commit gdm for openSUSE:Factory

Thu, 17 Oct 2019 04:04:56 -0700 

Hello community,

here is the log from the commit of package gdm for openSUSE:Factory checked in 
at 2019-10-17 13:04:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gdm (Old)
 and      /work/SRC/openSUSE:Factory/.gdm.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gdm"

Thu Oct 17 13:04:46 2019 rev:218 rq:737582 version:3.34.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/gdm/gdm.changes  2019-08-15 12:24:43.782616230 
+0200
+++ /work/SRC/openSUSE:Factory/.gdm.new.2352/gdm.changes        2019-10-17 
13:04:50.244460529 +0200
@@ -1,0 +2,71 @@
+Tue Oct  8 11:37:53 UTC 2019 - Felix Zhang <[email protected]>
+
+- Add gdm-initial-setup-hardening.patch: Introduce a persistent
+  state file to prevent gnome-initial-setup from running if any
+  regular users has previously logged into the system, replacing
+  the current runtime state file that pervents initial-setup from
+  running more than once per boot, so as to reduce the security
+  attack surface.
+  Make this fix openSUSE only for now as upstream discussion is
+  heading another way involving more complicated mechanisms
+  (boo#1140851, glgo#GNOME/gnome-initial-setup#76).
+- Rebase gdm-disable-gnome-initial-setup.patch.
+
+-------------------------------------------------------------------
+Mon Oct  7 10:02:43 UTC 2019 - Bjørn Lie <[email protected]>
+
+- Update to version 3.34.1:
+  + De-duplicate sessions on pure Xorg too.
+  + Fix fast user switching by assuming the login screen VT is
+    always the initial one.
+  + Updated translations.
+
+-------------------------------------------------------------------
+Wed Sep 18 02:59:55 UTC 2019 - Xiaoguang Wang <[email protected]>
+
+- Update gdm-switch-to-tty1.patch: switch tty after plymouth
+  terminates.
+
+-------------------------------------------------------------------
+Wed Sep 11 16:25:58 UTC 2019 - Bjørn Lie <[email protected]>
+
+- Update to version 3.34.0:
+  + Updated translations.
+
+-------------------------------------------------------------------
+Thu Sep  5 12:30:54 NZST 2019 - [email protected]
+
+- Update to version 3.33.92:
+  + Fix typo in debug message
+  + Revert vt changing fix, because it exposes logind bug and it
+    wasn't quite right anyway
+  + Ensure login screen gets reaped when user switching
+  + Translation updates
+
+-------------------------------------------------------------------
+Sun Sep  1 01:53:57 UTC 2019 - Michael Gorse <[email protected]>
+
+- Update to version 3.33.90:
+  + Update for changes to gnome-settings-daemon.
+  + initial-setup permissions fix.
+  + allow users to set PATH from ~/.config/environment.
+  + support systemd user sessions.
+  + misc warning fixes.
+  + leak fix in libgdm.
+  + vt changing fix.
+  + drop some deprecations.
+  + drop unused icons.
+  + Translation updates.
+  + Changes in version 3.33.4:
+  + Fix session search directories.
+  + Kill user sessions when stopping gdm.
+  + Add way for sessions to register when they successfully started
+  + Translation updates.
+- Rebased gdm-xauthlocalhostname.patch and
+    gdm-disable-gnome-initial-setup.patch.
+- Drop gdm-fails-to-restart-gnome-shell.patch,
+  gdm-kill-user-session.patch, and
+  gdm-remove-duplicate-sessions.patch: fixed upstream.
+- Drop icons and pixmaps from files.
+
+-------------------------------------------------------------------

Old:
----
  _servicedata
  gdm-3.32.0+2.obscpio
  gdm-fails-to-restart-gnome-shell.patch
  gdm-kill-user-session.patch
  gdm-remove-duplicate-sessions.patch

