Hello community, here is the log from the commit of package kscreenlocker for openSUSE:Factory checked in at 2017-06-10 17:54:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kscreenlocker (Old) and /work/SRC/openSUSE:Factory/.kscreenlocker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kscreenlocker" Sat Jun 10 17:54:43 2017 rev:27 rq:501479 version:5.10.1 Changes: -------- --- /work/SRC/openSUSE:Factory/kscreenlocker/kscreenlocker.changes 2017-06-01 16:25:37.391286609 +0200 +++ /work/SRC/openSUSE:Factory/.kscreenlocker.new/kscreenlocker.changes 2017-06-10 17:54:45.368013821 +0200 @@ -1,0 +2,21 @@ +Tue Jun 6 17:19:55 CEST 2017 - [email protected] + +- Update to 5.10.1 + * New bugfix release + * For more details please see: + * https://www.kde.org/announcements/plasma-5.10.1.php +- Changes since 5.10.0: + * Fixup protocol mismatch between greeter and kcheckpass (kde#380491) + * Fix detection of sys/event.h on FreeBSD < 12 + * kcheckpass: Add support in for non-Linux platforms via kevent. +- Remove patches, now upstream: + * 0001-Fixup-protocol-mismatch-between-greeter-and-kcheckpa.patch + +------------------------------------------------------------------- +Sun Jun 4 19:00:05 UTC 2017 - [email protected] + +- Add upstream patch to fix screenlocker breaking with empty password + (kde#380491): + * 0001-Fixup-protocol-mismatch-between-greeter-and-kcheckpa.patch + +------------------------------------------------------------------- Old: ---- kscreenlocker-5.10.0.tar.xz New: ---- kscreenlocker-5.10.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kscreenlocker.spec ++++++ --- /var/tmp/diff_new_pack.I502EP/_old 2017-06-10 17:54:45.887940406 +0200 +++ /var/tmp/diff_new_pack.I502EP/_new 2017-06-10 17:54:45.891939842 +0200 @@ -18,13 +18,13 @@ %bcond_without lang Name: kscreenlocker -Version: 5.10.0 +Version: 5.10.1 Release: 0 Summary: Library and components for secure lock screen architecture License: GPL-2.0+ Group: System/GUI/KDE Url: https://projects.kde.org/kscreenlocker -Source: kscreenlocker-%{version}.tar.xz +Source: http://download.kde.org/stable/plasma/%{version}/kscreenlocker-%{version}.tar.xz # PATCH-FIX-OPENSUSE fix-wayland-version-requirement.diff -- Changes wayland requirement from 1.3 to 1.2.1 Patch0: fix-wayland-version-requirement.diff BuildRequires: cmake >= 2.8.12 ++++++ kscreenlocker-5.10.0.tar.xz -> kscreenlocker-5.10.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kscreenlocker-5.10.0/CMakeLists.txt new/kscreenlocker-5.10.1/CMakeLists.txt --- old/kscreenlocker-5.10.0/CMakeLists.txt 2017-05-26 10:48:45.000000000 +0200 +++ new/kscreenlocker-5.10.1/CMakeLists.txt 2017-06-06 13:26:49.000000000 +0200 @@ -1,4 +1,4 @@ -set(PROJECT_VERSION "5.10.0") +set(PROJECT_VERSION "5.10.1") set(PROJECT_VERSION_MAJOR 5) cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR) @@ -33,6 +33,20 @@ CAN_DISABLE_PTRACE "Required for disallowing ptrace on greeter and kcheckpass process") +check_include_file("sys/signalfd.h" HAVE_SIGNALFD_H) +if (NOT HAVE_SIGNALFD_H) + check_include_files("sys/types.h;sys/event.h" HAVE_EVENT_H) +endif () +if (NOT (HAVE_SIGNALFD_H OR HAVE_EVENT_H)) + message(FATAL_ERROR "kcheckpass either