Florian Müllner · Florian Müllner · Florian Müllner · Florian Müllner · Florian Müllner · Florian Müllner
--- a/NEWS
+++ b/NEWS
+3.38.3
+======
+* Fix disappearing app grid [Georges; !1532]
+* Fix screenshots of unredirected fullscreen windows on X11
+  [Jonas, LuK1337; !1536, !1552]
+* Fix storing VPN secrets [Sebastian; !1535]
+* Fix glitches in overview transitions [Jonas, Ivan; !1564, !1550]
+* Improve login screen accessibility [Mike; !1567]
+* Fixed crashes [Jonas; !1540]
+* Misc. bug fixes and cleanups [Florian, Jonas, Ivan;
+  !1530, !1531, !1541, !1548, !1551]
+
+Contributors:
+  Jonas Ådahl, Mike Gerow, Sebastian Keller, LuK1337, Ivan Molodetskikh,
+  Florian Müllner, Georges Basile Stavracas Neto
+
+Translators:
+  Florentina Mușat [ro], Kjartan Maraas [nb]
+
 3.38.2
 ======
 * Handle @content properties in ease() functions [Andre; !1461]

--- a/data/theme/gnome-shell-sass/widgets/_app-grid.scss
+++ b/data/theme/gnome-shell-sass/widgets/_app-grid.scss
@@ -8,10 +8,6 @@ $app_icon_size: 96px;
  column-spacing: $base_spacing * 6;
  max-row-spacing: $base_spacing * 12;
  max-column-spacing: $base_spacing * 12;
-  page-padding-top: $base_padding * 6;
-  page-padding-bottom: $base_padding * 6;
-  page-padding-left: $base_padding * 6;
-  page-padding-right: $base_padding * 6;
 }

 /* App Icons */
@@ -75,10 +71,6 @@ $app_grid_fg_color: #fff;
  & .icon-grid {
    row-spacing: $base_spacing * 2;
    column-spacing: $base_spacing * 5;
-    page-padding-top: 0;
-    page-padding-bottom: 0;
-    page-padding-left: 0;
-    page-padding-right: 0;
  }

  & .page-indicators {

--- a/debian/changelog
+++ b/debian/changelog
+gnome-shell (3.38.3-2ubuntu0.20.10.1) groovy; urgency=medium
+
+  * Merge with debian, containing new upstream release (LP: #1915089)
+  * debian/patches: Correctly handle login cancellation and failures.
+    Ensure the GDM workers are terminated before restarting a new auth
+    request, allowing fingerprint authentication to be restarted.
+    (LP: #1915066)
+  * debian/patches: Show errors on fingerprint failures and limit retries.
+    (LP: #1865838)
+
+ -- Marco Trevisan (Treviño) <marco@ubuntu.com>  Tue, 09 Feb 2021 05:18:25 +0100
+
+gnome-shell (3.38.3-2) unstable; urgency=medium
+
+  * Team upload
+  * d/patches: Update to 3.38.3-3-ge3dc4401d from gnome-3-38 branch
+    - Fix opening Extensions app from notification
+    - Fix workspace layout in right-to-left locales
+    - Don't break window focusing if trying to take an area screenshot while
+      an application such as a game has an X11 grab (LP: #1910235)
+
+ -- Simon McVittie <smcv@debian.org>  Thu, 04 Feb 2021 10:27:05 +0000
+
+gnome-shell (3.38.3-1) unstable; urgency=medium
+
+  * Team upload
+  * d/watch: Only watch for 3.38.x versions
+  * New upstream release
+
+ -- Simon McVittie <smcv@debian.org>  Thu, 14 Jan 2021 20:13:26 +0000
+
 gnome-shell (3.38.2-1ubuntu1~20.10.1) groovy; urgency=medium

  * No-change backport to groovy

--- a/debian/patches/Revert-appDisplay-baseAppView-Cleanup-animate.patch
+++ b/debian/patches/Revert-appDisplay-baseAppView-Cleanup-animate.patch
-From: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
-Date: Fri, 11 Dec 2020 12:55:23 -0300
-Subject: Revert "appDisplay/baseAppView: Cleanup animate()"
-
-This reverts commit cd8269185. It turns out this seemingly
-harmless cleanup introduced a regression:
-
- * Open overview
- * Press Meta+A twice
- * Close overview
- * Press Meta+A
- * Enjoy an invisible grid
-
-Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3451
-
-Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1532>
-(cherry picked from commit 99b78d3ee85787e7820484212c5f6a40b9ba1ea9)
-
-Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/7dc390f4
---
- js/ui/appDisplay.js | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/js/ui/appDisplay.js b/js/ui/appDisplay.js
-index 7850c4a..004be08 100644
--- a/js/ui/appDisplay.js
-+++ b/js/ui/appDisplay.js
-@@ -661,6 +661,7 @@ var BaseAppView = GObject.registerClass({
-     }
- 
-     _doSpringAnimation(animationDirection) {
-+        this._grid.opacity = 255;
-         this._grid.animateSpring(
-             animationDirection,
-             Main.overview.dash.showAppsButton);
-@@ -678,16 +679,15 @@ var BaseAppView = GObject.registerClass({
-     }
- 
-     animate(animationDirection, onComplete) {
-        const animationDoneId = this._grid.connect('animation-done', () => {
-            this._grid.disconnect(animationDoneId);
-            this._grid.opacity =
-                animationDirection === IconGrid.AnimationDirection.IN
-                    ? 255 : 0;
-            if (onComplete)
-+        if (onComplete) {
-+            let animationDoneId = this._grid.connect('animation-done', () => {
-+                this._grid.disconnect(animationDoneId);
-                 onComplete();
-        });
-+            });
-+        }
- 
-         this._clearAnimateLater();
-+        this._grid.opacity = 255;
- 
-         if (animationDirection == IconGrid.AnimationDirection.IN) {
-             const doSpringAnimationLater = laterType => {
-@@ -699,18 +699,18 @@ var BaseAppView = GObject.registerClass({
-                     });
-             };
- 
-            this._grid.opacity = 0;
-             if (this._viewIsReady) {
-+                this._grid.opacity = 0;
-                 doSpringAnimationLater(Meta.LaterType.IDLE);
-             } else {
-                 this._viewLoadedHandlerId = this.connect('view-loaded',
