reinit the tree, so we can have metadata

5 files changed, 399 insertions, 0 deletions

diff --git a/x11-apps/xdm/files/Xsession b/x11-apps/xdm/files/Xsession
new file mode 100644
index 000000000000..ffeef4c87420
--- /dev/null
+++ b/x11-apps/xdm/files/Xsession
@@ -0,0 +1,73 @@
+#!/bin/bash --login
+#
+# $Xorg: Xsession,v 1.4 2000/08/17 19:54:17 cpqbld Exp $
+#
+#
+#
+#
+# $XFree86: xc/programs/xdm/config/Xsession,v 1.3 2001/01/17 23:45:24 dawes Exp $
+
+# redirect errors to a file in user's home directory if we can
+for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER"
+do
+	if ( cp /dev/null "$errfile" 2> /dev/null )
+	then
+		chmod 600 "$errfile"
+		exec > "$errfile" 2>&1
+		break
+	fi
+done
+
+# handle KDM
+if [ -n "$1" ]; then
+	export XSESSION="$1"
+fi
+
+xinitdir=/usr/X11R6/lib/X11/xinit
+startup=$HOME/.xsession
+userresources=$HOME/.Xresources
+usermodmap=$HOME/.Xmodmap
+sysresources=$xinitdir/.Xresources
+sysmodmap=$xinitdir/.Xmodmap
+
+# First run the system default.  Because KDE uses this
+# to switch sessions, we MUST first check the system
+# default, and then ~/.xsession.  If the user Do not
+# want this, he should override XSESSION, or at least
+# clear it.
+if [ -n "`/etc/X11/chooser.sh`" ]; then
+	exec "`/etc/X11/chooser.sh`"
+# If not defined, try the user's ~/.xsession
+elif [ -s "$startup" ]; then
+
+	# merge in defaults and keymaps
+
+	if [ -f $sysresources ]; then
+		xrdb -merge $sysresources
+	fi
+
+	if [ -f $sysmodmap ]; then
+		xmodmap $sysmodmap
+	fi
+
+	if [ -f $userresources ]; then
+		xrdb -merge $userresources
+	fi
+
+	if [ -f $usermodmap ]; then
+		xmodmap $usermodmap
+	fi
+
+	if [ -x "$startup" ]; then
+		exec "$startup"
+	else
+		exec /bin/sh "$startup"
+	fi
+# Lastly, xsm as failsafe
+else
+	if [ -r "$userresources" ]; then
+		xrdb -load "$userresources"
+	fi
+	exec xsm
+fi
+
diff --git a/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch
new file mode 100644
index 000000000000..db948094b755
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-arc4random-include.patch
@@ -0,0 +1,18 @@
+diff -ur a/xdm/genauth.c b/xdm/genauth.c
+--- a/xdm/genauth.c	2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/genauth.c	2014-01-06 16:28:09.664060603 +0100
+@@ -40,6 +40,14 @@
+ 
+ #include <errno.h>
+ 
++#ifdef HAVE_ARC4RANDOM
++# ifdef __linux__
++#  include <bsd/stdlib.h>
++# else
++#  include <stdlib.h>
++# endif
++#endif
++
+ #include <time.h>
+ #define Time_t time_t
+ 
diff --git a/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
new file mode 100644
index 000000000000..34ae7ceb3cd6
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
@@ -0,0 +1,41 @@
+From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Wed, 22 May 2013 14:20:26 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+diff --git a/greeter/verify.c b/greeter/verify.c
+index db3cb7d..b009e2b 100644
+--- a/greeter/verify.c
++++ b/greeter/verify.c
+@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ 	struct spwd	*sp;
+ #  endif
+ 	char		*user_pass = NULL;
++	char		*crypted_pass = NULL;
+ # endif
+ # ifdef __OpenBSD__
+ 	char            *s;
+@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ #  if defined(ultrix) || defined(__ultrix__)
+ 	if (authenticate_user(p, greet->password, NULL) < 0)
+ #  else
+-	if (strcmp (crypt (greet->password, user_pass), user_pass))
++	crypted_pass = crypt (greet->password, user_pass);
++	if ((crypted_pass == NULL)
++	    || (strcmp (crypted_pass, user_pass)))
+ #  endif
+ 	{
+ 		if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch
new file mode 100644
