1 |
commit: 7d8dc86e28c18d907412f3400e9172a868b76322 |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Sep 27 22:58:10 2018 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 27 22:58:10 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/gnome.git/commit/?id=7d8dc86e |
7 |
|
8 |
gnome-base/gdm: remove old security vulnerable, use ::gentoo revbump |
9 |
|
10 |
Main tree version has patches to fix CVE-2018-14424, which were missed |
11 |
here during sync with main tree (presumably it was thought 3.26 already |
12 |
had the patches, but it doesn't). |
13 |
|
14 |
gnome-base/gdm/files/49-keychain-r1 | 9 - |
15 |
gnome-base/gdm/files/50-ssh-agent-r1 | 10 -- |
16 |
.../gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch | 32 ---- |
17 |
.../gdm/files/gdm-3.8.4-fingerprint-auth.patch | 29 --- |
18 |
gnome-base/gdm/files/gdm-3.8.4-logo.patch | 25 --- |
19 |
gnome-base/gdm/gdm-3.26.2.1.ebuild | 198 --------------------- |
20 |
gnome-base/gdm/metadata.xml | 14 -- |
21 |
7 files changed, 317 deletions(-) |
22 |
|
23 |
diff --git a/gnome-base/gdm/files/49-keychain-r1 b/gnome-base/gdm/files/49-keychain-r1 |
24 |
deleted file mode 100644 |
25 |
index 51a1ca87..00000000 |
26 |
--- a/gnome-base/gdm/files/49-keychain-r1 |
27 |
+++ /dev/null |
28 |
@@ -1,9 +0,0 @@ |
29 |
-#!/bin/bash |
30 |
- |
31 |
-# source keychain variables |
32 |
- |
33 |
-keychain="`which keychain 2>/dev/null`" |
34 |
-if [ -n "$keychain" ] && [ -x "$keychain" ] && [ -f "$HOME/.bash_profile" ] |
35 |
-then |
36 |
- . "${HOME}/.bash_profile" |
37 |
-fi |
38 |
|
39 |
diff --git a/gnome-base/gdm/files/50-ssh-agent-r1 b/gnome-base/gdm/files/50-ssh-agent-r1 |
40 |
deleted file mode 100644 |
41 |
index 4d94fb04..00000000 |
42 |
--- a/gnome-base/gdm/files/50-ssh-agent-r1 |
43 |
+++ /dev/null |
44 |
@@ -1,10 +0,0 @@ |
45 |
-#!/bin/sh |
46 |
- |
47 |
-# add ssh-agent if found |
48 |
- |
49 |
-sshagent="`which ssh-agent 2>/dev/null`" |
50 |
-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then |
51 |
- command="$sshagent -- $command" |
52 |
-elif [ -z "$sshagent" ] ; then |
53 |
- echo "$0: ssh-agent not found!" |
54 |
-fi |
55 |
|
56 |
diff --git a/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch b/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch |
57 |
deleted file mode 100644 |
58 |
index bfd8398a..00000000 |
59 |
--- a/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch |
60 |
+++ /dev/null |
61 |
@@ -1,32 +0,0 @@ |
62 |
-From c0581264d5e2b412aa27dc30623512b461024e4f Mon Sep 17 00:00:00 2001 |
63 |
-From: Gilles Dartiguelongue <eva@g.o> |
64 |
-Date: Tue, 2 Nov 2010 23:19:31 +0100 |
65 |
-Subject: [PATCH 2/4] ssh-agent handling must be done at xinitrc.d |
66 |
- |
67 |
-Gentoo bug: #220603 |
68 |
---- |
69 |
- data/Xsession.in | 8 -------- |
70 |
- 1 file changed, 8 deletions(-) |
71 |
- |
72 |
-diff --git a/data/Xsession.in b/data/Xsession.in |
73 |
-index 201be92..88f1fd9 100755 |
74 |
---- a/data/Xsession.in |
75 |
-+++ b/data/Xsession.in |
76 |
-@@ -191,14 +191,6 @@ if [ -d /etc/X11/xinit/xinitrc.d ]; then |
77 |
- done |
78 |
- fi |
79 |
- |
80 |
--# add ssh-agent if found |
81 |
--sshagent="`gdmwhich ssh-agent`" |
82 |
--if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then |
83 |
-- command="$sshagent -- $command" |
84 |
--elif [ -z "$sshagent" ] ; then |
85 |
-- echo "$0: ssh-agent not found!" |
86 |
--fi |
87 |
-- |
88 |
- echo "$0: Setup done, will execute: $command" |
89 |
- |
90 |
- eval exec $command |
91 |
--- |
92 |
-1.8.5.1 |
93 |
- |
94 |
|
95 |
diff --git a/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch b/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch |
