commit: 7d8dc86e28c18d907412f3400e9172a868b76322
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 27 22:58:10 2018 +0000
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Thu Sep 27 22:58:10 2018 +0000
URL: https://gitweb.gentoo.org/proj/gnome.git/commit/?id=7d8dc86e
gnome-base/gdm: remove old security vulnerable, use ::gentoo revbump
Main tree version has patches to fix CVE-2018-14424, which were missed
here during sync with main tree (presumably it was thought 3.26 already
had the patches, but it doesn't).
gnome-base/gdm/files/49-keychain-r1 | 9 -
gnome-base/gdm/files/50-ssh-agent-r1 | 10 --
.../gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch | 32 ----
.../gdm/files/gdm-3.8.4-fingerprint-auth.patch | 29 ---
gnome-base/gdm/files/gdm-3.8.4-logo.patch | 25 ---
gnome-base/gdm/gdm-3.26.2.1.ebuild | 198 ---------------------
gnome-base/gdm/metadata.xml | 14 --
7 files changed, 317 deletions(-)
diff --git a/gnome-base/gdm/files/49-keychain-r1
b/gnome-base/gdm/files/49-keychain-r1
deleted file mode 100644
index 51a1ca87..00000000
--- a/gnome-base/gdm/files/49-keychain-r1
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-# source keychain variables
-
-keychain="`which keychain 2>/dev/null`"
-if [ -n "$keychain" ] && [ -x "$keychain" ] && [ -f "$HOME/.bash_profile" ]
-then
- . "${HOME}/.bash_profile"
-fi
diff --git a/gnome-base/gdm/files/50-ssh-agent-r1
b/gnome-base/gdm/files/50-ssh-agent-r1
deleted file mode 100644
index 4d94fb04..00000000
--- a/gnome-base/gdm/files/50-ssh-agent-r1
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-# add ssh-agent if found
-
-sshagent="`which ssh-agent 2>/dev/null`"
-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
- command="$sshagent -- $command"
-elif [ -z "$sshagent" ] ; then
- echo "$0: ssh-agent not found!"
-fi
diff --git a/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch
b/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch
deleted file mode 100644
index bfd8398a..00000000
--- a/gnome-base/gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c0581264d5e2b412aa27dc30623512b461024e4f Mon Sep 17 00:00:00 2001
-From: Gilles Dartiguelongue <[email protected]>
-Date: Tue, 2 Nov 2010 23:19:31 +0100
-Subject: [PATCH 2/4] ssh-agent handling must be done at xinitrc.d
-
-Gentoo bug: #220603
----
- data/Xsession.in | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/data/Xsession.in b/data/Xsession.in
-index 201be92..88f1fd9 100755
---- a/data/Xsession.in
-+++ b/data/Xsession.in
-@@ -191,14 +191,6 @@ if [ -d /etc/X11/xinit/xinitrc.d ]; then
- done
- fi
-
--# add ssh-agent if found
--sshagent="`gdmwhich ssh-agent`"
--if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
-- command="$sshagent -- $command"
--elif [ -z "$sshagent" ] ; then
-- echo "$0: ssh-agent not found!"