index 000000000000..0a3f32bbea02
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-setproctitle-include.patch
@@ -0,0 +1,37 @@
+diff -ur a/xdm/choose.c b/xdm/choose.c
+--- a/xdm/choose.c	2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/choose.c	2014-01-06 16:33:09.628065364 +0100
+@@ -54,6 +54,14 @@
+ #  include       <tiuser.h>
+ # endif
+ 
++# ifdef HAVE_SETPROCTITLE
++#  ifdef __linux__
++#   include <bsd/unistd.h>
++#  else
++#   include <unistd.h>
++#  endif
++# endif
++
+ # include <time.h>
+ # define Time_t time_t
+ 
+diff -ur a/xdm/session.c b/xdm/session.c
+--- a/xdm/session.c	2011-09-25 09:35:47.000000000 +0200
++++ b/xdm/session.c	2014-01-06 16:40:57.508072789 +0100
+@@ -54,6 +54,15 @@
+ # include <usersec.h>
+ #endif
+ 
++# ifdef HAVE_SETPROCTITLE
++#  include <sys/types.h>
++#  ifdef __linux__
++#   include <bsd/unistd.h>
++#  else
++#   include <unistd.h>
++#  endif
++# endif
++
+ #ifndef USE_PAM        /* PAM modules should handle these */
+ # ifdef SECURE_RPC
+ #  include <rpc/rpc.h>
diff --git a/x11-apps/xdm/files/xdm-consolekit.patch b/x11-apps/xdm/files/xdm-consolekit.patch
new file mode 100644
index 000000000000..fbacd36fc073
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-consolekit.patch
@@ -0,0 +1,230 @@
+http://bugs.gentoo.org/360987
+http://projects.archlinux.org/svntogit/packages.git/plain/trunk/xdm-consolekit.patch?h=packages/xorg-xdm
+http://lists.x.org/archives/xorg-devel/2011-February/019615.html
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -362,6 +362,20 @@
+
+ AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes)
+
++# ConsoleKit support
++AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]),
++	[USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes])
++if test x"$USE_CONSOLEKIT" != xno; then
++	PKG_CHECK_MODULES(CK_CONNECTOR, ck-connector,
++		[USE_CONSOLEKIT=yes], [USE_CONSOLEKIT=no])
++	if test x"$USE_CONSOLEKIT" = xyes; then
++		AC_DEFINE([USE_CONSOLEKIT], 1, [Define to 1 to use ConsoleKit])
++		XDM_CFLAGS="$XDM_CFLAGS $CK_CONNECTOR_CFLAGS -DUSE_CONSOLEKIT"
++		XDM_LIBS="$XDM_LIBS $CK_CONNECTOR_LIBS"
++	fi
++fi
++dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes)
++
+ #
+ #  XDM
+ #
+--- a/xdm/session.c
++++ b/xdm/session.c
+@@ -66,6 +66,11 @@
+ #endif
+ #endif /* USE_PAM */
+
++#ifdef USE_CONSOLEKIT
++#include <ck-connector.h>
++#include <dbus/dbus.h>
++#endif
++
+ #ifdef __SCO__
+ #include <prot.h>
+ #endif
+@@ -472,6 +477,97 @@
+     }
+ }
+
++#ifdef USE_CONSOLEKIT
++
++static CkConnector *connector;
++
++static int openCKSession(struct verify_info *verify, struct display *d)
++{
++    int ret;
++    DBusError error;
++    char  *remote_host_name = "";
++    dbus_bool_t is_local;
++    char *display_name = "";
++    char *display_device = "";
++    char devtmp[16];
++
++    if (!use_consolekit)
++	return 1;
++
++    is_local = d->displayType.location == Local;
++    if (d->peerlen > 0 && d->peer)
++	remote_host_name = d->peer;
++    if (d->name)
++	display_name = d->name;
++    /* how can we get the corresponding tty at best...? */
++    if (d->windowPath) {
++	display_device = strchr(d->windowPath, ':');
++	if (display_device && display_device[1])
++	    display_device++;
++	else
++	    display_device = d->windowPath;
++	snprintf(devtmp, sizeof(devtmp), "/dev/tty%s", display_device);
++	display_device = devtmp;
++    }
++
++    connector = ck_connector_new();
++    if (!connector) {
++	LogOutOfMem("ck_connector");
++	return 0;
++    }
++
++    dbus_error_init(&error);
++    ret = ck_connector_open_session_with_parameters(
