diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /x11-apps/xdm/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'x11-apps/xdm/files')
-rw-r--r-- | x11-apps/xdm/files/Xsession | 73 | ||||
-rw-r--r-- | x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch | 18 | ||||
-rw-r--r-- | x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch | 41 | ||||
-rw-r--r-- | x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch | 37 | ||||
-rw-r--r-- | x11-apps/xdm/files/xdm-consolekit.patch | 230 |
5 files changed, 399 insertions, 0 deletions
diff --git a/x11-apps/xdm/files/Xsession b/x11-apps/xdm/files/Xsession new file mode 100644 index 000000000000..ffeef4c87420 --- /dev/null +++ b/x11-apps/xdm/files/Xsession @@ -0,0 +1,73 @@ +#!/bin/bash --login +# +# $Xorg: Xsession,v 1.4 2000/08/17 19:54:17 cpqbld Exp $ +# +# +# +# +# $XFree86: xc/programs/xdm/config/Xsession,v 1.3 2001/01/17 23:45:24 dawes Exp $ + +# redirect errors to a file in user's home directory if we can +for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER" +do + if ( cp /dev/null "$errfile" 2> /dev/null ) + then + chmod 600 "$errfile" + exec > "$errfile" 2>&1 + break + fi +done + +# handle KDM +if [ -n "$1" ]; then + export XSESSION="$1" +fi + +xinitdir=/usr/X11R6/lib/X11/xinit +startup=$HOME/.xsession +userresources=$HOME/.Xresources +usermodmap=$HOME/.Xmodmap +sysresources=$xinitdir/.Xresources +sysmodmap=$xinitdir/.Xmodmap + +# First run the system default. Because KDE uses this +# to switch sessions, we MUST first check the system +# default, and then ~/.xsession. If the user Do not +# want this, he should override XSESSION, or at least +# clear it. +if [ -n "`/etc/X11/chooser.sh`" ]; then + exec "`/etc/X11/chooser.sh`" +# If not defined, try the user's ~/.xsession +elif [ -s "$startup" ]; then + + # merge in defaults and keymaps + + if [ -f $sysresources ]; then + xrdb -merge $sysresources + fi + + if [ -f $sysmodmap ]; then + xmodmap $sysmodmap + fi + + if [ -f $userresources ]; then + xrdb -merge $userresources + fi + + if [ -f $usermodmap ]; then + xmodmap $usermodmap + fi + + if [ -x "$startup" ]; then + exec "$startup" + else + exec /bin/sh "$startup" + fi +# Lastly, xsm as failsafe +else + if [ -r "$userresources" ]; then + xrdb -load "$userresources" + fi + exec xsm +fi + diff --git a/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch new file mode 100644 index 000000000000..db948094b755 --- /dev/null +++ b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch @@ -0,0 +1,18 @@ +diff -ur a/xdm/genauth.c b/xdm/genauth.c +--- a/xdm/genauth.c 2011-09-25 09:35:47.000000000 +0200 ++++ b/xdm/genauth.c 2014-01-06 16:28:09.664060603 +0100 +@@ -40,6 +40,14 @@ + + #include <errno.h> + ++#ifdef HAVE_ARC4RANDOM ++# ifdef __linux__ ++# include <bsd/stdlib.h> ++# else ++# include <stdlib.h> ++# endif ++#endif ++ + #include <time.h> + #define Time_t time_t + diff --git a/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch new file mode 100644 index 000000000000..34ae7ceb3cd6 --- /dev/null +++ b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch @@ -0,0 +1,41 @@ +From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Wed, 22 May 2013 14:20:26 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt(). + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- +diff --git a/greeter/verify.c b/greeter/verify.c +index db3cb7d..b009e2b 100644 +--- a/greeter/verify.c ++++ b/greeter/verify.c +@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + struct spwd *sp; + # endif + char *user_pass = NULL; ++ char *crypted_pass = NULL; + # endif + # ifdef __OpenBSD__ + char *s; +@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + # if defined(ultrix) || defined(__ultrix__) + if (authenticate_user(p, greet->password, NULL) < 0) + # else +- if (strcmp (crypt (greet->password, user_pass), user_pass)) ++ crypted_pass = crypt (greet->password, user_pass); ++ if ((crypted_pass == NULL) ++ || (strcmp (crypted_pass, user_pass))) + # endif + { + if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) { +-- +cgit v0.9.0.2-2-gbebe diff --git a/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch new file mode 100644 index 000000000000..0a3f32bbea02 --- /dev/null +++ b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch @@ -0,0 +1,37 @@ +diff -ur a/xdm/choose.c b/xdm/choose.c +--- a/xdm/choose.c 2011-09-25 09:35:47.000000000 +0200 ++++ b/xdm/choose.c 2014-01-06 16:33:09.628065364 +0100 +@@ -54,6 +54,14 @@ + # include <tiuser.h> + # endif + ++# ifdef HAVE_SETPROCTITLE ++# ifdef __linux__ ++# include <bsd/unistd.h> ++# else ++# include <unistd.h> ++# endif ++# endif ++ + # include <time.h> + # define Time_t time_t + +diff -ur a/xdm/session.c b/xdm/session.c +--- a/xdm/session.c 2011-09-25 09:35:47.000000000 +0200 ++++ b/xdm/session.c 2014-01-06 16:40:57.508072789 +0100 +@@ -54,6 +54,15 @@ + # include <usersec.h> + #endif + ++# ifdef HAVE_SETPROCTITLE ++# include <sys/types.h> ++# ifdef __linux__ ++# include <bsd/unistd.h> ++# else ++# include <unistd.h> ++# endif ++# endif ++ + #ifndef USE_PAM /* PAM modules should handle these */ + # ifdef SECURE_RPC + # include <rpc/rpc.h> diff --git a/x11-apps/xdm/files/xdm-consolekit.patch b/x11-apps/xdm/files/xdm-consolekit.patch new file mode 100644 index 000000000000..fbacd36fc073 --- /dev/null +++ b/x11-apps/xdm/files/xdm-consolekit.patch @@ -0,0 +1,230 @@ +http://bugs.gentoo.org/360987 +http://projects.archlinux.org/svntogit/packages.git/plain/trunk/xdm-consolekit.patch?h=packages/xorg-xdm +http://lists.x.org/archives/xorg-devel/2011-February/019615.html +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020 + +--- a/configure.ac ++++ b/configure.ac +@@ -362,6 +362,20 @@ + + AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes) + ++# ConsoleKit support ++AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]), ++ [USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes]) ++if test x"$USE_CONSOLEKIT" != xno; then ++ PKG_CHECK_MODULES(CK_CONNECTOR, ck-connector, ++ [USE_CONSOLEKIT=yes], [USE_CONSOLEKIT=no]) ++ if test x"$USE_CONSOLEKIT" = xyes; then ++ AC_DEFINE([USE_CONSOLEKIT], 1, [Define to 1 to use ConsoleKit]) ++ XDM_CFLAGS="$XDM_CFLAGS $CK_CONNECTOR_CFLAGS -DUSE_CONSOLEKIT" ++ XDM_LIBS="$XDM_LIBS $CK_CONNECTOR_LIBS" ++ fi ++fi ++dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes) ++ + # + # XDM + # +--- a/xdm/session.c ++++ b/xdm/session.c +@@ -66,6 +66,11 @@ + #endif + #endif /* USE_PAM */ + ++#ifdef USE_CONSOLEKIT ++#include <ck-connector.h> ++#include <dbus/dbus.h> ++#endif ++ + #ifdef __SCO__ + #include <prot.h> + #endif +@@ -472,6 +477,97 @@ + } + } + ++#ifdef USE_CONSOLEKIT ++ ++static CkConnector *connector; ++ ++static int openCKSession(struct verify_info *verify, struct display *d) ++{ ++ int ret; ++ DBusError error; ++ char *remote_host_name = ""; ++ dbus_bool_t is_local; ++ char *display_name = ""; ++ char *display_device = ""; ++ char devtmp[16]; ++ ++ if (!use_consolekit) ++ return 1; ++ ++ is_local = d->displayType.location == Local; ++ if (d->peerlen > 0 && d->peer) ++ remote_host_name = d->peer; ++ if (d->name) ++ display_name = d->name; ++ /* how can we get the corresponding tty at best...? */ ++ if (d->windowPath) { ++ display_device = strchr(d->windowPath, ':'); ++ if (display_device && display_device[1]) ++ display_device++; ++ else ++ display_device = d->windowPath; ++ snprintf(devtmp, sizeof(devtmp), "/dev/tty%s", display_device); ++ display_device = devtmp; ++ } ++ ++ connector = ck_connector_new(); ++ if (!connector) { ++ LogOutOfMem("ck_connector"); ++ return 0; ++ } ++ ++ dbus_error_init(&error); ++ ret = ck_connector_open_session_with_parameters( ++ connector, &error, ++ "unix-user", &verify->uid, ++ "x11-display", &display_name, ++ "x11-display-device", &display_device, ++ "remote-host-name", &remote_host_name, ++ "is-local", &is_local, ++ NULL); ++ if (!ret) { ++ if (dbus_error_is_set(&error)) { ++ LogError("Dbus error: %s\n", error.message); ++ dbus_error_free(&error); ++ } else { ++ LogError("ConsoleKit error\n"); ++ } ++ LogError("console-kit-daemon not running?\n"); ++ ck_connector_unref(connector); ++ connector = NULL; ++ return 0; ++ } ++ ++ verify->userEnviron = setEnv(verify->userEnviron, ++ "XDG_SESSION_COOKIE", ck_connector_get_cookie(connector)); ++ return 1; ++} ++ ++static void closeCKSession(void) ++{ ++ DBusError error; ++ ++ if (!connector) ++ return; ++ ++ dbus_error_init(&error); ++ if (!ck_connector_close_session(connector, &error)) { ++ if (dbus_error_is_set(&error)) { ++ LogError("Dbus error: %s\n", error.message); ++ dbus_error_free(&error); ++ } else { ++ LogError("ConsoleKit close error\n"); ++ } ++ LogError("console-kit-daemon not running?\n"); ++ } ++ ck_connector_unref(connector); ++ connector = NULL; ++} ++#else ++#define openCKSession(v,d) 1 ++#define closeCKSession() ++#endif ++ + void + SessionExit (struct display *d, int status, int removeAuth) + { +@@ -486,6 +580,8 @@ + } + #endif + ++ closeCKSession(); ++ + /* make sure the server gets reset after the session is over */ + if (d->serverPid >= 2 && d->resetSignal) + kill (d->serverPid, d->resetSignal); +@@ -568,6 +664,10 @@ + #ifdef USE_PAM + if (pamh) pam_open_session(pamh, 0); + #endif ++ ++ if (!openCKSession(verify, d)) ++ return 0; ++ + switch (pid = fork ()) { + case 0: + CleanUpChild (); +--- a/include/dm.h ++++ b/include/dm.h +@@ -325,6 +325,9 @@ + extern char *prngdSocket; + extern int prngdPort; + # endif ++#ifdef USE_CONSOLEKIT ++extern int use_consolekit; ++#endif + + extern char *greeterLib; + extern char *willing; +--- a/xdm/resource.c ++++ b/xdm/resource.c +@@ -68,6 +68,9 @@ + char *prngdSocket; + int prngdPort; + #endif ++#ifdef USE_CONSOLEKIT ++int use_consolekit; ++#endif + + char *greeterLib; + char *willing; +@@ -258,6 +261,10 @@ + "false"} , + { "willing", "Willing", DM_STRING, &willing, + ""} , ++#ifdef USE_CONSOLEKIT ++{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit, ++ "true"} , ++#endif + }; + + # define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) +@@ -440,7 +447,11 @@ + {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL }, + {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL }, + {"-daemon", ".daemonMode", XrmoptionNoArg, "true" }, +-{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" } ++{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }, ++#ifdef USE_CONSOLEKIT ++{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" }, ++{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" } ++#endif + }; + + static int originalArgc; +--- a/man/xdm.man ++++ b/man/xdm.man +@@ -51,6 +51,8 @@ + ] [ + .B \-session + .I session_program ++] [ ++.B \-noconsolekit + ] + .SH DESCRIPTION + .I Xdm +@@ -218,6 +220,10 @@ + .IP "\fB\-xrm\fP \fIresource_specification\fP" + Allows an arbitrary resource to be specified, as in most + X Toolkit applications. ++.IP "\fB\-noconsolekit\fP" ++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP ++resource. ++This suppresses the session management using ConsoleKit. + .SH RESOURCES + At many stages the actions of + .I xdm |