Date: Thursday, October 20, 2022 @ 20:30:20
Author: heftig
Revision: 458466
43.0-1
Added:
gdm/trunk/0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch
Modified:
gdm/trunk/PKGBUILD
--------------------------------------------------------+
0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch | 21 +++++++++++++++
PKGBUILD | 13 ++++++---
2 files changed, 30 insertions(+), 4 deletions(-)
Added: 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch
===================================================================
--- 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch
(rev 0)
+++ 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch 2022-10-20
20:30:20 UTC (rev 458466)
@@ -0,0 +1,21 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <[email protected]>
+Date: Thu, 20 Oct 2022 20:03:36 +0000
+Subject: [PATCH] pam-arch: Remove user_readenv=1 from pam_env
+
+The insecure `user_readenv` setting has been deprecated with pam 1.5.0
+and will be removed in a future release.
+---
+ data/pam-arch/gdm-launch-environment.pam | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/pam-arch/gdm-launch-environment.pam
b/data/pam-arch/gdm-launch-environment.pam
+index 20d1810a68f5..3c4ad407df89 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -14,4 +14,4 @@ session optional pam_keyinit.so
force revoke
+ session required pam_succeed_if.so audit
quiet_success user in gdm:gnome-initial-setup
+ session optional pam_permit.so
+ -session optional pam_systemd.so
+-session required pam_env.so user_readenv=1
++session required pam_env.so
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-10-20 20:21:16 UTC (rev 458465)
+++ PKGBUILD 2022-10-20 20:30:20 UTC (rev 458466)
@@ -3,7 +3,7 @@
pkgbase=gdm
pkgname=(gdm libgdm)
-pkgver=42.0+r11+g4a52f026
+pkgver=43.0
pkgrel=1
pkgdesc="Display manager and login screen"
url="https://wiki.gnome.org/Projects/GDM";
@@ -14,11 +14,13 @@
makedepends=(yelp-tools gobject-introspection git docbook-xsl meson)
checkdepends=(check)
options=(debug)
-_commit=4a52f026dc0b218a2ca33fa32853c71a0f88a2b4 # main
+_commit=afa6f2ef3d34048cd7a3e1a1ec478be2ff464806 # tags/43.0^0
source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit";
- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+ 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch)
sha256sums=('SKIP'
- '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8')
+ '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8'
+ '7e42077a89a6fcf8b02244b01127af7000a10ed55e09e385eb6fac5aef421c07')
pkgver() {
cd gdm
@@ -30,6 +32,9 @@
# Don't start ssh-agent by default
git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+ # https://bugs.archlinux.org/task/68945
+ git apply -3 ../0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch
}
build() {