--fi
--
- echo "$0: Setup done, will execute: $command"
-
- eval exec $command
---
-1.8.5.1
-
diff --git a/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch
b/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch
deleted file mode 100644
index cd19077a..00000000
--- a/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 75fe02c2b383b27b202940bdedd7d8d2c64169fb Mon Sep 17 00:00:00 2001
-From: Alexandre Rostovtsev <[email protected]>
-Date: Tue, 30 Jul 2013 22:56:30 -0400
-Subject: [PATCH 3/4] Gentoo does not have a fingerprint-auth pam stack
-
----
- data/pam-exherbo/gdm-fingerprint.pam | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/data/pam-exherbo/gdm-fingerprint.pam
b/data/pam-exherbo/gdm-fingerprint.pam
-index 41639ec..d9633fb 100644
---- a/data/pam-exherbo/gdm-fingerprint.pam
-+++ b/data/pam-exherbo/gdm-fingerprint.pam
-@@ -1,6 +1,11 @@
- account include system-login
-
--auth substack fingerprint-auth
-+auth optional pam_env.so
-+auth required pam_tally2.so onerr=succeed
-+auth required pam_shells.so
-+auth required pam_nologin.so
-+auth required pam_fprintd.so
-+auth required pam_permit.so
- auth optional pam_gnome_keyring.so
-
- password required pam_deny.so
---
-1.8.5.1
-
diff --git a/gnome-base/gdm/files/gdm-3.8.4-logo.patch
b/gnome-base/gdm/files/gdm-3.8.4-logo.patch
deleted file mode 100644
index 151d4bc7..00000000
--- a/gnome-base/gdm/files/gdm-3.8.4-logo.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From bcc651df77a429a6bf9b13892f71fedb1b87a069 Mon Sep 17 00:00:00 2001
-From: Gilles Dartiguelongue <[email protected]>
-Date: Wed, 11 Dec 2013 22:46:58 +0100
-Subject: [PATCH 4/4] Apply Gentoo branding
-
----
- data/org.gnome.login-screen.gschema.xml.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/data/org.gnome.login-screen.gschema.xml.in
b/data/org.gnome.login-screen.gschema.xml.in
-index 03da374..5e81bc0 100644
---- a/data/org.gnome.login-screen.gschema.xml.in
-+++ b/data/org.gnome.login-screen.gschema.xml.in
-@@ -31,7 +31,7 @@
- </_description>
- </key>
- <key name="logo" type="s">
-- <default>''</default>
-+ <default>'/usr/share/pixmaps/gentoo-gdm.svg'</default>
- <_summary>
- Path to small image at top of user list
- </_summary>
---
-1.8.5.1
-
diff --git a/gnome-base/gdm/gdm-3.26.2.1.ebuild
b/gnome-base/gdm/gdm-3.26.2.1.ebuild
deleted file mode 100644
index 8f528e56..00000000
--- a/gnome-base/gdm/gdm-3.26.2.1.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-GNOME2_LA_PUNT="yes"
-
-inherit eutils gnome2 pam readme.gentoo-r1 systemd user
-
-DESCRIPTION="GNOME Display Manager for managing graphical display servers and
user logins"
-HOMEPAGE="https://wiki.gnome.org/Projects/GDM";
-
-SRC_URI="${SRC_URI}
- branding? (
https://www.mail-archive.com/[email protected]/msg00043/tango-gentoo-v1.1.tar.gz
)
-"
-
-LICENSE="
- GPL-2+
- branding? ( CC-BY-SA-4.0 )
-"
-
-SLOT="0"
-
-IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux
smartcard tcpd test wayland xinerama"
-
-KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86"
-
-# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686
-# nspr used by smartcard extension
-# dconf, dbus and g-s-d are needed at install time for dconf update
-# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784
-COMMON_DEPEND="
- app-text/iso-codes
- >=dev-libs/glib-2.36:2[dbus]
- >=x11-libs/gtk+-2.91.1:3
- >=gnome-base/dconf-0.20
- >=gnome-base/gnome-settings-daemon-3.1.4
- gnome-base/gsettings-desktop-schemas
- >=media-libs/fontconfig-2.5.0:1.0
- >=media-libs/libcanberra-0.4[gtk3]
- sys-apps/dbus
- >=sys-apps/accountsservice-0.6.35
-
- x11-apps/sessreg
- x11-base/xorg-server
- x11-libs/libXi
- x11-libs/libXau
- x11-libs/libX11
- x11-libs/libXdmcp
- x11-libs/libXext
- x11-libs/libXft
- x11-libs/libxcb
- >=x11-misc/xdg-utils-1.0.2-r3
-
- virtual/pam
- >=sys-apps/systemd-186:0=[pam]
-
- sys-auth/pambase[systemd]
-
- audit? ( sys-process/audit )
- introspection? ( >=dev-libs/gobject-introspection-0.9.12:= )
- plymouth? ( sys-boot/plymouth )
- selinux? ( sys-libs/libselinux )
- tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
- xinerama? ( x11-libs/libXinerama )
-"
-# XXX: These deps are from session and desktop files in data/ directory
-# fprintd is used via dbus by gdm-fingerprint-extension
-# gnome-session-3.6 needed to avoid freezing with orca
-RDEPEND="${COMMON_DEPEND}
- >=gnome-base/gnome-session-3.6
- >=gnome-base/gnome-shell-3.1.90
- x11-apps/xhost
-
- accessibility? (
- >=app-accessibility/orca-3.10
- gnome-extra/mousetweaks )
- fprint? (
- sys-auth/fprintd
- sys-auth/pam_fprint )
-
- !gnome-extra/fast-user-switch-applet
-"
-DEPEND="${COMMON_DEPEND}
- app-text/docbook-xml-dtd:4.1.2
- dev-util/gdbus-codegen
- >=dev-util/intltool-0.40.0
- dev-util/itstool
- virtual/pkgconfig
- x11-base/xorg-proto
- test? ( >=dev-libs/check-0.9.4 )
-"
-
-DOC_CONTENTS="
- To make GDM start at boot, run:\n
- # systemctl enable gdm.service\n
- \n
- For passwordless login to unlock your keyring, you need to install
- sys-auth/pambase with USE=gnome-keyring and set an empty password
- on your keyring. Use app-crypt/seahorse for that.\n
- \n
- You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11
- for smartcard support
-"
-
-pkg_setup() {
- enewgroup gdm
- enewgroup video # Just in case it hasn't been created yet
- enewuser gdm -1 -1 /var/lib/gdm gdm,video
-
- # For compatibility with certain versions of nvidia-drivers, etc., need
to
- # ensure that gdm user is in the video group
- if ! egetent group video | grep -q gdm; then
- # FIXME XXX: is this at all portable, ldap-safe, etc.?
