gentoo resync : 06.04.2022

author: V3n3RiX <venerix@koprulu.sector> 2022-04-06 22:33:41 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-04-06 22:33:41 +0100
commit: e68d405c5d712af4387159df07e226217bdda049 (patch)
tree: 009ab0f3d427f0813e62930d71802cb054c07e30 /x11-misc/sddm/files
parent: 401101f9c8077911929d3f2b60a37098460a5d89 (diff)
5 files changed, 103 insertions, 29 deletions
diff --git a/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch b/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch
deleted file mode 100644
index bbe2a272840c..000000000000
--- a/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-SDDM 0.16.0 fails to start with consolekit2 because it assumes consolekit2
-has the same interface names as logind.
-
-This patch forces sddm to use legacy behaviour when consolekit2 is detected.
-
-Bug: https://bugs.gentoo.org/633920
-Bug: https://github.com/sddm/sddm/issues/903
-Bug: https://github.com/ConsoleKit2/ConsoleKit2/issues/99
-
---- a/src/daemon/LogindDBusTypes.cpp
-+++ b/src/daemon/LogindDBusTypes.cpp
-@@ -60,7 +60,7 @@
- 
-     if (QDBusConnection::systemBus().interface()->isServiceRegistered(QStringLiteral("org.freedesktop.ConsoleKit"))) {
-         qDebug() << "Console kit interface found";
--        available = true;
-+        available = false;
-         serviceName = QStringLiteral("org.freedesktop.ConsoleKit");
-         managerPath = QStringLiteral("/org/freedesktop/ConsoleKit/Manager");
-         managerIfaceName = QStringLiteral("/org.freedesktop.ConsoleKit.Manager"); //note this doesn't match logind
diff --git a/x11-misc/sddm/files/sddm-0.18.0-Xsession.patch b/x11-misc/sddm/files/sddm-0.18.1-Xsession.patch
index 41c813a06645..e1e3c1527be7 100644
--- a/x11-misc/sddm/files/sddm-0.18.0-Xsession.patch
+++ b/x11-misc/sddm/files/sddm-0.18.1-Xsession.patch
@@ -1,11 +1,11 @@
---- a/data/scripts/Xsession	2016-08-28 14:52:04.910181422 +0200
-+++ b/data/scripts/Xsession	2017-10-21 15:25:47.668886596 +0200
+--- a/data/scripts/Xsession
++++ b/data/scripts/Xsession
 @@ -50,6 +50,10 @@
      ;;
  esac
  