++		connector, &error,
++		"unix-user", &verify->uid,
++		"x11-display", &display_name,
++		"x11-display-device", &display_device,
++		"remote-host-name", &remote_host_name,
++		"is-local", &is_local,
++		NULL);
++    if (!ret) {
++	if (dbus_error_is_set(&error)) {
++	    LogError("Dbus error: %s\n", error.message);
++	    dbus_error_free(&error);
++	} else {
++	    LogError("ConsoleKit error\n");
++	}
++	LogError("console-kit-daemon not running?\n");
++	ck_connector_unref(connector);
++	connector = NULL;
++	return 0;
++    }
++
++    verify->userEnviron = setEnv(verify->userEnviron,
++		"XDG_SESSION_COOKIE", ck_connector_get_cookie(connector));
++    return 1;
++}
++
++static void closeCKSession(void)
++{
++    DBusError error;
++
++    if (!connector)
++	return;
++
++    dbus_error_init(&error);
++    if (!ck_connector_close_session(connector, &error)) {
++	if (dbus_error_is_set(&error)) {
++	    LogError("Dbus error: %s\n", error.message);
++	    dbus_error_free(&error);
++	} else {
++	    LogError("ConsoleKit close error\n");
++	}
++	LogError("console-kit-daemon not running?\n");
++    }
++    ck_connector_unref(connector);
++    connector = NULL;
++}
++#else
++#define openCKSession(v,d)	1
++#define closeCKSession()
++#endif
++
+ void
+ SessionExit (struct display *d, int status, int removeAuth)
+ {
+@@ -486,6 +580,8 @@
+     }
+ #endif
+
++    closeCKSession();
++
+     /* make sure the server gets reset after the session is over */
+     if (d->serverPid >= 2 && d->resetSignal)
+	kill (d->serverPid, d->resetSignal);
+@@ -568,6 +664,10 @@
+ #ifdef USE_PAM
+     if (pamh) pam_open_session(pamh, 0);
+ #endif
++
++    if (!openCKSession(verify, d))
++	return 0;
++
+     switch (pid = fork ()) {
+     case 0:
+	CleanUpChild ();
+--- a/include/dm.h
++++ b/include/dm.h
+@@ -325,6 +325,9 @@
+ extern char	*prngdSocket;
+ extern int	prngdPort;
+ # endif
++#ifdef USE_CONSOLEKIT
++extern int	use_consolekit;
++#endif
+
+ extern char	*greeterLib;
+ extern char	*willing;
+--- a/xdm/resource.c
++++ b/xdm/resource.c
+@@ -68,6 +68,9 @@
+ char	*prngdSocket;
+ int	prngdPort;
+ #endif
++#ifdef USE_CONSOLEKIT
++int	use_consolekit;
++#endif
+
+ char	*greeterLib;
+ char	*willing;
+@@ -258,6 +261,10 @@
+				"false"} ,
+ { "willing",	"Willing",	DM_STRING,	&willing,
+				""} ,
++#ifdef USE_CONSOLEKIT
++{ "consoleKit",	"ConsoleKit",	DM_BOOL,	(char **) &use_consolekit,
++				"true"} ,
++#endif
+ };
+
+ # define NUM_DM_RESOURCES	(sizeof DmResources / sizeof DmResources[0])
+@@ -440,7 +447,11 @@
+ {"-debug",	"*debugLevel",		XrmoptionSepArg,	(caddr_t) NULL },
+ {"-xrm",	NULL,			XrmoptionResArg,	(caddr_t) NULL },
+ {"-daemon",	".daemonMode",		XrmoptionNoArg,		"true"         },
+-{"-nodaemon",	".daemonMode",		XrmoptionNoArg,		"false"        }
++{"-nodaemon",	".daemonMode",		XrmoptionNoArg,		"false"        },
++#ifdef USE_CONSOLEKIT
++{"-consolekit",	".consoleKit",		XrmoptionNoArg,		"true"  },
++{"-noconsolekit", ".consoleKit",	XrmoptionNoArg,		"false" }
++#endif
+ };
+
+ static int	originalArgc;
+--- a/man/xdm.man
++++ b/man/xdm.man
+@@ -51,6 +51,8 @@
+ ] [
+ .B \-session
+ .I session_program
++] [
++.B \-noconsolekit
+ ]
+ .SH DESCRIPTION
+ .I Xdm
+@@ -218,6 +220,10 @@
+ .IP "\fB\-xrm\fP \fIresource_specification\fP"
+ Allows an arbitrary resource to be specified, as in most
+ X Toolkit applications.
++.IP "\fB\-noconsolekit\fP"
++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP
++resource.
++This suppresses the session management using ConsoleKit.
+ .SH RESOURCES
+ At many stages the actions of
+ .I xdm