations or we'll crash when the completion handler runs and we +access free'd memory. + +https://bugzilla.gnome.org/show_bug.cgi?id=758032 + +--- + +From 5ac224602f1d603aac5eaa72e1760d3e33a26f0a Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Fri, 13 Nov 2015 11:14:59 -0500 +Subject: session: disconnect signals from worker proxy when conversation is + freed + +We don't want an outstanding reference on the worker proxy to lead to +signal handlers getting dispatched after the conversation is freed. + +https://bugzilla.gnome.org/show_bug.cgi?id=758032 + +--- + + +--- daemon/gdm-session.c.orig 2015-11-18 10:47:55.522178000 +0100 ++++ daemon/gdm-session.c 2015-11-18 10:48:00.450095000 +0100 +@@ -73,6 +73,7 @@ typedef struct + GDBusMethodInvocation *pending_invocation; + GdmDBusWorkerManager *worker_manager_interface; + GdmDBusWorker *worker_proxy; ++ GCancellable *worker_cancellable; + char *session_id; + guint32 is_stopping : 1; + +@@ -1031,6 +1032,8 @@ register_worker (GdmDBusWorkerManager * + + g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (conversation->worker_proxy), G_MAXINT); + ++ conversation->worker_cancellable = g_cancellable_new (); ++ + g_signal_connect (conversation->worker_proxy, + "username-changed", + G_CALLBACK (worker_on_username_changed), conversation); +@@ -1666,7 +1669,28 @@ free_conversation (GdmSessionConversatio + g_free (conversation->starting_username); + g_free (conversation->session_id); + g_clear_object (&conversation->worker_manager_interface); +- g_clear_object (&conversation->worker_proxy); ++ ++ if (conversation->worker_proxy != NULL) { ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_username_changed), ++ conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_session_exited), ++ conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_reauthenticated), ++ conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_saved_language_name_read), ++ conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_saved_session_name_read), ++ conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_cancel_pending_query), ++ conversation); ++ g_clear_object (&conversation->worker_proxy); ++ } + g_clear_object (&conversation->session); + g_free (conversation); + } +@@ -1828,6 +1852,9 @@ close_conversation (GdmSessionConversati + g_clear_object (&conversation->worker_manager_interface); + } + ++ g_cancellable_cancel (conversation->worker_cancellable); ++ g_clear_object (&conversation->worker_cancellable); ++ + if (conversation->worker_proxy != NULL) { + GDBusConnection *connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (conversation->worker_proxy)); + g_dbus_connection_close_sync (connection, NULL, NULL); +@@ -1996,7 +2023,7 @@ send_setup (GdmSession *self, + display_hostname, + self->priv->display_is_local, + self->priv->display_is_initial, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_setup_complete_cb, + conversation); + } +@@ -2062,7 +2089,7 @@ send_setup_for_user (GdmSession *self, + display_hostname, + self->priv->display_is_local, + self->priv->display_is_initial, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_setup_complete_cb, + conversation); + } +@@ -2124,7 +2151,7 @@ send_setup_for_program (GdmSession *self + self->priv->display_is_local, + self->priv->display_is_initial, + log_file, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_setup_complete_cb, + conversation); + } +@@ -2182,7 +2209,7 @@ gdm_session_authenticate (GdmSession *se + conversation = find_conversation_by_name (self, service_name); + if (conversation != NULL) { + gdm_dbus_worker_call_authenticate (conversation->worker_proxy, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_authenticate_cb, + conversation); + } +@@ -2199,7 +2226,7 @@ gdm_session_authorize (GdmSession *self, + conversation = find_conversation_by_name (self, service_name); + if (conversation != NULL) { + gdm_dbus_worker_call_authorize (conversation->worker_proxy, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_authorize_cb, + conversation); + } +@@ -2216,7 +2243,7 @@ gdm_session_accredit (GdmSession *self, + conversation = find_conversation_by_name (self, service_name); + if (conversation != NULL) { + gdm_dbus_worker_call_establish_credentials (conversation->worker_proxy, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_establish_credentials_cb, + conversation); + } +@@ -2230,7 +2257,8 @@ send_environment_variable (const char + { + gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy, + key, value, +- NULL, NULL, NULL); ++ conversation->worker_cancellable, ++ NULL, NULL); + } + + static void +@@ -2418,7 +2446,8 @@ send_display_mode (GdmSession *self, + mode = gdm_session_get_display_mode (self); + gdm_dbus_worker_call_set_session_display_mode (conversation->worker_proxy, + gdm_session_display_mode_to_string (mode), +- NULL, NULL, NULL); ++ conversation->worker_cancellable, ++ NULL, NULL); + } + + static void +@@ -2434,7 +2463,8 @@ send_session_type (GdmSession *self, + gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy, + "XDG_SESSION_TYPE", + session_type, +- NULL, NULL, NULL); ++ conversation->worker_cancellable, ++ NULL, NULL); + } + + void +@@ -2452,7 +2482,7 @@ gdm_session_open_session (GdmSession *se + send_session_type (self, conversation); + + gdm_dbus_worker_call_open (conversation->worker_proxy, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_opened, conversation); + } + } +@@ -2638,7 +2668,7 @@ gdm_session_start_session (GdmSession *s + + gdm_dbus_worker_call_start_program (conversation->worker_proxy, + program, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_start_program_cb, + conversation); + g_free (program); +@@ -2770,7 +2800,7 @@ gdm_session_start_reauthentication (GdmS + gdm_dbus_worker_call_start_reauthentication (conversation->worker_proxy, + (int) pid_of_caller, + (int) uid_of_caller, +- NULL, ++ conversation->worker_cancellable, + (GAsyncReadyCallback) on_reauthentication_started_cb, + conversation); + } +@@ -3032,7 +3062,8 @@ gdm_session_select_session (GdmSession * + + gdm_dbus_worker_call_set_session_name (conversation->worker_proxy, + get_session_name (self), +- NULL, NULL, NULL); ++ conversation->worker_cancellable, ++ NULL, NULL); + } + } +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511181628.tAIGSHSN079969>