New:
----
  gdm-3.34.1.obscpio
  gdm-initial-setup-hardening.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gdm.spec ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:51.796456532 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:51.800456522 +0200
@@ -19,14 +19,15 @@
 %define systemdsystemunitdir %(pkg-config --variable=systemdsystemunitdir 
systemd)
 # FIXME: need to check what should be done to enable this (at least adapt the 
pam files). See bnc#699999
 %define enable_split_authentication 0
+
 Name:           gdm
-Version:        3.32.0+2
+Version:        3.34.1
 Release:        0
 Summary:        The GNOME Display Manager
 License:        GPL-2.0-or-later
 Group:          System/GUI/GNOME
 URL:            https://wiki.gnome.org/Projects/GDM
-# We are using source services, so no download url for source
+
 Source0:        %{name}-%{version}.tar.xz
 Source1:        gdm.pamd
 Source2:        gdm-autologin.pamd
@@ -54,16 +55,12 @@
 Patch4:         gdm-xauthlocalhostname.patch
 # PATCH-FIX-OPENSUSE gdm-switch-to-tty1.patch bsc#1113700 [email protected] -- 
switch to tty1 when stopping gdm service
 Patch6:         gdm-switch-to-tty1.patch
-# PATCH-FIX-UPSTREAM gdm-fails-to-restart-gnome-shell.patch bsc#981976 
glgo#GNOME/gdm#266 [email protected] -- Gdm should stop after a few times fails
-Patch7:         gdm-fails-to-restart-gnome-shell.patch
 # PATCH-FIX-OPENSUSE 
gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch bnc#1075805 
bgo#793255 [email protected] -- Add runtime option to start X under root instead of 
regular user. Necessary if no DRI drivers are present. rejected upstream
 Patch8:         gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
-# PATCH-FIX-UPSTREAM gdm-kill-user-session.patch bsc#1112294 
glgo#GNOME/gdm#400 [email protected] -- Kill all sessions when stopping gdm service
-Patch11:        gdm-kill-user-session.patch
+# PATCH-FIX-OPENSUSE gdm-initial-setup-hardening.patch boo#1140851, 
glgo#GNOME/gnome-initial-setup#76 [email protected] -- Prevent 
gnome-initial-setup running if any regular user has perviously logged into the 
system
+Patch9:         gdm-initial-setup-hardening.patch
 # PATCH-FIX-OPENSUSE gdm-s390-not-require-g-s-d_wacom.patch bsc#1129412 
[email protected] -- Remove the runtime requirement of g-s-d Wacom plugin
 Patch13:        gdm-s390-not-require-g-s-d_wacom.patch
-# PATCH-FIX-UPSTREAM gdm-remove-duplicate-sessions.patch boo#1131625 
glgo#GNOME/gdm#473 [email protected] -- Remove duplicate sessions once, after all 
sessions have been processed.
-Patch14:        gdm-remove-duplicate-sessions.patch
 ### NOTE: Keep please SLE-only patches at bottom (starting on 1000).
 # PATCH-FIX-SLE gdm-disable-gnome-initial-setup.patch bnc#1067976 
[email protected] -- Disable gnome-initial-setup runs before gdm, g-i-s will only 
serve for CJK people to choose the input-method after login.
 Patch1000:      gdm-disable-gnome-initial-setup.patch
@@ -214,13 +211,11 @@
 %patch3 -p1
 %patch4 -p1
 %patch6 -p1
-%patch7 -p1
 %patch8 -p1
-%patch11 -p1
+%patch9 -p1
 %ifarch s390 s390x
 %patch13 -p1
 %endif
-%patch14 -p1
 
 # SLE-only patches start at 1000
 %if !0%{?is_opensuse}
@@ -343,8 +338,6 @@
 %{_datadir}/gdm/
 %{_datadir}/gnome-session/sessions/gnome-login.session
 %{_datadir}/glib-2.0/schemas/org.gnome.login-screen.gschema.xml
-%{_datadir}/icons/*/*/*/*.*
-%{_datadir}/pixmaps/*.png
 /%{_lib}/security/pam_gdm.so
 %dir %{_libexecdir}/gdm
 %{_libexecdir}/gdm/gdm-*

++++++ _service ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:51.856456378 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:51.856456378 +0200
@@ -2,9 +2,8 @@
   <service name="obs_scm" mode="disabled">
     <param name="scm">git</param>
     <param name="url">https://gitlab.gnome.org/GNOME/gdm.git</param>
-    <param name="revision">gnome-3-32</param>
-    <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
-    <param name="changesgenerate">enable</param>
+    <param name="revision">refs/tags/3.34.1</param>
+    <param name="versionformat">@PARENT_TAG@</param>
   </service>
   <service name="tar" mode="buildtime"/>
   <service name="recompress" mode="buildtime">

++++++ gdm-3.32.0+2.obscpio -> gdm-3.34.1.obscpio ++++++
/work/SRC/openSUSE:Factory/gdm/gdm-3.32.0+2.obscpio 
/work/SRC/openSUSE:Factory/.gdm.new.2352/gdm-3.34.1.obscpio differ: char 48, 
line 1