96 |
deleted file mode 100644 |
97 |
index cd19077a..00000000 |
98 |
--- a/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch |
99 |
+++ /dev/null |
100 |
@@ -1,29 +0,0 @@ |
101 |
-From 75fe02c2b383b27b202940bdedd7d8d2c64169fb Mon Sep 17 00:00:00 2001 |
102 |
-From: Alexandre Rostovtsev <tetromino@g.o> |
103 |
-Date: Tue, 30 Jul 2013 22:56:30 -0400 |
104 |
-Subject: [PATCH 3/4] Gentoo does not have a fingerprint-auth pam stack |
105 |
- |
106 |
---- |
107 |
- data/pam-exherbo/gdm-fingerprint.pam | 7 ++++++- |
108 |
- 1 file changed, 6 insertions(+), 1 deletion(-) |
109 |
- |
110 |
-diff --git a/data/pam-exherbo/gdm-fingerprint.pam b/data/pam-exherbo/gdm-fingerprint.pam |
111 |
-index 41639ec..d9633fb 100644 |
112 |
---- a/data/pam-exherbo/gdm-fingerprint.pam |
113 |
-+++ b/data/pam-exherbo/gdm-fingerprint.pam |
114 |
-@@ -1,6 +1,11 @@ |
115 |
- account include system-login |
116 |
- |
117 |
--auth substack fingerprint-auth |
118 |
-+auth optional pam_env.so |
119 |
-+auth required pam_tally2.so onerr=succeed |
120 |
-+auth required pam_shells.so |
121 |
-+auth required pam_nologin.so |
122 |
-+auth required pam_fprintd.so |
123 |
-+auth required pam_permit.so |
124 |
- auth optional pam_gnome_keyring.so |
125 |
- |
126 |
- password required pam_deny.so |
127 |
--- |
128 |
-1.8.5.1 |
129 |
- |
130 |
|
131 |
diff --git a/gnome-base/gdm/files/gdm-3.8.4-logo.patch b/gnome-base/gdm/files/gdm-3.8.4-logo.patch |
132 |
deleted file mode 100644 |
133 |
index 151d4bc7..00000000 |
134 |
--- a/gnome-base/gdm/files/gdm-3.8.4-logo.patch |
135 |
+++ /dev/null |
136 |
@@ -1,25 +0,0 @@ |
137 |
-From bcc651df77a429a6bf9b13892f71fedb1b87a069 Mon Sep 17 00:00:00 2001 |
138 |
-From: Gilles Dartiguelongue <eva@g.o> |
139 |
-Date: Wed, 11 Dec 2013 22:46:58 +0100 |
140 |
-Subject: [PATCH 4/4] Apply Gentoo branding |
141 |
- |
142 |
---- |
143 |
- data/org.gnome.login-screen.gschema.xml.in | 2 +- |
144 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
145 |
- |
146 |
-diff --git a/data/org.gnome.login-screen.gschema.xml.in b/data/org.gnome.login-screen.gschema.xml.in |
147 |
-index 03da374..5e81bc0 100644 |
148 |
---- a/data/org.gnome.login-screen.gschema.xml.in |
149 |
-+++ b/data/org.gnome.login-screen.gschema.xml.in |
150 |
-@@ -31,7 +31,7 @@ |
151 |
- </_description> |
152 |
- </key> |
153 |
- <key name="logo" type="s"> |
154 |
-- <default>''</default> |
155 |
-+ <default>'/usr/share/pixmaps/gentoo-gdm.svg'</default> |
156 |
- <_summary> |
157 |
- Path to small image at top of user list |
158 |
- </_summary> |
159 |
--- |
160 |
-1.8.5.1 |
161 |
- |
162 |
|
163 |
diff --git a/gnome-base/gdm/gdm-3.26.2.1.ebuild b/gnome-base/gdm/gdm-3.26.2.1.ebuild |
164 |
deleted file mode 100644 |
165 |
index 8f528e56..00000000 |
166 |
--- a/gnome-base/gdm/gdm-3.26.2.1.ebuild |
167 |
+++ /dev/null |
168 |
@@ -1,198 +0,0 @@ |
169 |
-# Copyright 1999-2018 Gentoo Foundation |
170 |
-# Distributed under the terms of the GNU General Public License v2 |
171 |
- |
172 |
-EAPI=6 |
173 |
-GNOME2_LA_PUNT="yes" |
174 |
- |
175 |
-inherit eutils gnome2 pam readme.gentoo-r1 systemd user |
176 |
- |
177 |
-DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" |
178 |
-HOMEPAGE="https://wiki.gnome.org/Projects/GDM" |
179 |
- |
180 |
-SRC_URI="${SRC_URI} |
181 |
- branding? ( https://www.mail-archive.com/tango-artists@×××××××××××××××××.org/msg00043/tango-gentoo-v1.1.tar.gz ) |
182 |
-" |
183 |
- |
184 |
-LICENSE=" |
185 |
- GPL-2+ |
186 |
- branding? ( CC-BY-SA-4.0 ) |
187 |
-" |
188 |
- |
189 |
-SLOT="0" |
190 |
- |
191 |
-IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux smartcard tcpd test wayland xinerama" |
