summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /x11-apps/xdm/files
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'x11-apps/xdm/files')
-rw-r--r--x11-apps/xdm/files/Xsession73
-rw-r--r--x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch18
-rw-r--r--x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch41
-rw-r--r--x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch37
-rw-r--r--x11-apps/xdm/files/xdm-consolekit.patch230
5 files changed, 399 insertions, 0 deletions
diff --git a/x11-apps/xdm/files/Xsession b/x11-apps/xdm/files/Xsession
new file mode 100644
index 000000000000..ffeef4c87420
--- /dev/null
+++ b/x11-apps/xdm/files/Xsession
@@ -0,0 +1,73 @@
+#!/bin/bash --login
+#
+# $Xorg: Xsession,v 1.4 2000/08/17 19:54:17 cpqbld Exp $
+#
+#
+#
+#
+# $XFree86: xc/programs/xdm/config/Xsession,v 1.3 2001/01/17 23:45:24 dawes Exp $
+
+# redirect errors to a file in user's home directory if we can
+for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER"
+do
+ if ( cp /dev/null "$errfile" 2> /dev/null )
+ then
+ chmod 600 "$errfile"
+ exec > "$errfile" 2>&1
+ break
+ fi
+done
+
+# handle KDM
+if [ -n "$1" ]; then
+ export XSESSION="$1"
+fi
+
+xinitdir=/usr/X11R6/lib/X11/xinit
+startup=$HOME/.xsession
+userresources=$HOME/.Xresources
+usermodmap=$HOME/.Xmodmap
+sysresources=$xinitdir/.Xresources
+sysmodmap=$xinitdir/.Xmodmap
+
+# First run the system default. Because KDE uses this
+# to switch sessions, we MUST first check the system
+# default, and then ~/.xsession. If the user Do not
+# want this, he should override XSESSION, or at least
+# clear it.
+if [ -n "`/etc/X11/chooser.sh`" ]; then
+ exec "`/etc/X11/chooser.sh`"
+# If not defined, try the user's ~/.xsession
+elif [ -s "$startup" ]; then
+
+ # merge in defaults and keymaps
+
+ if [ -f $sysresources ]; then
+ xrdb -merge $sysresources
+ fi
+
+ if [ -f $sysmodmap ]; then
+ xmodmap $sysmodmap
+ fi
+
+ if [ -f $userresources ]; then
+ xrdb -merge $userresources
+ fi
+
+ if [ -f $usermodmap ]; then
+ xmodmap $usermodmap
+ fi
+
+ if [ -x "$startup" ]; then
+ exec "$startup"
+ else
+ exec /bin/sh "$startup"
+ fi
+# Lastly, xsm as failsafe
+else
+ if [ -r "$userresources" ]; then
+ xrdb -load "$userresources"
+ fi
+ exec xsm
+fi
+
diff --git a/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch
new file mode 100644
index 000000000000..db948094b755
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch
@@ -0,0 +1,18 @@
+diff -ur a/xdm/genauth.c b/xdm/genauth.c
+--- a/xdm/genauth.c 2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/genauth.c 2014-01-06 16:28:09.664060603 +0100
+@@ -40,6 +40,14 @@
+
+ #include <errno.h>
+
++#ifdef HAVE_ARC4RANDOM
++# ifdef __linux__
++# include <bsd/stdlib.h>
++# else
++# include <stdlib.h>
++# endif
++#endif
++
+ #include <time.h>
+ #define Time_t time_t
+
diff --git a/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
new file mode 100644
index 000000000000..34ae7ceb3cd6
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
@@ -0,0 +1,41 @@
+From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Wed, 22 May 2013 14:20:26 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+diff --git a/greeter/verify.c b/greeter/verify.c
+index db3cb7d..b009e2b 100644
+--- a/greeter/verify.c
++++ b/greeter/verify.c
+@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ struct spwd *sp;
+ # endif
+ char *user_pass = NULL;
++ char *crypted_pass = NULL;
+ # endif
+ # ifdef __OpenBSD__
+ char *s;
+@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ # if defined(ultrix) || defined(__ultrix__)