-                     () => {
-                         this._clearAnimateLater();
-+                        this._grid.opacity = 255;
-                         doSpringAnimationLater(Meta.LaterType.BEFORE_REDRAW);
-                     });
-             }
-         } else {
-            this._grid.opacity = 255;
-             this._doSpringAnimation(animationDirection);
-         }
-     }
--- a/debian/patches/ShellUserVerifier-Add-method-to-check-if-the-service-name.patch
+++ b/debian/patches/ShellUserVerifier-Add-method-to-check-if-the-service-name.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 8 Feb 2021 17:07:45 +0100
+Subject: ShellUserVerifier: Add method to check if the service name is
+ fingerprint
+
+We have multiple places where we check if we're handling a fingerprint
+event, so let's add a common public function so that it can be used also
+by the authPrompt.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/util.js | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index 90dfd64..aa5cb83 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -426,6 +426,11 @@ var ShellUserVerifier = class {
+         return serviceName == this._defaultService;
+     }
+ 
+    serviceIsFingerprint(serviceName) {
+        return this._haveFingerprintReader &&
+            serviceName === FINGERPRINT_SERVICE_NAME;
+    }
+
+     _updateDefaultService() {
+         if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
+             this._defaultService = PASSWORD_SERVICE_NAME;
+@@ -476,8 +481,7 @@ var ShellUserVerifier = class {
+     _onInfo(client, serviceName, info) {
+         if (this.serviceIsForeground(serviceName)) {
+             this._queueMessage(info, MessageType.INFO);
+-        } else if (serviceName == FINGERPRINT_SERVICE_NAME &&
+-            this._haveFingerprintReader) {
+        } else if (this.serviceIsFingerprint(serviceName)) {
+             // We don't show fingerprint messages directly since it's
+             // not the main auth service. Instead we use the messages
+             // as a cue to display our own message.
--- a/debian/patches/authPrompt-Bump-the-user-verifier-timeout-when-wiggling-t.patch
+++ b/debian/patches/authPrompt-Bump-the-user-verifier-timeout-when-wiggling-t.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 8 Feb 2021 19:34:09 +0100
+Subject: authPrompt: Bump the user verifier timeout when wiggling the message
+
+Wiggle may make the error message to be visible for less time so provide
+the auth prompt an API to increase the timeout to be used for showing a
+message in some cases.
+
+This could be reworked when we'll have a proper asyn wiggle function so
+that we could just make the user verifier to "freeze", then await for
+the wiggle transition to complete and eventually release the verifier.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/authPrompt.js | 12 ++++++++++--
+ js/gdm/util.js       |  8 +++++++-
+ 2 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index f11de1d..e747e16 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -428,8 +428,16 @@ var AuthPrompt = GObject.registerClass({
+         }
+ 
+         if (type === GdmUtil.MessageType.ERROR &&
+-            this._userVerifier.serviceIsFingerprint(serviceName))
+-            Util.wiggle(this._message);
+            this._userVerifier.serviceIsFingerprint(serviceName)) {
+            // TODO: Use Await for wiggle to be over before unfreezing the user verifier queue
+            const wiggleParameters = {
+                duration: 65,
+                wiggleCount: 3,
+            };
+            this._userVerifier.bumpMessageTimeout(
+                wiggleParameters.duration * (wiggleParameters.wiggleCount + 2));
+            Util.wiggle(this._message, wiggleParameters);
+        }
+     }
+ 
+     updateSensitivity(sensitive) {
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index cff4e1f..f56ed1c 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -267,6 +267,11 @@ var ShellUserVerifier = class {
+         this.emit('no-more-messages');
+     }
+ 
+    bumpMessageTimeout(interval) {
+        if (!this._messageQueueTimeoutId)
+            this._messageQueueTimeoutBump = interval;
+    }
+
+     _queueMessageTimeout() {
+         if (this._messageQueue.length == 0) {
+             this.finishMessageQueue();
+@@ -278,10 +283,11 @@ var ShellUserVerifier = class {
+ 
+         let message = this._messageQueue.shift();
+ 
+        delete this._messageQueueTimeoutBump;
+         this.emit('show-message', message.serviceName, message.text, message.type);
+ 
+         this._messageQueueTimeoutId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
+-                                                       message.interval,
+            message.interval + (this._messageQueueTimeoutBump | 0),
+                                                        () => {
+                                                            this._messageQueueTimeoutId = 0;
+                                                            this._queueMessageTimeout();
--- a/debian/patches/authPrompt-Don-t-begin-a-new-authentication-session-on-lo.patch
+++ b/debian/patches/authPrompt-Don-t-begin-a-new-authentication-session-on-lo.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Sat, 30 Jan 2021 04:18:32 +0100
+Subject: authPrompt: Don't begin a new authentication session on lockscreen
+ cancel event
+
+When a cancel event in the user lockscreen happens we first emit a reset
+signal and immediately a cancelled one.