- # XXX: egetent does not have a 1-argument form, so we can't use
it to
- # get the list of gdm's groups
- local g=$(groups gdm)
- elog "Adding user gdm to video group"
- usermod -G video,${g// /,} gdm || die "Adding user gdm to video
group failed"
- fi
-}
-
-src_prepare() {
- # ssh-agent handling must be done at xinitrc.d, bug #220603
- eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch"
-
- # Gentoo does not have a fingerprint-auth pam stack
- eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch"
-
- # Show logo when branding is enabled
- use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch"
-
- gnome2_src_prepare
-}
-
-src_configure() {
- local myconf
- # PAM is the only auth scheme supported
- # even though configure lists shadow and crypt
- # they don't have any corresponding code.
- # --with-at-spi-registryd-directory= needs to be passed explicitly
because
- # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4
- # Xevie is obsolete, bug #482304
- # --with-initial-vt=7 conflicts with plymouth, bug #453392
- ! use plymouth && myconf="${myconf} --with-initial-vt=7"
-
- gnome2_src_configure \
- --enable-gdm-xsession \
- --enable-user-display-server \
- --with-run-dir=/run/gdm \
- --localstatedir="${EPREFIX}"/var \
- --disable-static \
- --with-xdmcp=yes \
- --enable-authentication-scheme=pam \
- --with-default-pam-config=exherbo \
- --with-pam-mod-dir=$(getpam_mod_dir) \
- --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \
- --without-xevie \
- --enable-systemd-journal \
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
- $(use_with audit libaudit) \
- $(use_enable ipv6) \
- $(use_with plymouth) \
- $(use_with selinux) \
- $(use_with tcpd tcp-wrappers) \
- $(use_enable wayland wayland-support) \
- $(use_with xinerama) \
- ${myconf}
-}
-
-src_install() {
- gnome2_src_install
-
- if ! use accessibility ; then
- rm
"${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die
- fi
-
- exeinto /etc/X11/xinit/xinitrc.d
- newexe "${FILESDIR}/49-keychain-r1" 49-keychain
- newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent
-
- # gdm user's home directory
- keepdir /var/lib/gdm
- fowners gdm:gdm /var/lib/gdm
-
- # install XDG_DATA_DIRS gdm changes
- echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm
- doenvd 99xdg-gdm
-
- use branding && newicon
"${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg
-
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- gnome2_pkg_postinst
- systemd_reenable gdm.service
- readme.gentoo_print_elog
-}
diff --git a/gnome-base/gdm/metadata.xml b/gnome-base/gdm/metadata.xml
deleted file mode 100644
index 747420ed..00000000
--- a/gnome-base/gdm/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
-<pkgmetadata>
-<maintainer type="project">
- <email>[email protected]</email>
- <name>Gentoo GNOME Desktop</name>
-</maintainer>
-<use>
- <flag name="fprint">Enables experimental fingerprint authentication
using
- <pkg>sys-auth/fprintd</pkg></flag>
- <flag name="plymouth">Enable support for smooth transition from
- <pkg>sys-boot/plymouth</pkg></flag>
-</use>
-</pkgmetadata>