needs signalfd() or kevent()&sigtimedwait() to work") +endif () +add_feature_info("sys/signalfd.h" + HAVE_SIGNALFD_H + "Use the signalfd() api for signalhandling") +add_feature_info("sys/event.h" + HAVE_EVENT_H + "Use the kevent() and sigwaitinfo() api for signalhandling") + find_package(KF5 ${KF5_MIN_VERSION} REQUIRED COMPONENTS Crash Declarative diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kscreenlocker-5.10.0/config-kscreenlocker.h.cmake new/kscreenlocker-5.10.1/config-kscreenlocker.h.cmake --- old/kscreenlocker-5.10.0/config-kscreenlocker.h.cmake 2017-05-26 10:47:19.000000000 +0200 +++ new/kscreenlocker-5.10.1/config-kscreenlocker.h.cmake 2017-06-06 13:25:13.000000000 +0200 @@ -13,3 +13,5 @@ #cmakedefine01 HAVE_SYS_PROCCTL_H #cmakedefine01 HAVE_PROC_TRACE_CTL #cmakedefine01 HAVE_SECCOMP +#cmakedefine01 HAVE_SIGNALFD_H +#cmakedefine01 HAVE_EVENT_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kscreenlocker-5.10.0/greeter/authenticator.cpp new/kscreenlocker-5.10.1/greeter/authenticator.cpp --- old/kscreenlocker-5.10.0/greeter/authenticator.cpp 2017-05-26 10:47:19.000000000 +0200 +++ new/kscreenlocker-5.10.1/greeter/authenticator.cpp 2017-06-06 13:25:13.000000000 +0200 @@ -36,6 +36,7 @@ #include <sys/socket.h> #include <sys/wait.h> #include <unistd.h> +#include <signal.h> Authenticator::Authenticator(AuthenticationMode mode, QObject *parent) : QObject(parent) @@ -241,27 +242,19 @@ ::free( arr ); return; case ConvGetNormal: - if (!GRecvArr( &arr )) - break; - GSendStr(m_password.toUtf8().constData()); - if (!m_password.isEmpty()) { - // IsSecret - GSendInt(1); - } - if (arr) - ::free( arr ); - return; case ConvGetHidden: + { if (!GRecvArr( &arr )) break; - GSendStr(m_password.toUtf8().constData()); - if (!m_password.isEmpty()) { - // IsSecret - GSendInt(1); - } + QByteArray utf8pass = m_password.toUtf8(); + GSendStr(utf8pass.constData()); + if (utf8pass.constData() != nullptr) + GSendInt(IsPassword); + if (arr) ::free( arr ); return; + } case ConvPutInfo: if (!GRecvArr( &arr )) break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kscreenlocker-5.10.0/kcheckpass/kcheckpass.c new/kscreenlocker-5.10.1/kcheckpass/kcheckpass.c --- old/kscreenlocker-5.10.0/kcheckpass/kcheckpass.c 2017-05-26 10:47:19.000000000 +0200 +++ new/kscreenlocker-5.10.1/kcheckpass/kcheckpass.c 2017-06-06 13:25:13.000000000 +0200 @@ -56,7 +56,6 @@ #include <stdlib.h> #include <errno.h> #include <time.h> -#include <sys/signalfd.h> #include <signal.h> #include <config-kscreenlocker.h> @@ -67,6 +66,14 @@ #include <unistd.h> #include <sys/procctl.h> #endif +#if HAVE_SIGNALFD_H +#include <sys/signalfd.h> +#endif +#if HAVE_EVENT_H +#include <sys/types.h> +#include <sys/event.h> +#include <sys/time.h> +#endif #define THROTTLE 3 @@ -265,9 +272,18 @@ uid_t uid; AuthReturn ret; sigset_t signalMask; +#if HAVE_SIGNALFD_H int signalFd; struct signalfd_siginfo fdsi; ssize_t sigReadSize; +#endif +#if HAVE_EVENT_H + /* Event Queue */ + int keventQueue; + /* Listen for two events: SIGUSR1 and SIGUSR2 */ + struct kevent keventEvent[2]; + int keventData; +#endif pid_t parentPid; parentPid = getppid(); @@ -346,15 +362,50 @@ conv_server(ConvPutAuthError, 