+
+This lead to start a new gdm worker for each enabled authentication
+method and then immediately to stop it.
+As per the previous commit, we don't have anymore dangling gdm workers
+around, but still we should not even start a new one in such case.
+
+So, when the user explicitly cancelled the authentication session, first
+emit a cancelled event and only emit a reset event with a begin request
+if we are outside the lockscreen.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1915066
+---
+ js/gdm/authPrompt.js | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index 4934290..43798b3 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -29,6 +29,7 @@ var AuthPromptStatus = {
+     VERIFYING: 1,
+     VERIFICATION_FAILED: 2,
+     VERIFICATION_SUCCEEDED: 3,
+    VERIFICATION_CANCELLED: 4,
+ };
+ 
+ var BeginRequestType = {
+@@ -479,12 +480,16 @@ var AuthPrompt = GObject.registerClass({
+ 
+         if (oldStatus == AuthPromptStatus.VERIFICATION_FAILED)
+             this.emit('failed');
+        else if (oldStatus === AuthPromptStatus.VERIFICATION_CANCELLED)
+            this.emit('cancelled');
+ 
+         let beginRequestType;
+ 
+         if (this._mode == AuthPromptMode.UNLOCK_ONLY) {
+             // The user is constant at the unlock screen, so it will immediately
+             // respond to the request with the username
+            if (oldStatus === AuthPromptStatus.VERIFICATION_CANCELLED)
+                return;
+             beginRequestType = BeginRequestType.PROVIDE_USERNAME;
+         } else if (this._userVerifier.serviceIsForeground(OVirt.SERVICE_NAME) ||
+                    this._userVerifier.serviceIsForeground(Vmware.SERVICE_NAME) ||
+@@ -540,7 +545,7 @@ var AuthPrompt = GObject.registerClass({
+         if (this.verificationStatus == AuthPromptStatus.VERIFICATION_SUCCEEDED)
+             return;
+ 
+        this.verificationStatus = AuthPromptStatus.VERIFICATION_CANCELLED;
+         this.reset();
+-        this.emit('cancelled');
+     }
+ });
--- a/debian/patches/authPrompt-Only-wiggle-the-entry-on-failures-coming-from-.patch
+++ b/debian/patches/authPrompt-Only-wiggle-the-entry-on-failures-coming-from-.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 1 Feb 2021 19:39:03 +0100
+Subject: authPrompt: Only wiggle the entry on failures coming from the
+ querying service
+
+Currently whenever an authentication failure happens we wiggle the
+entry, however this may not be related to the service which failed.
+
+For example if the fingerprint authentication failed for whatever reason,
+there's no point to wiggle the text input as it's something unrelated to it.
+
+So, only apply the wiggle effect to the entry in case the failure is
+coming from the querying service.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/authPrompt.js | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index c5d6462..6f3c2f0 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -275,6 +275,7 @@ var AuthPrompt = GObject.registerClass({
+     }
+ 
+     _onVerificationFailed(userVerifier, serviceName, canRetry) {
+        const wasQueryingService = this._queryingService === serviceName;
+         this._queryingService = null;
+         this.clear();
+ 
+@@ -282,7 +283,8 @@ var AuthPrompt = GObject.registerClass({
+         this.setActorInDefaultButtonWell(null);
+         this.verificationStatus = AuthPromptStatus.VERIFICATION_FAILED;
+ 
+-        Util.wiggle(this._entry);
+        if (wasQueryingService)
+            Util.wiggle(this._entry);
+     }
+ 
+     _onVerificationComplete() {
--- a/debian/patches/authPrompt-Wiggle-error-messages-coming-from-the-Fingerpr.patch
+++ b/debian/patches/authPrompt-Wiggle-error-messages-coming-from-the-Fingerpr.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 1 Feb 2021 19:44:00 +0100
+Subject: authPrompt: Wiggle error messages coming from the Fingerprint
+ service
+
+When error messages are coming from the fingerprint service they are actual
+failures due to an user input in some device, in so in such case we
+can highlight this by using a wiggle effect.
+
+This mimics what has been done in gnome-control-center fingerprint panel
+and part of [1].