-+# Make D-Bus and ConsoleKit start properly, see:
-+# /etc/X11/xinit/xinitrc.d/{80-dbus,90-consolekit}
++# Make D-Bus start properly, see:
++# /etc/X11/xinit/xinitrc.d/80-dbus
 +command="$@"
 +
  [ -f /etc/xprofile ] && . /etc/xprofile
diff --git a/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch
new file mode 100644
index 000000000000..8209c0739dc6
--- /dev/null
+++ b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch
@@ -0,0 +1,94 @@
+From be202f533ab98a684c6a007e8d5b4357846bc222 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Tue, 6 Oct 2020 21:21:38 +0200
+Subject: [PATCH] Fix X not having access control on startup
+
+If the auth file is empty, X allows any local application (= any user on the
+system) to connect. This is currently the case until X wrote the display
+number to sddm and sddm used that to write the entry into the file.
+To work around this chicken-and-egg problem, make use of the fact that X
+doesn't actually look at the display number in the passed auth file and just
+use :0 unconditionally. Also make sure that writing the entry was actually
+successful.
+
+CVE-2020-28049
+---
+ src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++-----
+ src/daemon/XorgDisplayServer.h   |  2 +-
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp
+index d04f6344..df685b2d 100644
+--- a/src/daemon/XorgDisplayServer.cpp
++++ b/src/daemon/XorgDisplayServer.cpp
+@@ -88,7 +88,7 @@ namespace SDDM {
+         return m_cookie;
+     }
+ 
+-    void XorgDisplayServer::addCookie(const QString &file) {
++    bool XorgDisplayServer::addCookie(const QString &file) {
+         // log message
+         qDebug() << "Adding cookie to" << file;
+ 
+@@ -104,13 +104,13 @@ namespace SDDM {
+ 
+         // check file
+         if (!fp)
+-            return;
++            return false;
+         fprintf(fp, "remove %s\n", qPrintable(m_display));
+         fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie));
+         fprintf(fp, "exit\n");
+ 
+         // close pipe
+-        pclose(fp);
++        return pclose(fp) == 0;
+     }
+ 
+     bool XorgDisplayServer::start() {
+@@ -127,6 +127,15 @@ namespace SDDM {
+         // log message
+         qDebug() << "Display server starting...";
+ 
++        // generate auth file.
++        // For the X server's copy, the display number doesn't matter.
++        // An empty file would result in no access control!
++        m_display = QStringLiteral(":0");
++        if(!addCookie(m_authPath)) {
++            qCritical() << "Failed to write xauth file";
++            return false;
++        }
++
+         if (daemonApp->testing()) {
+             QStringList args;
+             QDir x11socketDir(QStringLiteral("/tmp/.X11-unix"));
+@@ -217,8 +226,14 @@ namespace SDDM {
+             emit started();
+         }
+ 
+-        // generate auth file
+-        addCookie(m_authPath);
++        // The file is also used by the greeter, which does care about the
++        // display number. Write the proper entry, if it's different.
++        if(m_display != QStringLiteral(":0")) {
++            if(!addCookie(m_authPath)) {
++                qCritical() << "Failed to write xauth file";
++                return false;
++            }
++        }
+         changeOwner(m_authPath);
+ 
+         // set flag
+diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h
+index d2bdf6d4..e97a0b53 100644
+--- a/src/daemon/XorgDisplayServer.h
++++ b/src/daemon/XorgDisplayServer.h
+@@ -40,7 +40,7 @@ namespace SDDM {
+ 
+         const QString &cookie() const;
+ 
+-        void addCookie(const QString &file);
++        bool addCookie(const QString &file);
+ 
+     public slots:
+         bool start();
diff --git a/x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch b/x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch
index fc450169792d..6801fa799ead 100644
--- a/x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch
+++ b/x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch
@@ -1,9 +1,8 @@
-diff -u CMakeLists.txt CMakeLists.txt 
---- a/CMakeLists.txt      2015-09-05 22:40:50.000000000 +0200
-+++ b/CMakeLists.txt      2015-09-07 12:15:33.419530808 +0200
-@@ -35,22 +35,6 @@
+--- a/CMakeLists.txt	2020-10-12 13:03:39.000000000 +0200
++++ b/CMakeLists.txt	2020-10-12 23:40:04.480687143 +0200
+@@ -41,22 +41,6 @@
  # Definitions
- add_definitions(-Wall -std=c++11 -DQT_NO_CAST_FROM_ASCII)
+ add_definitions(-Wall -std=c++11 -DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_FROM_BYTEARRAY -DQT_NO_FOREACH)
  
 -# Default build type
 -if(NOT CMAKE_BUILD_TYPE)
diff --git a/x11-misc/sddm/files/sddm.tmpfiles b/x11-misc/sddm/files/sddm.tmpfiles
new file mode 100644
index 000000000000..300d646138c1
--- /dev/null
+++ b/x11-misc/sddm/files/sddm.tmpfiles
@@ -0,0 +1 @@
+d /var/lib/sddm 0755 sddm sddm
author	V3n3RiX <venerix@koprulu.sector>	2022-04-06 22:33:41 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-04-06 22:33:41 +0100
commit	e68d405c5d712af4387159df07e226217bdda049 (patch)
tree	009ab0f3d427f0813e62930d71802cb054c07e30 /x11-misc/sddm/files
parent	401101f9c8077911929d3f2b60a37098460a5d89 (diff)