From e68d405c5d712af4387159df07e226217bdda049 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 6 Apr 2022 22:33:41 +0100
Subject: gentoo resync : 06.04.2022

---
 .../files/sddm-0.12.0-respect-user-flags.patch     | 26 ------
 x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch   | 20 -----
 x11-misc/sddm/files/sddm-0.18.0-Xsession.patch     | 24 ------
 x11-misc/sddm/files/sddm-0.18.1-Xsession.patch     | 24 ++++++
 .../sddm/files/sddm-0.18.1-cve-2020-28049.patch    | 94 ++++++++++++++++++++++
 .../files/sddm-0.18.1-respect-user-flags.patch     | 25 ++++++
 x11-misc/sddm/files/sddm.tmpfiles                  |  1 +
 7 files changed, 144 insertions(+), 70 deletions(-)
 delete mode 100644 x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch
 delete mode 100644 x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch
 delete mode 100644 x11-misc/sddm/files/sddm-0.18.0-Xsession.patch
 create mode 100644 x11-misc/sddm/files/sddm-0.18.1-Xsession.patch
 create mode 100644 x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch
 create mode 100644 x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch
 create mode 100644 x11-misc/sddm/files/sddm.tmpfiles

(limited to 'x11-misc/sddm/files')

diff --git a/x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch b/x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch
deleted file mode 100644
index fc450169792d..000000000000
--- a/x11-misc/sddm/files/sddm-0.12.0-respect-user-flags.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -u CMakeLists.txt CMakeLists.txt 
---- a/CMakeLists.txt      2015-09-05 22:40:50.000000000 +0200
-+++ b/CMakeLists.txt      2015-09-07 12:15:33.419530808 +0200
-@@ -35,22 +35,6 @@
- # Definitions
- add_definitions(-Wall -std=c++11 -DQT_NO_CAST_FROM_ASCII)
- 
--# Default build type
--if(NOT CMAKE_BUILD_TYPE)
--    set(CMAKE_BUILD_TYPE Release)
--endif()
--
--# Handle build type
--if(CMAKE_BUILD_TYPE MATCHES [Dd]ebug)
--    message(STATUS "Debug build")
--    add_definitions(-DDEBUG)
--    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0")
--else()
--    message(STATUS "Release build")
--    add_definitions(-DNDEBUG)
--    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O2")
--endif()
--
- # Default absolute paths
- if(NOT DEFINED CMAKE_INSTALL_SYSCONFDIR)
-     set(CMAKE_INSTALL_SYSCONFDIR "/etc")
diff --git a/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch b/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch
deleted file mode 100644
index bbe2a272840c..000000000000
--- a/x11-misc/sddm/files/sddm-0.16.0-ck2-revert.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-SDDM 0.16.0 fails to start with consolekit2 because it assumes consolekit2
-has the same interface names as logind.
-
-This patch forces sddm to use legacy behaviour when consolekit2 is detected.
-
-Bug: https://bugs.gentoo.org/633920
-Bug: https://github.com/sddm/sddm/issues/903
-Bug: https://github.com/ConsoleKit2/ConsoleKit2/issues/99
-
---- a/src/daemon/LogindDBusTypes.cpp
-+++ b/src/daemon/LogindDBusTypes.cpp
-@@ -60,7 +60,7 @@
- 
-     if (QDBusConnection::systemBus().interface()->isServiceRegistered(QStringLiteral("org.freedesktop.ConsoleKit"))) {
-         qDebug() << "Console kit interface found";
--        available = true;
-+        available = false;
-         serviceName = QStringLiteral("org.freedesktop.ConsoleKit");
-         managerPath = QStringLiteral("/org/freedesktop/ConsoleKit/Manager");
-         managerIfaceName = QStringLiteral("/org.freedesktop.ConsoleKit.Manager"); //note this doesn't match logind
diff --git a/x11-misc/sddm/files/sddm-0.18.0-Xsession.patch b/x11-misc/sddm/files/sddm-0.18.0-Xsession.patch
deleted file mode 100644
index 41c813a06645..000000000000
--- a/x11-misc/sddm/files/sddm-0.18.0-Xsession.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- a/data/scripts/Xsession	2016-08-28 14:52:04.910181422 +0200
-+++ b/data/scripts/Xsession	2017-10-21 15:25:47.668886596 +0200
-@@ -50,6 +50,10 @@
-     ;;
- esac
- 
-+# Make D-Bus and ConsoleKit start properly, see:
-+# /etc/X11/xinit/xinitrc.d/{80-dbus,90-consolekit}
-+command="$@"
-+
- [ -f /etc/xprofile ] && . /etc/xprofile
- [ -f $HOME/.xprofile ] && . $HOME/.xprofile
- 
-@@ -94,8 +98,8 @@
-   . "$USERXSESSION"
- fi
- 
--if [ -z "$*" ]; then
-+if [ -z "$command" ]; then
-     exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session."
- else
--    exec $@
-+    exec $command
- fi
diff --git a/x11-misc/sddm/files/sddm-0.18.1-Xsession.patch b/x11-misc/sddm/files/sddm-0.18.1-Xsession.patch
new file mode 100644
index 000000000000..e1e3c1527be7
--- /dev/null
+++ b/x11-misc/sddm/files/sddm-0.18.1-Xsession.patch
@@ -0,0 +1,24 @@
+--- a/data/scripts/Xsession
++++ b/data/scripts/Xsession
+@@ -50,6 +50,10 @@
+     ;;
+ esac
+ 
++# Make D-Bus start properly, see:
++# /etc/X11/xinit/xinitrc.d/80-dbus
++command="$@"
++
+ [ -f /etc/xprofile ] && . /etc/xprofile
+ [ -f $HOME/.xprofile ] && . $HOME/.xprofile
+ 
+@@ -94,8 +98,8 @@
+   . "$USERXSESSION"
