diff -u unity-7.2.2+14.04.20140714/debian/changelog unity-7.2.2+14.04.20140714/debian/changelog --- unity-7.2.2+14.04.20140714/debian/changelog +++ unity-7.2.2+14.04.20140714/debian/changelog @@ -1,3 +1,13 @@ +unity (7.2.2+14.04.20140714-0ubuntu1.1) trusty-security; urgency=medium + + * SECURITY UPDATE: more screen locking fixes (LP: #1349128) + - debian/patches/lp1349128.patch: flush after ungrabbing the keyboard + in unity-shared/PluginAdapter.cpp, add GrabScreen() function that + retries to lockscreen/LockScreenController.cpp, + lockscreen/LockScreenShield.cpp, lockscreen/LockScreenShield.h. + + -- Marc Deslauriers Wed, 30 Jul 2014 15:13:41 -0400 + unity (7.2.2+14.04.20140714-0ubuntu1) trusty; urgency=medium [ Alfred Neumayer ] only in patch2: unchanged: --- unity-7.2.2+14.04.20140714.orig/debian/patches/lp1349128.patch +++ unity-7.2.2+14.04.20140714/debian/patches/lp1349128.patch @@ -0,0 +1,164 @@ +Description: fix more screen locking issues +Origin: upstream, http://bazaar.launchpad.net/~3v1n0/unity/lockscreen-shield-regrab/revision/3845 +Origin: upstream, http://bazaar.launchpad.net/~3v1n0/unity/lockscreen-shield-regrab/revision/3846 +Origin: upstream, http://bazaar.launchpad.net/~3v1n0/unity/lockscreen-shield-regrab/revision/3847 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1349128 + +Index: unity-7.2.2+14.04.20140714/lockscreen/LockScreenController.cpp +=================================================================== +--- unity-7.2.2+14.04.20140714.orig/lockscreen/LockScreenController.cpp 2014-07-14 10:30:31.000000000 -0400 ++++ unity-7.2.2+14.04.20140714/lockscreen/LockScreenController.cpp 2014-07-30 15:13:14.677682810 -0400 +@@ -45,9 +45,9 @@ + bool AcceptKeyNavFocus() override { return true; } + bool InspectKeyEvent(unsigned int, unsigned int, const char*) override { return true; }; + }; +-} + + DECLARE_LOGGER(logger, "unity.lockscreen"); ++} + + Controller::Controller(DBusManager::Ptr const& dbus_manager, + session::Manager::Ptr const& session_manager, +Index: unity-7.2.2+14.04.20140714/lockscreen/LockScreenShield.cpp +=================================================================== +--- unity-7.2.2+14.04.20140714.orig/lockscreen/LockScreenShield.cpp 2014-07-14 10:30:31.000000000 -0400 ++++ unity-7.2.2+14.04.20140714/lockscreen/LockScreenShield.cpp 2014-07-30 15:13:17.505682826 -0400 +@@ -19,6 +19,7 @@ + + #include "LockScreenShield.h" + ++#include + #include + #include + #include +@@ -35,6 +36,10 @@ + { + namespace lockscreen + { ++namespace ++{ ++DECLARE_LOGGER(logger, "unity.lockscreen.shield"); ++} + + Shield::Shield(session::Manager::Ptr const& session_manager, indicator::Indicators::Ptr const& indicators, Accelerators::Ptr const& accelerators, int monitor_num, bool is_primary) + : AbstractShield(session_manager, indicators, accelerators, monitor_num, is_primary) +@@ -56,12 +61,7 @@ + }); + + primary.changed.connect([this] (bool is_primary) { +- if (!is_primary) +- { +- UnGrabPointer(); +- UnGrabKeyboard(); +- } +- ++ regrab_conn_->disconnect(); + is_primary ? ShowPrimaryView() : ShowSecondaryView(); + if (panel_view_) panel_view_->SetInputEventSensitivity(is_primary); + QueueRelayout(); +@@ -86,17 +86,41 @@ + } + } + +-void Shield::ShowPrimaryView() ++void Shield::GrabScreen(bool cancel_on_failure) + { +- GrabPointer(); +- GrabKeyboard(); ++ auto& wc = nux::GetWindowCompositor(); ++ ++ if (wc.GrabPointerAdd(this) && wc.GrabKeyboardAdd(this)) ++ { ++ regrab_conn_->disconnect(); ++ regrab_timeout_.reset(); ++ } ++ else ++ { ++ auto const& retry_cb = sigc::bind(sigc::mem_fun(this, &Shield::GrabScreen), false); ++ regrab_conn_ = WindowManager::Default().screen_ungrabbed.connect(retry_cb); + ++ if (cancel_on_failure) ++ { ++ regrab_timeout_.reset(new glib::Timeout(50, [this] { ++ LOG_ERROR(logger) << "Impossible to get the grab to lock the screen"; ++ session_manager_->unlock_requested.emit(); ++ return false; ++ })); ++ } ++ } ++} ++ ++void Shield::ShowPrimaryView() ++{ + if (primary_layout_) + { ++ GrabScreen(false); + SetLayout(primary_layout_.GetPointer()); + return; + } + ++ GrabScreen(true); + nux::Layout* main_layout = new nux::VLayout(); + primary_layout_ = main_layout; + SetLayout(primary_layout_.GetPointer()); +@@ -149,19 +173,7 @@ + } + else + { +- auto& wc = nux::GetWindowCompositor(); +- +- if (!wc.GrabPointerAdd(this) || !wc.GrabKeyboardAdd(this)) +- { +- regrab_conn_ = WindowManager::Default().screen_ungrabbed.connect([this] { +- if (primary()) +- { +- GrabPointer(); +- GrabKeyboard(); +- } +- regrab_conn_->disconnect(); +- }); +- } ++ GrabScreen(false); + } + } + }); +Index: unity-7.2.2+14.04.20140714/lockscreen/LockScreenShield.h +=================================================================== +--- unity-7.2.2+14.04.20140714.orig/lockscreen/LockScreenShield.h 2014-07-14 10:30:31.000000000 -0400 ++++ unity-7.2.2+14.04.20140714/lockscreen/LockScreenShield.h 2014-07-30 15:13:14.677682810 -0400 +@@ -21,6 +21,7 @@ + #define UNITY_LOCKSCREEN_SHIELD_H + + #include ++#include + #include "LockScreenAbstractShield.h" + + namespace unity +@@ -48,6 +49,7 @@ + + private: + void UpdateBackgroundTexture(); ++ void GrabScreen(bool cancel_on_failure); + void ShowPrimaryView(); + void ShowSecondaryView(); + Panel* CreatePanel(); +@@ -59,6 +61,7 @@ + nux::ObjectPtr cof_layout_; + connection::Wrapper panel_active_conn_; + connection::Wrapper regrab_conn_; ++ glib::Source::UniquePtr regrab_timeout_; + UserPromptView* prompt_view_; + Panel* panel_view_; + }; +Index: unity-7.2.2+14.04.20140714/unity-shared/PluginAdapter.cpp +=================================================================== +--- unity-7.2.2+14.04.20140714.orig/unity-shared/PluginAdapter.cpp 2014-07-14 10:30:31.000000000 -0400 ++++ unity-7.2.2+14.04.20140714/unity-shared/PluginAdapter.cpp 2014-07-30 15:13:11.953682795 -0400 +@@ -1254,6 +1254,7 @@ + if (ret == GrabSuccess) + { + XUngrabKeyboard(dpy, CurrentTime); ++ XFlush(dpy); + + if (CompWindow* w = m_Screen->findWindow(m_Screen->activeWindow())) + w->moveInputFocusTo(); only in patch2: unchanged: --- unity-7.2.2+14.04.20140714.orig/debian/patches/series +++ unity-7.2.2+14.04.20140714/debian/patches/series @@ -0,0 +1 @@ +lp1349128.patch