import gnome-shell-40.10-13.el9

1 year ago · 0476ff43e8
parent adab58cd28
commit 0476ff43e8
2 changed files with 106 additions and 1 deletions
--- a/SOURCES/0001-authPrompt-Disregard-smartcard-status-changes-events.patch
+++ b/SOURCES/0001-authPrompt-Disregard-smartcard-status-changes-events.patch
@ -0,0 +1,100 @@
+From ec802e39a5dfb252e2d18b8cb95f713724180565 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Mon, 15 May 2023 10:48:15 -0400
+Subject: [PATCH] authPrompt: Disregard smartcard status changes events if
+ VERIFICATION_IN_PROGRESS
+
+commit c8bb45b41c3a13ef161103f649aa18938e028a70 introduced a new
+verification state, VERIFICATION_IN_PROGRESS, to detect when the user
+has already interacted with the authentication service, so the auth
+prompt can rate limit the number of times the user can cancel
+authentication attempts with the escape key (without also rate limiting
+the number of times they hit escape to go back to the clock without
+interacting with the authentication service).
+
+That means there are now two states that represent the
+user actively undergoing verification: VERIFYING and
+VERIFICATION_IN_PROGRESS.
+
+It's inappropriate to reset the smartcard service if the user is
+actively conversing with it. We try to check for that by looking at the
+original verification state, VERIFYING, but we unfortunately, neglected
+to account for the new VERIFICATION_IN_PROGRESS state.
+
+This commit fixes that oversight, and allows users to again pre-type
+their smartcard pin at the clock before inserting their smartcard.
+---
+ js/gdm/authPrompt.js | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index 4da91e096..e961f396e 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -327,61 +327,62 @@ var AuthPrompt = GObject.registerClass({
+     _onShowChoiceList(userVerifier, serviceName, promptMessage, choiceList) {
+         if (this._queryingService)
+             this.clear();
+ 
+         this._queryingService = serviceName;
+ 
+         if (this._preemptiveAnswer)
+             this._preemptiveAnswer = null;
+ 
+         this.setChoiceList(promptMessage, choiceList);
+         this.updateSensitivity(true);
+         this.emit('prompted');
+     }
+ 
+     _onCredentialManagerAuthenticated() {
+         if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
+             this.reset();
+     }
+ 
+     _onSmartcardStatusChanged() {
+         this.smartcardDetected = this._userVerifier.smartcardDetected;
+ 
+         // Most of the time we want to reset if the user inserts or removes
+         // a smartcard. Smartcard insertion "preempts" what the user was
+         // doing, and smartcard removal aborts the preemption.
+         // The exceptions are: 1) Don't reset on smartcard insertion if we're already verifying
+         //                        with a smartcard
+         //                     2) Don't reset if we've already succeeded at verification and
+         //                        the user is getting logged in.
+         if (this._userVerifier.serviceIsDefault(GdmUtil.SMARTCARD_SERVICE_NAME) &&
+-            this.verificationStatus == AuthPromptStatus.VERIFYING &&
+            (this.verificationStatus === AuthPromptStatus.VERIFYING ||
+             this.verificationStatus === AuthPromptStatus.VERIFICATION_IN_PROGRESS) &&
+             this.smartcardDetected)
+             return;
+ 
+         if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
+             this.reset();
+     }
+ 
+     _onShowMessage(_userVerifier, serviceName, message, type) {
+         this.setMessage(serviceName, message, type);
+         this.emit('prompted');
+     }
+ 
+     _onVerificationFailed(userVerifier, serviceName, canRetry) {
+         const wasQueryingService = this._queryingService === serviceName;
+ 
+         if (wasQueryingService) {
+             this._queryingService = null;
+             this.clear();
+         }
+ 
+         this.updateSensitivity(canRetry);
+         this.setActorInDefaultButtonWell(null);
+ 
+         if (!canRetry)
+             this.verificationStatus = AuthPromptStatus.VERIFICATION_FAILED;
+ 
+         if (wasQueryingService)
+             Util.wiggle(this._entry);
+     }
+ 
+-- 
+2.39.1
+
--- a/SPECS/gnome-shell.spec
+++ b/SPECS/gnome-shell.spec
@ -2,7 +2,7 @@

 Name:           gnome-shell
 Version:        40.10
-Release:        12%{?dist}
+Release:        13%{?dist}
 Summary:        Window management and application launching for GNOME

 License:        GPLv2+
@ -27,6 +27,7 @@ Patch14: support-choicelist-extension.patch
 Patch15: gdm-networking.patch
 Patch16: login-screen-extensions.patch
 Patch17: fix-resetting-auth-prompt.patch
+Patch18: 0001-authPrompt-Disregard-smartcard-status-changes-events.patch

 # Misc.
 Patch30: 0001-panel-add-an-icon-to-the-ActivitiesButton.patch
@ -274,6 +275,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/evolution-calendar.de
 %{_mandir}/man1/gnome-shell.1*

 %changelog
+* Mon May 15 2023 Ray Strode <rstrode@redhat.com> - 40.10-13
+- Don't reset smartcard conversation twice when smartcard is inserted.
+  Resolves: #2140898
+
 * Wed Feb 22 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-12
 - Require xdg-desktop-portal-gnome
  Resolves: #2172524