192 |
- |
193 |
-KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" |
194 |
- |
195 |
-# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 |
196 |
-# nspr used by smartcard extension |
197 |
-# dconf, dbus and g-s-d are needed at install time for dconf update |
198 |
-# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 |
199 |
-COMMON_DEPEND=" |
200 |
- app-text/iso-codes |
201 |
- >=dev-libs/glib-2.36:2[dbus] |
202 |
- >=x11-libs/gtk+-2.91.1:3 |
203 |
- >=gnome-base/dconf-0.20 |
204 |
- >=gnome-base/gnome-settings-daemon-3.1.4 |
205 |
- gnome-base/gsettings-desktop-schemas |
206 |
- >=media-libs/fontconfig-2.5.0:1.0 |
207 |
- >=media-libs/libcanberra-0.4[gtk3] |
208 |
- sys-apps/dbus |
209 |
- >=sys-apps/accountsservice-0.6.35 |
210 |
- |
211 |
- x11-apps/sessreg |
212 |
- x11-base/xorg-server |
213 |
- x11-libs/libXi |
214 |
- x11-libs/libXau |
215 |
- x11-libs/libX11 |
216 |
- x11-libs/libXdmcp |
217 |
- x11-libs/libXext |
218 |
- x11-libs/libXft |
219 |
- x11-libs/libxcb |
220 |
- >=x11-misc/xdg-utils-1.0.2-r3 |
221 |
- |
222 |
- virtual/pam |
223 |
- >=sys-apps/systemd-186:0=[pam] |
224 |
- |
225 |
- sys-auth/pambase[systemd] |
226 |
- |
227 |
- audit? ( sys-process/audit ) |
228 |
- introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) |
229 |
- plymouth? ( sys-boot/plymouth ) |
230 |
- selinux? ( sys-libs/libselinux ) |
231 |
- tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) |
232 |
- xinerama? ( x11-libs/libXinerama ) |
233 |
-" |
234 |
-# XXX: These deps are from session and desktop files in data/ directory |
235 |
-# fprintd is used via dbus by gdm-fingerprint-extension |
236 |
-# gnome-session-3.6 needed to avoid freezing with orca |
237 |
-RDEPEND="${COMMON_DEPEND} |
238 |
- >=gnome-base/gnome-session-3.6 |
239 |
- >=gnome-base/gnome-shell-3.1.90 |
240 |
- x11-apps/xhost |
241 |
- |
242 |
- accessibility? ( |
243 |
- >=app-accessibility/orca-3.10 |
244 |
- gnome-extra/mousetweaks ) |
245 |
- fprint? ( |
246 |
- sys-auth/fprintd |
247 |
- sys-auth/pam_fprint ) |
248 |
- |
249 |
- !gnome-extra/fast-user-switch-applet |
250 |
-" |
251 |
-DEPEND="${COMMON_DEPEND} |
252 |
- app-text/docbook-xml-dtd:4.1.2 |
253 |
- dev-util/gdbus-codegen |
254 |
- >=dev-util/intltool-0.40.0 |
255 |
- dev-util/itstool |
256 |
- virtual/pkgconfig |
257 |
- x11-base/xorg-proto |
258 |
- test? ( >=dev-libs/check-0.9.4 ) |
259 |
-" |
260 |
- |
261 |
-DOC_CONTENTS=" |
262 |
- To make GDM start at boot, run:\n |
263 |
- # systemctl enable gdm.service\n |
264 |
- \n |
265 |
- For passwordless login to unlock your keyring, you need to install |
266 |
- sys-auth/pambase with USE=gnome-keyring and set an empty password |
267 |
- on your keyring. Use app-crypt/seahorse for that.\n |
268 |
- \n |
269 |
- You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 |
270 |
- for smartcard support |
271 |
-" |
272 |
- |
273 |
-pkg_setup() { |
274 |
- enewgroup gdm |
275 |
- enewgroup video # Just in case it hasn't been created yet |
276 |
- enewuser gdm -1 -1 /var/lib/gdm gdm,video |
277 |
- |
278 |
- # For compatibility with certain versions of nvidia-drivers, etc., need to |
279 |
- # ensure that gdm user is in the video group |
280 |
- if ! egetent group video | grep -q gdm; then |
281 |
- # FIXME XXX: is this at all portable, ldap-safe, etc.? |
282 |
- # XXX: egetent does not have a 1-argument form, so we can't use it to |
283 |
- # get the list of gdm's groups |
284 |
- local g=$(groups gdm) |
285 |
- elog "Adding user gdm to video group" |
286 |
- usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" |
287 |
- fi |
288 |
-} |
289 |
- |
290 |