0); return 1; } +#if HAVE_SIGNALFD_H signalFd = signalfd(-1, &signalMask, SFD_CLOEXEC); if (signalFd == -1) { message("Signal fd failed\n"); conv_server(ConvPutAuthError, 0); return 1; } +#endif +#if HAVE_EVENT_H + /* Setup the kequeu */ + keventQueue = kqueue(); + if (keventQueue == -1) { + message("Failed to create kqueue for SIGUSR1\n"); + conv_server(ConvPutAuthError, 0); + return 1; + } + /* Setup the events */ + EV_SET(&keventEvent[0], SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); + EV_SET(&keventEvent[1], SIGUSR2, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); + int setupResult = kevent(keventQueue, &keventEvent, 2, NULL, 0, NULL); + if (setupResult == -1) { + message("Failed to attach event to the kqueue\n"); + conv_server(ConvPutAuthError, 0); + return 1; + } + if (keventEvent[0].flags & EV_ERROR) { + message("Error in kevent for SIGUSR1: %s\n", strerror(keventEvent[0].data)); + conv_server(ConvPutAuthError, 0); + return 1; + } + if (keventEvent[1].flags & EV_ERROR) { + message("Error in kevent for SIGUSR2: %s\n", strerror(keventEvent[1].data)); + conv_server(ConvPutAuthError, 0); + return 1; + } + + /* signal_info for sigwaitinfo() */ + siginfo_t signalInfo; + +#endif // now lets block on the fd for (;;) { conv_server(ConvPutReadyForAuthentication, 0); +#if HAVE_SIGNALFD_H sigReadSize = read(signalFd, &fdsi, sizeof(struct signalfd_siginfo)); if (sigReadSize != sizeof(struct signalfd_siginfo)) { message("Read wrong size\n"); @@ -365,6 +416,44 @@ message("signal from wrong process\n"); continue; } +#endif +#if HAVE_EVENT_H + keventData = kevent(keventQueue, NULL, 0, keventEvent, 1, NULL); + if ( keventData == -1 ) { + /* Let's figure this out in the future, shall we */ + message("kevent() failed with %d\n", errno); + return 1; + } + else if ( keventData == 0 ) { + /* Do we need to handle timeouts? */ + message("kevent timeout\n"); + continue; + } + // We know we got a SIGUSR1 or SIGUSR2, so fetch it via sigwaitinfo() + // (otherwise, we could have used sigtimedwait() ) + int signalReturn = sigwaitinfo(&signalMask, &signalInfo); + if (signalReturn < 0) { + if (errno == EINTR) { + message("sigawaitinfo() interrupted by unblocked caught signal"); + continue; + } + else if (errno == EAGAIN) { + /* This should not happen, as kevent notified us about such a signal */ + message("no signal of type USR1 or USR2 pending."); + continue; + } + else { + message("Unhandled error in sigwaitinfo()"); + conv_server(ConvPutAuthError, 0); + return 1; + } + } + if (signalReturn == SIGUSR1) { + if (signalInfo.si_pid != parentPid) { + message("signal from wrong process\n"); + continue; + } +#endif /* Now do the fandango */ ret = Authenticate(method, username, @@ -396,12 +485,22 @@ // we don't support multiple auth for setuid kcheckpass break; } +#if HAVE_SIGNALFD_H } else if (fdsi.ssi_signo == SIGUSR2) { if (fdsi.ssi_pid != parentPid) { message("signal from wrong process\n"); continue; } break; +#endif +#if HAVE_EVENT_H + } else if (signalReturn == SIGUSR2 ) { + if (signalInfo.si_pid != parentPid) { + message("signal from wrong process\n"); + continue; + } + break; +#endif } else { message("unexpected signal\n"); }