+
+[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/authPrompt.js | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index 6f3c2f0..f11de1d 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -426,6 +426,10 @@ var AuthPrompt = GObject.registerClass({
+         } else {
+             this._message.opacity = 0;
+         }
+
+        if (type === GdmUtil.MessageType.ERROR &&
+            this._userVerifier.serviceIsFingerprint(serviceName))
+            Util.wiggle(this._message);
+     }
+ 
+     updateSensitivity(sensitive) {
--- a/debian/patches/extensionSystem-Fix-opening-Extensions-app-from-notificat.patch
+++ b/debian/patches/extensionSystem-Fix-opening-Extensions-app-from-notificat.patch
+From: =?utf-8?q?Florian_M=C3=BCllner?= <fmuellner@gnome.org>
+Date: Tue, 26 Jan 2021 17:12:04 +0100
+Subject: extensionSystem: Fix opening Extensions app from notification
+
+Launching the app is implemented by the source's open() method, but
+only external notifications are hooked up to call into the source
+when no default action was provided.
+
+Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1595>
+(cherry picked from commit ddc2e0f4cb0046eac46a8ca7ddf53c39e386c3e4)
+Origin: upstream, 3.38.4, commit:0657309ccd5517cc19fa4ae8741cde9db655aced
+---
+ js/ui/extensionSystem.js | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
+index 41ef98d..6b624fc 100644
+--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
+@@ -252,6 +252,8 @@ var ExtensionManager = class {
+             let notification = new MessageTray.Notification(source,
+                 _('Extension Updates Available'),
+                 _('Extension updates are ready to be installed.'));
+            notification.connect('activated',
+                () => source.open());
+             source.showNotification(notification);
+         }
+     }
--- a/debian/patches/gdm-Always-show-fingerprint-error-messages.patch
+++ b/debian/patches/gdm-Always-show-fingerprint-error-messages.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Tue, 24 Nov 2020 19:19:22 +0100
+Subject: gdm: Always show fingerprint error messages
+
+When the login/lock screen is shown the error messages for background
+services are always ignored.
+
+However, in case the service is the fingerprint authentication method
+we still want to be able to show error messages to inform the user
+about what failed, and eventually that the max retries (that may be
+different from the login screen configuration) has been reached.
+
+This handles partially the design issue [1] related to the login/lock
+screen fingerprint authentication.
+
+Eventually we want to use pam extensions to use clearer and parse-able
+messages, however in the case of the fingerprint service we can be sure
+that the fprint PAM module will only send errors on auth failures.
+
+[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/util.js | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index aa5cb83..5f142f8 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -493,7 +493,9 @@ var ShellUserVerifier = class {
+     }
+ 
+     _onProblem(client, serviceName, problem) {
+-        if (!this.serviceIsForeground(serviceName))
+        const isFingerprint = this.serviceIsFingerprint(serviceName);
+
+        if (!this.serviceIsForeground(serviceName) && !isFingerprint)
+             return;
+ 
+         this._queueMessage(problem, MessageType.ERROR);
--- a/debian/patches/gdm-Cancel-user-verification-on-UserVerifier-destruction.patch
+++ b/debian/patches/gdm-Cancel-user-verification-on-UserVerifier-destruction.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Sat, 30 Jan 2021 01:53:59 +0100
+Subject: gdm: Cancel user verification on UserVerifier destruction
+
+When we cancel an user authentication via Escape key or cancel button on
+AuthPrompt we reset the view and we emit a 'cancelled' signal that leads
+to destroying the auth prompt and the user verifier.
+
+However, the verifier may still have an operation in progress and its
+completion may take some time (as in the case of gdm-fingerprint), but
+we just leave the gdm worker running until its pam module completes
+(potentially never) clearing and disposing its handle.
+
+So, instead of just clearing the verify, actually cancel and clear it.
+In case the user verifier is set, clearing the relevant data will happen
+anyway as part of the cancel() call.
+
+Ideally this would have been handled by gdm itself, but unfortunately we
+can't fix it there because the verifier itself is a class generated by
+gdbus-codegen, so we can't handle this automatically on disposal nor we
+can automatically monitor when the caller proxy is stopped on our side.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3654
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1915066
+---
+ js/gdm/util.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index af13574..1e9d149 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -220,7 +220,7 @@ var ShellUserVerifier = class {
+     }
+ 
+     destroy() {
+-        this.clear();
+        this.cancel();
+ 
+         this._settings.run_dispose();
+         this._settings = null;
--- a/debian/patches/gdm-Count-fingerprint-authentication-failures-in-fail-cou.patch
+++ b/debian/patches/gdm-Count-fingerprint-authentication-failures-in-fail-cou.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 1 Feb 2021 18:40:03 +0100
+Subject: gdm: Count fingerprint authentication failures in fail counter
+
+Fingerprint PAM module can have multiple failures during a runtime
+and we rely on the pam module configuration for the maximum allowed
+retries.
+
+However, while that setting should be always followed, we should never
+ignore the login-screen's allowed-failures setting that can provide
+a lower value.
+
+So, once we have a fingerprint failure let's count it to increase our
+internal fail counter, and when we've reached the limit we can emit a
+verification-failed signal to our clients.