+ if (authenticate_user(p, greet->password, NULL) < 0)
+ # else
+- if (strcmp (crypt (greet->password, user_pass), user_pass))
++ crypted_pass = crypt (greet->password, user_pass);
++ if ((crypted_pass == NULL)
++ || (strcmp (crypted_pass, user_pass)))
+ # endif
+ {
+ if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch
new file mode 100644
index 000000000000..0a3f32bbea02
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch
@@ -0,0 +1,37 @@
+diff -ur a/xdm/choose.c b/xdm/choose.c
+--- a/xdm/choose.c 2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/choose.c 2014-01-06 16:33:09.628065364 +0100
+@@ -54,6 +54,14 @@
+ # include <tiuser.h>
+ # endif
+
++# ifdef HAVE_SETPROCTITLE
++# ifdef __linux__
++# include <bsd/unistd.h>
++# else
++# include <unistd.h>
++# endif
++# endif
++
+ # include <time.h>
+ # define Time_t time_t
+
+diff -ur a/xdm/session.c b/xdm/session.c
+--- a/xdm/session.c 2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/session.c 2014-01-06 16:40:57.508072789 +0100
+@@ -54,6 +54,15 @@
+ # include <usersec.h>
+ #endif
+
++# ifdef HAVE_SETPROCTITLE
++# include <sys/types.h>
++# ifdef __linux__
++# include <bsd/unistd.h>
++# else
++# include <unistd.h>
++# endif
++# endif
++
+ #ifndef USE_PAM /* PAM modules should handle these */
+ # ifdef SECURE_RPC
+ # include <rpc/rpc.h>
diff --git a/x11-apps/xdm/files/xdm-consolekit.patch b/x11-apps/xdm/files/xdm-consolekit.patch
new file mode 100644
index 000000000000..fbacd36fc073
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-consolekit.patch
@@ -0,0 +1,230 @@
+http://bugs.gentoo.org/360987
+http://projects.archlinux.org/svntogit/packages.git/plain/trunk/xdm-consolekit.patch?h=packages/xorg-xdm
+http://lists.x.org/archives/xorg-devel/2011-February/019615.html
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -362,6 +362,20 @@
+
+ AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes)
+
++# ConsoleKit support
++AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]),
++ [USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes])
++if test x"$USE_CONSOLEKIT" != xno; then
++ PKG_CHECK_MODULES(CK_CONNECTOR, ck-connector,
++ [USE_CONSOLEKIT=yes], [USE_CONSOLEKIT=no])
++ if test x"$USE_CONSOLEKIT" = xyes; then
++ AC_DEFINE([USE_CONSOLEKIT], 1, [Define to 1 to use ConsoleKit])
++ XDM_CFLAGS="$XDM_CFLAGS $CK_CONNECTOR_CFLAGS -DUSE_CONSOLEKIT"
++ XDM_LIBS="$XDM_LIBS $CK_CONNECTOR_LIBS"
++ fi
++fi
++dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes)
++
+ #
+ # XDM
+ #
+--- a/xdm/session.c
++++ b/xdm/session.c
+@@ -66,6 +66,11 @@
+ #endif
+ #endif /* USE_PAM */
+
++#ifdef USE_CONSOLEKIT
++#include <ck-connector.h>
++#include <dbus/dbus.h>
++#endif
++
+ #ifdef __SCO__
+ #include <prot.h>
+ #endif
+@@ -472,6 +477,97 @@
+ }
+ }
+
++#ifdef USE_CONSOLEKIT
++
++static CkConnector *connector;
++
++static int openCKSession(struct verify_info *verify, struct display *d)
++{
++ int ret;
++ DBusError error;
++ char *remote_host_name = "";
++ dbus_bool_t is_local;
++ char *display_name = "";
++ char *display_device = "";
++ char devtmp[16];
++
++ if (!use_consolekit)
++ return 1;
++
++ is_local = d->displayType.location == Local;
++ if (d->peerlen > 0 && d->peer)
++ remote_host_name = d->peer;
++ if (d->name)
++ display_name = d->name;
++ /* how can we get the corresponding tty at best...? */
++ if (d->windowPath) {
++ display_device = strchr(d->windowPath, ':');
++ if (display_device && display_device[1])
++ display_device++;
++ else
++ display_device = d->windowPath;
++ snprintf(devtmp, sizeof(devtmp), "/dev/tty%s", display_device);
++ display_device = devtmp;
++ }
++
