commit: fa688468a75b6463a9265e4f85077a60eceddcf2 Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> AuthorDate: Wed Aug 15 15:30:45 2018 +0000 Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> CommitDate: Wed Aug 15 15:52:05 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa688468
gnome-base/gdm: CVE-2018-14424 and related patches While here, remove an ancient fixup for a supposedly temporary gdm-3.5 bug that had resulted in wrong /var/lib/gdm permissions, and remove unused versionator inherit. Bug: https://bugs.gentoo.org/662782 Package-Manager: Portage-2.3.44, Repoman-2.3.10 gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch | 163 +++++++++++++++++ .../files/3.24.3-display-object-lifetime-fix.patch | 61 +++++++ gnome-base/gdm/gdm-3.24.3-r1.ebuild | 202 +++++++++++++++++++++ 3 files changed, 426 insertions(+) diff --git a/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch b/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch new file mode 100644 index 00000000000..4edb0670958 --- /dev/null +++ b/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch @@ -0,0 +1,163 @@ +From 6060db704a19b0db68f2e9e6a2d020c0c78b6bba Mon Sep 17 00:00:00 2001 +From: Chris Coulson <[email protected]> +Date: Thu, 19 Jul 2018 18:26:05 +0100 +Subject: [PATCH] display-store: Pass the display object rather than the id in + the removed signal + +By the time GdmDisplayStore emits the "display-removed" signal, the display +is no longer in the store and gdm_display_store_lookup will not work in +signal handlers. + +Change the "display-removed" parameter from the display id to the GdmDisplay +object, so that signal handers can perform any cleanup they need to do + +CVE-2018-14424 + +Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401 +--- + daemon/gdm-display-store.c | 11 +++-------- + daemon/gdm-display-store.h | 2 +- + daemon/gdm-local-display-factory.c | 13 +++---------- + daemon/gdm-manager.c | 19 +++++++++---------- + daemon/gdm-manager.h | 3 ++- + 5 files changed, 18 insertions(+), 30 deletions(-) + +diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c +index af76f519..fd24334e 100644 +--- a/daemon/gdm-display-store.c ++++ b/daemon/gdm-display-store.c +@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store, + static void + stored_display_free (StoredDisplay *stored_display) + { +- char *id; +- +- gdm_display_get_id (stored_display->display, &id, NULL); +- + g_signal_emit (G_OBJECT (stored_display->store), + signals[DISPLAY_REMOVED], + 0, +- id); +- g_free (id); ++ stored_display->display); + + g_debug ("GdmDisplayStore: Unreffing display: %p", + stored_display->display); +@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass) + G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate)); + } +diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h +index 28359933..0aff8ee2 100644 +--- a/daemon/gdm-display-store.h ++++ b/daemon/gdm-display-store.h +@@ -49,7 +49,7 @@ typedef struct + void (* display_added) (GdmDisplayStore *display_store, + const char *id); + void (* display_removed) (GdmDisplayStore *display_store, +- const char *id); ++ GdmDisplay *display); + } GdmDisplayStoreClass; + + typedef enum +diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c +index b29f5ac5..403921d3 100644 +--- a/daemon/gdm-local-display-factory.c ++++ b/daemon/gdm-local-display-factory.c +@@ -558,18 +558,11 @@ on_display_added (GdmDisplayStore *display_store, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmLocalDisplayFactory *factory) + { +- GdmDisplay *display; +- +- display = gdm_display_store_lookup (display_store, id); +- +- if (display != NULL) { +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); +- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); +- +- } ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); ++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); + } + + static gboolean +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 7539acf1..1943d89e 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1700,19 +1700,18 @@ on_display_status_changed (GdmDisplay *display, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmManager *manager) + { +- GdmDisplay *display; ++ char *id; + +- display = gdm_display_store_lookup (display_store, id); +- if (display != NULL) { +- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ gdm_display_get_id (display, &id, NULL); ++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ g_free (id); + +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); + +- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id); +- } ++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display); + } + + static void +@@ -2694,9 +2693,9 @@ gdm_manager_class_init (GdmManagerClass *klass) + G_STRUCT_OFFSET (GdmManagerClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_object_class_install_property (object_class, + PROP_XDMCP_ENABLED, +diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h +index 41c68a7a..c8fb3f22 100644 +--- a/daemon/gdm-manager.h ++++ b/daemon/gdm-manager.h +@@ -24,6 +24,7 @@ + + #include <glib-object.h> + ++#include "gdm-display.h" + #include "gdm-manager-glue.h" + + G_BEGIN_DECLS +@@ -50,7 +51,7 @@ typedef struct + void (* display_added) (GdmManager *manager, + const char *id); + void (* display_removed) (GdmManager *manager, +- const char *id); ++ GdmDisplay *display); + } GdmManagerClass; + + typedef enum +-- +2.17.1 + diff --git a/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch new file mode 100644 index 00000000000..47366ed686c --- /dev/null +++ b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch @@ -0,0 +1,61 @@ +From 765b306c364885dd89d47fe9fe8618ce6a467bc1 Mon Sep 17 00:00:00 2001 +From: Ray Strode <[email protected]> +Date: Thu, 19 Jul 2018 16:01:23 -0400 +Subject: [PATCH] display: tie skeleton handlers to object lifetime + +Right now we assume a display skeleton object won't +outlive its associated display object. + +In theory that should be true, but if we accidentally +leak the skeleton it could erroneously happen. + +If that does happen then we'll end accessing free'd +memory, so the leak will turn into a crasher. + +This commit addresses this problem by ensuring +the skeleton signal handlers are disconnected when the +associated display object goes away. + +CVE-2018-14424 +--- + daemon/gdm-display.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c +index 1b58781d..5e193f2f 100644 +--- a/daemon/gdm-display.c ++++ b/daemon/gdm-display.c +@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self) + self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id); + self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ()); + +- g_signal_connect (self->priv->display_skeleton, "handle-get-id", +- G_CALLBACK (handle_get_id), self); +- g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname", +- G_CALLBACK (handle_get_remote_hostname), self); +- g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id", +- G_CALLBACK (handle_get_seat_id), self); +- g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name", +- G_CALLBACK (handle_get_x11_display_name), self); +- g_signal_connect (self->priv->display_skeleton, "handle-is-local", +- G_CALLBACK (handle_is_local), self); +- g_signal_connect (self->priv->display_skeleton, "handle-is-initial", +- G_CALLBACK (handle_is_initial), self); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-id", ++ G_CALLBACK (handle_get_id), self, 0); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname", ++ G_CALLBACK (handle_get_remote_hostname), self, 0); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id", ++ G_CALLBACK (handle_get_seat_id), self, 0); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name", ++ G_CALLBACK (handle_get_x11_display_name), self, 0); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-local", ++ G_CALLBACK (handle_is_local), self, 0); ++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial", ++ G_CALLBACK (handle_is_initial), self, 0); + + g_dbus_object_skeleton_add_interface (self->priv->object_skeleton, + G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton)); +-- +2.17.1 + diff --git a/gnome-base/gdm/gdm-3.24.3-r1.ebuild b/gnome-base/gdm/gdm-3.24.3-r1.ebuild new file mode 100644 index 00000000000..a2cb1b8cc7a --- /dev/null +++ b/gnome-base/gdm/gdm-3.24.3-r1.ebuild @@ -0,0 +1,202 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +GNOME2_LA_PUNT="yes" + +inherit eutils gnome2 pam readme.gentoo-r1 systemd user + +DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" +HOMEPAGE="https://wiki.gnome.org/Projects/GDM"; + +SRC_URI="${SRC_URI} + branding? ( https://www.mail-archive.com/[email protected]/msg00043/tango-gentoo-v1.1.tar.gz ) +" + +LICENSE=" + GPL-2+ + branding? ( CC-BY-SA-4.0 ) +" + +SLOT="0" + +IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux smartcard tcpd test wayland xinerama" + +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" + +# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 +# nspr used by smartcard extension +# dconf, dbus and g-s-d are needed at install time for dconf update +# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 +COMMON_DEPEND=" + app-text/iso-codes + >=dev-libs/glib-2.36:2[dbus] + >=x11-libs/gtk+-2.91.1:3 + >=gnome-base/dconf-0.20 + >=gnome-base/gnome-settings-daemon-3.1.4 + gnome-base/gsettings-desktop-schemas + >=media-libs/fontconfig-2.5.0:1.0 + >=media-libs/libcanberra-0.4[gtk3] + sys-apps/dbus + >=sys-apps/accountsservice-0.6.35 + + x11-apps/sessreg + x11-base/xorg-server + x11-libs/libXi + x11-libs/libXau + x11-libs/libX11 + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libXft + x11-libs/libxcb + >=x11-misc/xdg-utils-1.0.2-r3 + + virtual/pam + >=sys-apps/systemd-186:0=[pam] + + sys-auth/pambase[systemd] + + audit? ( sys-process/audit ) + introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) + plymouth? ( sys-boot/plymouth ) + selinux? ( sys-libs/libselinux ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + xinerama? ( x11-libs/libXinerama ) +" +# XXX: These deps are from session and desktop files in data/ directory +# fprintd is used via dbus by gdm-fingerprint-extension +# gnome-session-3.6 needed to avoid freezing with orca +RDEPEND="${COMMON_DEPEND} + >=gnome-base/gnome-session-3.6 + >=gnome-base/gnome-shell-3.1.90 + x11-apps/xhost + + accessibility? ( + >=app-accessibility/orca-3.10 + gnome-extra/mousetweaks ) + fprint? ( + sys-auth/fprintd + sys-auth/pam_fprint ) + + !gnome-extra/fast-user-switch-applet +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + dev-util/gdbus-codegen + >=dev-util/intltool-0.40.0 + dev-util/itstool + virtual/pkgconfig + x11-base/xorg-proto + test? ( >=dev-libs/check-0.9.4 ) +" + +DOC_CONTENTS=" + To make GDM start at boot, run:\n + # systemctl enable gdm.service\n + \n + For passwordless login to unlock your keyring, you need to install + sys-auth/pambase with USE=gnome-keyring and set an empty password + on your keyring. Use app-crypt/seahorse for that.\n + \n + You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 + for smartcard support +" + +pkg_setup() { + enewgroup gdm + enewgroup video # Just in case it hasn't been created yet + enewuser gdm -1 -1 /var/lib/gdm gdm,video + + # For compatibility with certain versions of nvidia-drivers, etc., need to + # ensure that gdm user is in the video group + if ! egetent group video | grep -q gdm; then + # FIXME XXX: is this at all portable, ldap-safe, etc.? + # XXX: egetent does not have a 1-argument form, so we can't use it to + # get the list of gdm's groups + local g=$(groups gdm) + elog "Adding user gdm to video group" + usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" + fi +} + +src_prepare() { + # ssh-agent handling must be done at xinitrc.d, bug #220603 + eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" + + # Gentoo does not have a fingerprint-auth pam stack + eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" + + # CVE-2018-14424, bug #662782 + eapply "${FILESDIR}/${PV}-CVE-2018-14424.patch" + eapply "${FILESDIR}/${PV}-display-object-lifetime-fix.patch" + + # Show logo when branding is enabled + use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch" + + gnome2_src_prepare +} + +src_configure() { + local myconf + # PAM is the only auth scheme supported + # even though configure lists shadow and crypt + # they don't have any corresponding code. + # --with-at-spi-registryd-directory= needs to be passed explicitly because + # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 + # Xevie is obsolete, bug #482304 + # --with-initial-vt=7 conflicts with plymouth, bug #453392 + ! use plymouth && myconf="${myconf} --with-initial-vt=7" + + gnome2_src_configure \ + --enable-gdm-xsession \ + --enable-user-display-server \ + --with-run-dir=/run/gdm \ + --localstatedir="${EPREFIX}"/var \ + --disable-static \ + --with-xdmcp=yes \ + --enable-authentication-scheme=pam \ + --with-default-pam-config=exherbo \ + --with-pam-mod-dir=$(getpam_mod_dir) \ + --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \ + --without-xevie \ + --enable-systemd-journal \ + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ + $(use_with audit libaudit) \ + $(use_enable ipv6) \ + $(use_with plymouth) \ + $(use_with selinux) \ + $(use_with tcpd tcp-wrappers) \ + $(use_enable wayland wayland-support) \ + $(use_with xinerama) \ + ${myconf} +} + +src_install() { + gnome2_src_install + + if ! use accessibility ; then + rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die + fi + + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}/49-keychain-r1" 49-keychain + newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent + + # gdm user's home directory + keepdir /var/lib/gdm + fowners gdm:gdm /var/lib/gdm + + # install XDG_DATA_DIRS gdm changes + echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm + doenvd 99xdg-gdm + + use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg + + readme.gentoo_create_doc +} + +pkg_postinst() { + gnome2_pkg_postinst + systemd_reenable gdm.service + readme.gentoo_print_elog +}