+
+As per this we need also to ignore any further 'info' messages that we
+could receive from the fingerprint service, as it may be configured to
+handle more retries than us and they might arrive before we have
+cancelled the verification session.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/util.js | 21 +++++++++++++++++----
+ 1 file changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index e774f5f..e8457f6 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -176,6 +176,10 @@ var ShellUserVerifier = class {
+         }
+     }
+ 
+    get allowedFailures() {
+        return this._settings.get_int(ALLOWED_FAILURES_KEY);
+    }
+
+     begin(userName, hold) {
+         this._cancellable = new Gio.Cancellable();
+         this._hold = hold;
+@@ -482,7 +486,7 @@ var ShellUserVerifier = class {
+     _onInfo(client, serviceName, info) {
+         if (this.serviceIsForeground(serviceName)) {
+             this._queueMessage(info, MessageType.INFO);
+-        } else if (this.serviceIsFingerprint(serviceName)) {
+        } else if (this.serviceIsFingerprint(serviceName) && this._canRetry()) {
+             // We don't show fingerprint messages directly since it's
+             // not the main auth service. Instead we use the messages
+             // as a cue to display our own message.
+@@ -500,6 +504,12 @@ var ShellUserVerifier = class {
+             return;
+ 
+         this._queueMessage(problem, MessageType.ERROR);
+        if (isFingerprint) {
+            this._failCounter++;
+
+            if (!this._canRetry())
+                this._verificationFailed(false);
+        }
+     }
+ 
+     _onInfoQuery(client, serviceName, question) {
+@@ -547,15 +557,18 @@ var ShellUserVerifier = class {
+         this.begin(this._userName, new Batch.Hold());
+     }
+ 
+    _canRetry() {
+        return this._userName &&
+            (this._reauthOnly || this._failCounter < this.allowedFailures);
+    }
+
+     _verificationFailed(retry) {
+         // For Not Listed / enterprise logins, immediately reset
+         // the dialog
+         // Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
+         // After that, we go back to the welcome screen.
+ 
+-        let canRetry = retry && this._userName &&
+-            (this._reauthOnly ||
+-             this._failCounter < this._settings.get_int(ALLOWED_FAILURES_KEY));
+        const canRetry = retry && this._canRetry();
+ 
+         if (canRetry) {
+             if (!this.hasPendingMessages) {
--- a/debian/patches/gdm-Do-not-fail-the-whole-authentication-if-a-background-.patch
+++ b/debian/patches/gdm-Do-not-fail-the-whole-authentication-if-a-background-.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Tue, 2 Feb 2021 16:30:11 +0100
+Subject: gdm: Do not fail the whole authentication if a background service
+ failed
+
+In case a background service such as the fingerprint authentication
+fails to start we'd just mark the whole authentication process as
+failed.
+
+Currently this may happen by just putting a wrong password when an user
+has some fingerprints enrolled, the fingerprint gdm authentication
+worker may take some time to restart leading to a failure and this is
+currently also making the password authentication to fail:
+
+    JS ERROR: Failed to start gdm-fingerprint for u: Gio.DBusError:
+        GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed:
+            Could not create authentication helper process
+        _promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:435:45
+        ### Promise created here: ###
+        _startService@resource:///org/gnome/shell/gdm/util.js:470:42
+        _beginVerification@resource:///org/gnome/shell/gdm/util.js:495:18
+        _getUserVerifier@resource:///org/gnome/shell/gdm/util.js:405:14
+        async*_openReauthenticationChannel@resource:///org/gnome/shell/gdm/util.js:378:22
+        async*begin@resource:///org/gnome/shell/gdm/util.js:194:18
+        _retry@resource:///org/gnome/shell/gdm/util.js:561:14
+        _verificationFailed/signalId<@resource:///org/gnome/shell/gdm/util.js:584:30
+        _emit@resource:///org/gnome/gjs/modules/core/_signals.js:133:47
+        finishMessageQueue@resource:///org/gnome/shell/gdm/util.js:268:14
+        _queueMessageTimeout@resource:///org/gnome/shell/gdm/util.js:273:18
+        _queueMessageTimeout/this._messageQueueTimeoutId<@resource:///org/gnome/shell/gdm/util.js:288:65
+
+Given that background services are ignored even for queries or any kind
+of message, we should not fail the authentication request unless the
+default service fails.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1915066
+---
+ js/gdm/util.js | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index 92a05c7..b40bc23 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -453,6 +453,11 @@ var ShellUserVerifier = class {
+         } catch (e) {
+             if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
+                 return;
+            if (!this.serviceIsForeground(serviceName)) {
+                logError(e, 'Failed to start %s for %s'.format(serviceName, this._userName));
+                this._hold.release();
+                return;
+            }
+             this._reportInitError(this._userName
+                 ? 'Failed to start verification for user'
+                 : 'Failed to start verification', e);
--- a/debian/patches/gdm-Ensure-we-cancel-all-the-previously-running-services-.patch
+++ b/debian/patches/gdm-Ensure-we-cancel-all-the-previously-running-services-.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Tue, 2 Feb 2021 17:29:29 +0100
+Subject: gdm: Ensure we cancel all the previously running services on auth
+ retry
+
+When retrying the authentication we should make sure that all the
+previously initiated services are stopped in order to begin a new
+authentication session with all the configured services.