-src_prepare() { |
291 |
- # ssh-agent handling must be done at xinitrc.d, bug #220603 |
292 |
- eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" |
293 |
- |
294 |
- # Gentoo does not have a fingerprint-auth pam stack |
295 |
- eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" |
296 |
- |
297 |
- # Show logo when branding is enabled |
298 |
- use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch" |
299 |
- |
300 |
- gnome2_src_prepare |
301 |
-} |
302 |
- |
303 |
-src_configure() { |
304 |
- local myconf |
305 |
- # PAM is the only auth scheme supported |
306 |
- # even though configure lists shadow and crypt |
307 |
- # they don't have any corresponding code. |
308 |
- # --with-at-spi-registryd-directory= needs to be passed explicitly because |
309 |
- # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 |
310 |
- # Xevie is obsolete, bug #482304 |
311 |
- # --with-initial-vt=7 conflicts with plymouth, bug #453392 |
312 |
- ! use plymouth && myconf="${myconf} --with-initial-vt=7" |
313 |
- |
314 |
- gnome2_src_configure \ |
315 |
- --enable-gdm-xsession \ |
316 |
- --enable-user-display-server \ |
317 |
- --with-run-dir=/run/gdm \ |
318 |
- --localstatedir="${EPREFIX}"/var \ |
319 |
- --disable-static \ |
320 |
- --with-xdmcp=yes \ |
321 |
- --enable-authentication-scheme=pam \ |
322 |
- --with-default-pam-config=exherbo \ |
323 |
- --with-pam-mod-dir=$(getpam_mod_dir) \ |
324 |
- --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \ |
325 |
- --without-xevie \ |
326 |
- --enable-systemd-journal \ |
327 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ |
328 |
- $(use_with audit libaudit) \ |
329 |
- $(use_enable ipv6) \ |
330 |
- $(use_with plymouth) \ |
331 |
- $(use_with selinux) \ |
332 |
- $(use_with tcpd tcp-wrappers) \ |
333 |
- $(use_enable wayland wayland-support) \ |
334 |
- $(use_with xinerama) \ |
335 |
- ${myconf} |
336 |
-} |
337 |
- |
338 |
-src_install() { |
339 |
- gnome2_src_install |
340 |
- |
341 |
- if ! use accessibility ; then |
342 |
- rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die |
343 |
- fi |
344 |
- |
345 |
- exeinto /etc/X11/xinit/xinitrc.d |
346 |
- newexe "${FILESDIR}/49-keychain-r1" 49-keychain |
347 |
- newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent |
348 |
- |
349 |
- # gdm user's home directory |
350 |
- keepdir /var/lib/gdm |
351 |
- fowners gdm:gdm /var/lib/gdm |
352 |
- |
353 |
- # install XDG_DATA_DIRS gdm changes |
354 |
- echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm |
355 |
- doenvd 99xdg-gdm |
356 |
- |
357 |
- use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg |
358 |
- |
359 |
- readme.gentoo_create_doc |
360 |
-} |
361 |
- |
362 |
-pkg_postinst() { |
363 |
- gnome2_pkg_postinst |
364 |
- systemd_reenable gdm.service |
365 |
- readme.gentoo_print_elog |
366 |
-} |
367 |
|
368 |
diff --git a/gnome-base/gdm/metadata.xml b/gnome-base/gdm/metadata.xml |
369 |
deleted file mode 100644 |
370 |
index 747420ed..00000000 |
371 |
--- a/gnome-base/gdm/metadata.xml |
372 |
+++ /dev/null |
373 |
@@ -1,14 +0,0 @@ |
374 |
-<?xml version="1.0" encoding="UTF-8"?> |
375 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
376 |
-<pkgmetadata> |
377 |
-<maintainer type="project"> |
378 |
- <email>gnome@g.o</email> |
379 |
- <name>Gentoo GNOME Desktop</name> |
380 |
-</maintainer> |
381 |
-<use> |
382 |
- <flag name="fprint">Enables experimental fingerprint authentication using |
383 |
- <pkg>sys-auth/fprintd</pkg></flag> |
384 |
- <flag name="plymouth">Enable support for smooth transition from |
385 |
- <pkg>sys-boot/plymouth</pkg></flag> |
386 |
-</use> |
387 |
-</pkgmetadata> |