+ fi
+ 
+-if [ -z "$*" ]; then
++if [ -z "$command" ]; then
+     exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session."
+ else
+-    exec $@
++    exec $command
+ fi
diff --git a/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch
new file mode 100644
index 000000000000..8209c0739dc6
--- /dev/null
+++ b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch
@@ -0,0 +1,94 @@
+From be202f533ab98a684c6a007e8d5b4357846bc222 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Tue, 6 Oct 2020 21:21:38 +0200
+Subject: [PATCH] Fix X not having access control on startup
+
+If the auth file is empty, X allows any local application (= any user on the
+system) to connect. This is currently the case until X wrote the display
+number to sddm and sddm used that to write the entry into the file.
+To work around this chicken-and-egg problem, make use of the fact that X
+doesn't actually look at the display number in the passed auth file and just
+use :0 unconditionally. Also make sure that writing the entry was actually
+successful.
+
+CVE-2020-28049
+---
+ src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++-----
+ src/daemon/XorgDisplayServer.h   |  2 +-
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp
+index d04f6344..df685b2d 100644
+--- a/src/daemon/XorgDisplayServer.cpp
++++ b/src/daemon/XorgDisplayServer.cpp
+@@ -88,7 +88,7 @@ namespace SDDM {
+         return m_cookie;
+     }
+ 
+-    void XorgDisplayServer::addCookie(const QString &file) {
++    bool XorgDisplayServer::addCookie(const QString &file) {
+         // log message
+         qDebug() << "Adding cookie to" << file;
+ 
+@@ -104,13 +104,13 @@ namespace SDDM {
+ 
+         // check file
+         if (!fp)
+-            return;
++            return false;
+         fprintf(fp, "remove %s\n", qPrintable(m_display));
+         fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie));
+         fprintf(fp, "exit\n");
+ 
+         // close pipe
+-        pclose(fp);
++        return pclose(fp) == 0;
+     }
+ 
+     bool XorgDisplayServer::start() {
+@@ -127,6 +127,15 @@ namespace SDDM {
+         // log message
+         qDebug() << "Display server starting...";
+ 
++        // generate auth file.
++        // For the X server's copy, the display number doesn't matter.
++        // An empty file would result in no access control!
++        m_display = QStringLiteral(":0");
++        if(!addCookie(m_authPath)) {
++            qCritical() << "Failed to write xauth file";
++            return false;
++        }
++
+         if (daemonApp->testing()) {
+             QStringList args;
+             QDir x11socketDir(QStringLiteral("/tmp/.X11-unix"));
+@@ -217,8 +226,14 @@ namespace SDDM {
+             emit started();
+         }
+ 
+-        // generate auth file
+-        addCookie(m_authPath);
++        // The file is also used by the greeter, which does care about the
++        // display number. Write the proper entry, if it's different.
++        if(m_display != QStringLiteral(":0")) {
++            if(!addCookie(m_authPath)) {
++                qCritical() << "Failed to write xauth file";
++                return false;
++            }
++        }
+         changeOwner(m_authPath);
+ 
+         // set flag
+diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h
+index d2bdf6d4..e97a0b53 100644
+--- a/src/daemon/XorgDisplayServer.h
++++ b/src/daemon/XorgDisplayServer.h
+@@ -40,7 +40,7 @@ namespace SDDM {
+ 
+         const QString &cookie() const;
+ 
+-        void addCookie(const QString &file);
++        bool addCookie(const QString &file);
+ 
+     public slots:
+         bool start();
diff --git a/x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch b/x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch
new file mode 100644
index 000000000000..6801fa799ead
--- /dev/null
+++ b/x11-misc/sddm/files/sddm-0.18.1-respect-user-flags.patch
@@ -0,0 +1,25 @@
+--- a/CMakeLists.txt	2020-10-12 13:03:39.000000000 +0200
++++ b/CMakeLists.txt	2020-10-12 23:40:04.480687143 +0200
+@@ -41,22 +41,6 @@
+ # Definitions
+ add_definitions(-Wall -std=c++11 -DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_FROM_BYTEARRAY -DQT_NO_FOREACH)
+ 
+-# Default build type
+-if(NOT CMAKE_BUILD_TYPE)
+-    set(CMAKE_BUILD_TYPE Release)
+-endif()
+-
+-# Handle build type
+-if(CMAKE_BUILD_TYPE MATCHES [Dd]ebug)
+-    message(STATUS "Debug build")
+-    add_definitions(-DDEBUG)
+-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0")
+-else()
+-    message(STATUS "Release build")
+-    add_definitions(-DNDEBUG)
+-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O2")
+-endif()
+-
+ # Default absolute paths
+ if(NOT DEFINED CMAKE_INSTALL_SYSCONFDIR)
+     set(CMAKE_INSTALL_SYSCONFDIR "/etc")
diff --git a/x11-misc/sddm/files/sddm.tmpfiles b/x11-misc/sddm/files/sddm.tmpfiles
new file mode 100644
index 000000000000..300d646138c1
--- /dev/null
+++ b/x11-misc/sddm/files/sddm.tmpfiles
@@ -0,0 +1 @@
+d /var/lib/sddm 0755 sddm sddm
-- 
cgit v1.2.3