+
+Unfortunately at the current state we only dispose the currently used
+user verifier, but we don't make it to stop all the relative gdm workers
+and then they'll stay around potentially blocking any further usage of
+them (as it happens with the fingerprint one, that has unique access to
+the device).
+
+So, cancel the currently running authentication before starting a new
+one if we're explicitly retrying.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1915066
+---
+ js/gdm/util.js | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index 8c6c678..90dfd64 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -536,6 +536,7 @@ var ShellUserVerifier = class {
+     }
+ 
+     _retry() {
+        this.cancel();
+         this.begin(this._userName, new Batch.Hold());
+     }
+ 
--- a/debian/patches/gdm-Expose-the-source-serviceName-for-messages-and-verifi.patch
+++ b/debian/patches/gdm-Expose-the-source-serviceName-for-messages-and-verifi.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 1 Feb 2021 19:36:49 +0100
+Subject: gdm: Expose the source serviceName for messages and verification
+ failures
+
+By giving to the AuthPrompt information regarding the source service
+name (and so the ability to know whether it's a foreground service) can
+give it the ability to behave differently.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/authPrompt.js |  8 ++++----
+ js/gdm/util.js       | 33 +++++++++++++++++----------------
+ 2 files changed, 21 insertions(+), 20 deletions(-)
+
+diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
+index 43798b3..c5d6462 100644
+--- a/js/gdm/authPrompt.js
+++ b/js/gdm/authPrompt.js
+@@ -269,12 +269,12 @@ var AuthPrompt = GObject.registerClass({
+             this.reset();
+     }
+ 
+-    _onShowMessage(userVerifier, message, type) {
+-        this.setMessage(message, type);
+    _onShowMessage(_userVerifier, serviceName, message, type) {
+        this.setMessage(serviceName, message, type);
+         this.emit('prompted');
+     }
+ 
+-    _onVerificationFailed(userVerifier, canRetry) {
+    _onVerificationFailed(userVerifier, serviceName, canRetry) {
+         this._queryingService = null;
+         this.clear();
+ 
+@@ -406,7 +406,7 @@ var AuthPrompt = GObject.registerClass({
+         });
+     }
+ 
+-    setMessage(message, type) {
+    setMessage(serviceName, message, type) {
+         if (type == GdmUtil.MessageType.ERROR)
+             this._message.add_style_class_name('login-dialog-message-warning');
+         else
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index 5879e0c..cff4e1f 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -278,7 +278,7 @@ var ShellUserVerifier = class {
+ 
+         let message = this._messageQueue.shift();
+ 
+-        this.emit('show-message', message.text, message.type);
+        this.emit('show-message', message.serviceName, message.text, message.type);
+ 
+         this._messageQueueTimeoutId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
+                                                        message.interval,
+@@ -290,11 +290,11 @@ var ShellUserVerifier = class {
+         GLib.Source.set_name_by_id(this._messageQueueTimeoutId, '[gnome-shell] this._queueMessageTimeout');
+     }
+ 
+-    _queueMessage(message, messageType) {
+    _queueMessage(serviceName, message, messageType) {
+         let interval = this._getIntervalForMessage(message);
+ 
+         this.hasPendingMessages = true;
+-        this._messageQueue.push({ text: message, type: messageType, interval });
+        this._messageQueue.push({ serviceName, text: message, type: messageType, interval });
+         this._queueMessageTimeout();
+     }
+ 
+@@ -305,7 +305,7 @@ var ShellUserVerifier = class {
+             GLib.source_remove(this._messageQueueTimeoutId);
+             this._messageQueueTimeoutId = 0;
+         }
+-        this.emit('show-message', null, MessageType.NONE);
+        this.emit('show-message', null, null, MessageType.NONE);
+     }
+ 
+     _checkForFingerprintReader() {
+@@ -353,13 +353,13 @@ var ShellUserVerifier = class {
+         }
+     }
+ 
+-    _reportInitError(where, error) {
+    _reportInitError(where, error, serviceName) {
+         logError(error, where);
+         this._hold.release();
+ 
+-        this._queueMessage(_("Authentication error"), MessageType.ERROR);
+        this._queueMessage(serviceName, _('Authentication error'), MessageType.ERROR);
+         this._failCounter++;
+-        this._verificationFailed(false);
+        this._verificationFailed(serviceName, false);
+     }
+ 
+     async _openReauthenticationChannel(userName) {
+@@ -470,7 +470,8 @@ var ShellUserVerifier = class {
+             }
+             this._reportInitError(this._userName
+                 ? 'Failed to start %s verification for user'.format(serviceName)
+-                : 'Failed to start %s verification'.format(serviceName), e);
+                : 'Failed to start %s verification'.format(serviceName), e,
+            serviceName);
+             return;
+         }
+         this._hold.release();
+@@ -485,7 +486,7 @@ var ShellUserVerifier = class {
+ 
+     _onInfo(client, serviceName, info) {
+         if (this.serviceIsForeground(serviceName)) {
+-            this._queueMessage(info, MessageType.INFO);
+            this._queueMessage(serviceName, info, MessageType.INFO);
+         } else if (this.serviceIsFingerprint(serviceName) && this._canRetry()) {
+             // We don't show fingerprint messages directly since it's
+             // not the main auth service. Instead we use the messages