++ connector = ck_connector_new();
++ if (!connector) {
++ LogOutOfMem("ck_connector");
++ return 0;
++ }
++
++ dbus_error_init(&error);
++ ret = ck_connector_open_session_with_parameters(
++ connector, &error,
++ "unix-user", &verify->uid,
++ "x11-display", &display_name,
++ "x11-display-device", &display_device,
++ "remote-host-name", &remote_host_name,
++ "is-local", &is_local,
++ NULL);
++ if (!ret) {
++ if (dbus_error_is_set(&error)) {
++ LogError("Dbus error: %s\n", error.message);
++ dbus_error_free(&error);
++ } else {
++ LogError("ConsoleKit error\n");
++ }
++ LogError("console-kit-daemon not running?\n");
++ ck_connector_unref(connector);
++ connector = NULL;
++ return 0;
++ }
++
++ verify->userEnviron = setEnv(verify->userEnviron,
++ "XDG_SESSION_COOKIE", ck_connector_get_cookie(connector));
++ return 1;
++}
++
++static void closeCKSession(void)
++{
++ DBusError error;
++
++ if (!connector)
++ return;
++
++ dbus_error_init(&error);
++ if (!ck_connector_close_session(connector, &error)) {
++ if (dbus_error_is_set(&error)) {
++ LogError("Dbus error: %s\n", error.message);
++ dbus_error_free(&error);
++ } else {
++ LogError("ConsoleKit close error\n");
++ }
++ LogError("console-kit-daemon not running?\n");
++ }
++ ck_connector_unref(connector);
++ connector = NULL;
++}
++#else
++#define openCKSession(v,d) 1
++#define closeCKSession()
++#endif
++
+ void
+ SessionExit (struct display *d, int status, int removeAuth)
+ {
+@@ -486,6 +580,8 @@
+ }
+ #endif
+
++ closeCKSession();
++
+ /* make sure the server gets reset after the session is over */
+ if (d->serverPid >= 2 && d->resetSignal)
+ kill (d->serverPid, d->resetSignal);
+@@ -568,6 +664,10 @@
+ #ifdef USE_PAM
+ if (pamh) pam_open_session(pamh, 0);
+ #endif
++
++ if (!openCKSession(verify, d))
++ return 0;
++
+ switch (pid = fork ()) {
+ case 0:
+ CleanUpChild ();
+--- a/include/dm.h
++++ b/include/dm.h
+@@ -325,6 +325,9 @@
+ extern char *prngdSocket;
+ extern int prngdPort;
+ # endif
++#ifdef USE_CONSOLEKIT
++extern int use_consolekit;
++#endif
+
+ extern char *greeterLib;
+ extern char *willing;
+--- a/xdm/resource.c
++++ b/xdm/resource.c
+@@ -68,6 +68,9 @@
+ char *prngdSocket;
+ int prngdPort;
+ #endif
++#ifdef USE_CONSOLEKIT
++int use_consolekit;
++#endif
+
+ char *greeterLib;
+ char *willing;
+@@ -258,6 +261,10 @@
+ "false"} ,
+ { "willing", "Willing", DM_STRING, &willing,
+ ""} ,
++#ifdef USE_CONSOLEKIT
++{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit,
++ "true"} ,
++#endif
+ };
+
+ # define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0])
+@@ -440,7 +447,11 @@
+ {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL },
+ {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL },
+ {"-daemon", ".daemonMode", XrmoptionNoArg, "true" },
+-{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }
++{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" },
++#ifdef USE_CONSOLEKIT
++{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" },
++{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" }
++#endif
+ };
+
+ static int originalArgc;
+--- a/man/xdm.man
++++ b/man/xdm.man
+@@ -51,6 +51,8 @@
+ ] [
+ .B \-session
+ .I session_program
++] [
++.B \-noconsolekit
+ ]
+ .SH DESCRIPTION
+ .I Xdm
+@@ -218,6 +220,10 @@
+ .IP "\fB\-xrm\fP \fIresource_specification\fP"
+ Allows an arbitrary resource to be specified, as in most
+ X Toolkit applications.
++.IP "\fB\-noconsolekit\fP"
++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP
++resource.
++This suppresses the session management using ConsoleKit.
+ .SH RESOURCES
+ At many stages the actions of
+ .I xdm