+@@ -493,7 +494,7 @@ var ShellUserVerifier = class {
+ 
+             // Translators: this message is shown below the password entry field
+             // to indicate the user can swipe their finger instead
+-            this._queueMessage(_("(or swipe finger)"), MessageType.HINT);
+            this._queueMessage(serviceName, _('(or swipe finger)'), MessageType.HINT);
+         }
+     }
+ 
+@@ -503,12 +504,12 @@ var ShellUserVerifier = class {
+         if (!this.serviceIsForeground(serviceName) && !isFingerprint)
+             return;
+ 
+-        this._queueMessage(problem, MessageType.ERROR);
+        this._queueMessage(serviceName, problem, MessageType.ERROR);
+         if (isFingerprint) {
+             this._failCounter++;
+ 
+             if (!this._canRetry())
+-                this._verificationFailed(false);
+                this._verificationFailed(serviceName, false);
+         }
+     }
+ 
+@@ -562,7 +563,7 @@ var ShellUserVerifier = class {
+             (this._reauthOnly || this._failCounter < this.allowedFailures);
+     }
+ 
+-    _verificationFailed(retry) {
+    _verificationFailed(serviceName, retry) {
+         // For Not Listed / enterprise logins, immediately reset
+         // the dialog
+         // Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
+@@ -592,7 +593,7 @@ var ShellUserVerifier = class {
+             }
+         }
+ 
+-        this.emit('verification-failed', canRetry);
+        this.emit('verification-failed', serviceName, canRetry);
+     }
+ 
+     _onConversationStopped(client, serviceName) {
+@@ -604,7 +605,7 @@ var ShellUserVerifier = class {
+         if (foregroundService) {
+             this._credentialManagers[foregroundService].token = null;
+             this._preemptingService = null;
+-            this._verificationFailed(false);
+            this._verificationFailed(serviceName, false);
+             return;
+         }
+ 
+@@ -614,7 +615,7 @@ var ShellUserVerifier = class {
+         if (this.serviceIsForeground(serviceName))
+             this._failCounter++;
+ 
+-        this._verificationFailed(true);
+        this._verificationFailed(serviceName, true);
+     }
+ };
+ Signals.addSignalMethods(ShellUserVerifier.prototype);
--- a/debian/patches/gdm-Fail-and-restart-verification-on-conversation-stopped.patch
+++ b/debian/patches/gdm-Fail-and-restart-verification-on-conversation-stopped.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 8 Feb 2021 18:57:06 +0100
+Subject: gdm: Fail and restart verification on conversation stopped for all
+ services
+
+Currently when the foreground service conversation stops we increase the
+verification failed count and try to start it again, while if a
+background service has been stopped we just ignore it.
+
+This is causing a various number of issues, for example in the case of
+the fingerprint authentication service, it is normally configured to die
+after a timeout, and we end up never restarting it (while the UI still
+keeps showing to the user the message about swipe/touch the device).
+
+So, in such case let's just consider it a "soft" verification failure
+that doesn't increase the failures count but will cause us to reset the
+UI and try to restart the authentication (and so the affected service).
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/util.js | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index e8457f6..5879e0c 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -611,10 +611,10 @@ var ShellUserVerifier = class {
+         // if the password service fails, then cancel everything.
+         // But if, e.g., fingerprint fails, still give
+         // password authentication a chance to succeed
+-        if (this.serviceIsForeground(serviceName)) {
+        if (this.serviceIsForeground(serviceName))
+             this._failCounter++;
+-            this._verificationFailed(true);
+-        }
+
+        this._verificationFailed(true);
+     }
+ };
+ Signals.addSignalMethods(ShellUserVerifier.prototype);
--- a/debian/patches/gdm-Include-the-failed-service-name-when-in-reporting-err.patch
+++ b/debian/patches/gdm-Include-the-failed-service-name-when-in-reporting-err.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Tue, 2 Feb 2021 16:40:24 +0100
+Subject: gdm: Include the failed service name when in reporting errors
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1915066
+---
+ js/gdm/util.js | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index b40bc23..8c6c678 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -459,8 +459,8 @@ var ShellUserVerifier = class {
+                 return;
+             }
+             this._reportInitError(this._userName
+-                ? 'Failed to start verification for user'
+-                : 'Failed to start verification', e);
+                ? 'Failed to start %s verification for user'.format(serviceName)
+                : 'Failed to start %s verification'.format(serviceName), e);
+             return;
+         }
+         this._hold.release();
--- a/debian/patches/gdm-Increase-the-verification-failed-counter-once-we-ve-a.patch
+++ b/debian/patches/gdm-Increase-the-verification-failed-counter-once-we-ve-a.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Mon, 8 Feb 2021 18:43:16 +0100
+Subject: gdm: Increase the verification failed counter once we've a failure
+
+Decouple the verification failure count increase from
+_verificationFailed as there are some cases in which we may want to
+increase it without emitting a verification-failed signal.
+
+Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1865838
+---
+ js/gdm/util.js | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/js/gdm/util.js b/js/gdm/util.js
+index 5f142f8..e774f5f 100644
+--- a/js/gdm/util.js
+++ b/js/gdm/util.js
+@@ -354,6 +354,7 @@ var ShellUserVerifier = class {
+         this._hold.release();
+ 
+         this._queueMessage(_("Authentication error"), MessageType.ERROR);
+        this._failCounter++;
+         this._verificationFailed(false);
+     }
+ 
+@@ -552,7 +553,6 @@ var ShellUserVerifier = class {
+         // Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
+         // After that, we go back to the welcome screen.
+ 
+-        this._failCounter++;
+         let canRetry = retry && this._userName &&
+             (this._reauthOnly ||
+              this._failCounter < this._settings.get_int(ALLOWED_FAILURES_KEY));
+@@ -598,8 +598,10 @@ var ShellUserVerifier = class {
+         // if the password service fails, then cancel everything.
+         // But if, e.g., fingerprint fails, still give
+         // password authentication a chance to succeed
+-        if (this.serviceIsForeground(serviceName))
+        if (this.serviceIsForeground(serviceName)) {
+            this._failCounter++;
+             this._verificationFailed(true);
+        }
+     }
+ };
+ Signals.addSignalMethods(ShellUserVerifier.prototype);
--- a/debian/patches/screenshot-Grab-screenshot-during-paint-on-X11.patch
+++ b/debian/patches/screenshot-Grab-screenshot-during-paint-on-X11.patch
-From: =?utf-8?q?Jonas_=C3=85dahl?= <jadahl@gmail.com>
-Date: Mon, 14 Dec 2020 14:11:37 +0000
-Subject: screenshot: Grab screenshot during paint on X11
-
-We might not be able to directly paint the stage to an offscreen, if
-there currently is a fullscreen unredirected window. To make it possible
-to take a screenshot in this situation, disable unredirecting, queue a
-frame, and take a screenshot after having painted that frame, before we
-go back being unredirected.
-
-Don't do this on Wayland because it's a waste.
-
-Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/1453
-
-(cherry picked from commit c09be8b0a9395f5ce0c4210356f6532bd3bfa0c4)
-
-Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1536>
-
-Origin: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/d5fb557b
---
- src/shell-screenshot.c | 34 +++++++++++++++++++++++++++++++++-
- 1 file changed, 33 insertions(+), 1 deletion(-)
-
-diff --git a/src/shell-screenshot.c b/src/shell-screenshot.c
-index 2505fc1..1545b86 100644
--- a/src/shell-screenshot.c
-+++ b/src/shell-screenshot.c
-@@ -32,6 +32,7 @@ struct _ShellScreenshotPrivate
-   ShellGlobal *global;
- 
-   GOutputStream *stream;
-+  ShellScreenshotFlag flags;
- 
-   GDateTime *datetime;
- 
-@@ -338,6 +339,22 @@ finish_screenshot (ShellScreenshot        *screenshot,
-   return TRUE;
- }
- 
-+static void
-+on_after_paint (ClutterStage     *stage,
-+                ClutterStageView *view,
-+                GTask            *result)
-+{
-+  ShellScreenshot *screenshot = g_task_get_task_data (result);
-+  ShellScreenshotPrivate *priv = screenshot->priv;
-+  MetaDisplay *display = shell_global_get_display (priv->global);
-+
-+  g_signal_handlers_disconnect_by_func (stage, on_after_paint, result);
-+
-+  grab_screenshot (screenshot, priv->flags, result);
-+
-+  meta_enable_unredirect_for_display (display);
-+}
-+
- /**
-  * shell_screenshot_screenshot:
-  * @screenshot: the #ShellScreenshot
-@@ -382,6 +399,7 @@ shell_screenshot_screenshot (ShellScreenshot     *screenshot,
- 
-   result = g_task_new (screenshot, NULL, callback, user_data);
-   g_task_set_source_tag (result, shell_screenshot_screenshot);
-+  g_task_set_task_data (result, screenshot, NULL);
- 
-   priv->stream = g_object_ref (stream);
- 
-@@ -389,7 +407,21 @@ shell_screenshot_screenshot (ShellScreenshot     *screenshot,
-   if (include_cursor)
-     flags |= SHELL_SCREENSHOT_FLAG_INCLUDE_CURSOR;
- 
-  grab_screenshot (screenshot, flags, result);
-+  if (meta_is_wayland_compositor ())
-+    {
-+      grab_screenshot (screenshot, flags, result);
-+    }
-+  else
-+    {
-+      MetaDisplay *display = shell_global_get_display (priv->global);
-+      ClutterStage *stage = shell_global_get_stage (priv->global);
-+
-+      meta_disable_unredirect_for_display (display);
-+      clutter_actor_queue_redraw (CLUTTER_ACTOR (stage));
-+      priv->flags = flags;
-+      g_signal_connect (stage, "after-paint",
-+                        G_CALLBACK (on_after_paint), result);
-+    }
- }
- 
- /**