++++++ gdm-disable-gnome-initial-setup.patch ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:51.928456192 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:51.928456192 +0200
@@ -1,16 +1,17 @@
-diff -Nura gdm-3.26.2.1/daemon/gdm-display.c 
gdm-3.26.2.1_new/daemon/gdm-display.c
---- gdm-3.26.2.1/daemon/gdm-display.c  2017-12-05 18:56:25.988123494 +0800
-+++ gdm-3.26.2.1_new/daemon/gdm-display.c      2017-12-05 18:57:00.248398445 
+0800
-@@ -591,7 +591,7 @@
+Index: b/daemon/gdm-display.c
+===================================================================
+--- a/daemon/gdm-display.c     2019-10-11 21:11:39.925180538 +0800
++++ b/daemon/gdm-display.c     2019-10-11 21:14:23.866397460 +0800
+@@ -570,7 +570,7 @@ gdm_display_prepare (GdmDisplay *self)
           */
          look_for_existing_users_sync (self);
  
--        self->priv->doing_initial_setup = wants_initial_setup (self);
-+        self->priv->doing_initial_setup = FALSE;
+-        priv->doing_initial_setup = wants_initial_setup (self);
++        priv->doing_initial_setup = FALSE;
  
          g_object_ref (self);
          ret = GDM_DISPLAY_GET_CLASS (self)->prepare (self);
-@@ -1441,6 +1441,7 @@
+@@ -1509,6 +1509,7 @@ on_launch_environment_session_died (GdmL
          self_destruct (self);
  }
  
@@ -18,19 +19,7 @@
  static gboolean
  can_create_environment (const char *session_id)
  {
-@@ -1454,9 +1455,11 @@
- 
-         return session_exists;
- }
-+#endif
- 
- #define ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT GDM_RUN_DIR 
"/gdm.ran-initial-setup"
- 
-+#if 0
- static gboolean
- already_done_initial_setup_on_this_boot (void)
- {
-@@ -1591,6 +1594,7 @@
+@@ -1660,6 +1661,7 @@ wants_initial_setup (GdmDisplay *self)
  
          return enabled;
  }
@@ -38,9 +27,10 @@
  
  void
  gdm_display_start_greeter_session (GdmDisplay *self)
-diff -Nura gdm-3.26.2.1/data/gdm.schemas.in.in 
gdm-3.26.2.1_new/data/gdm.schemas.in.in
---- gdm-3.26.2.1/data/gdm.schemas.in.in        2017-12-05 18:56:25.982123446 
+0800
-+++ gdm-3.26.2.1_new/data/gdm.schemas.in.in    2017-12-05 18:57:44.712755287 
+0800
+Index: b/data/gdm.schemas.in
+===================================================================
+--- a/data/gdm.schemas.in      2019-10-11 21:11:39.925180538 +0800
++++ b/data/gdm.schemas.in      2019-10-11 21:11:43.473206874 +0800
 @@ -50,7 +50,7 @@
      <schema>
        <key>daemon/InitialSetupEnable</key>

++++++ gdm-initial-setup-hardening.patch ++++++
Index: b/daemon/gdm-display.c
===================================================================
--- a/daemon/gdm-display.c      2019-10-07 16:56:30.000000000 +0800
+++ b/daemon/gdm-display.c      2019-10-11 18:32:02.962410140 +0800
@@ -1523,12 +1523,12 @@ can_create_environment (const char *sess
         return session_exists;
 }
 
-#define ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT GDM_RUN_DIR 
"/gdm.ran-initial-setup"
+#define BLOCK_INITIAL_SETUP LOCALSTATEDIR "/lib/gdm/block-initial-setup"
 
 static gboolean
-already_done_initial_setup_on_this_boot (void)
+already_done_initial_setup (void)
 {
-        if (g_file_test (ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT, 
G_FILE_TEST_EXISTS))
+        if (g_file_test (BLOCK_INITIAL_SETUP, G_FILE_TEST_EXISTS))
                 return TRUE;
 
         return FALSE;
@@ -1624,7 +1624,7 @@ wants_initial_setup (GdmDisplay *self)
 
         priv = gdm_display_get_instance_private (self);
 
-        if (already_done_initial_setup_on_this_boot ()) {
+        if (already_done_initial_setup ()) {
                 return FALSE;
         }
 
Index: b/daemon/gdm-manager.c
===================================================================
--- a/daemon/gdm-manager.c      2019-10-07 16:56:30.000000000 +0800
+++ b/daemon/gdm-manager.c      2019-10-11 18:32:26.370601206 +0800
@@ -62,7 +62,7 @@
 #define GDM_MANAGER_DISPLAYS_PATH GDM_DBUS_PATH "/Displays"
 
 #define INITIAL_SETUP_USERNAME "gnome-initial-setup"
-#define ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT GDM_RUN_DIR 
"/gdm.ran-initial-setup"
+#define BLOCK_INITIAL_SETUP LOCALSTATEDIR "/lib/gdm/block-initial-setup"
 
 typedef struct
 {
@@ -1781,6 +1781,7 @@ on_start_user_session (StartUserSessionO
         gboolean doing_initial_setup = FALSE;
         GdmDisplay *display;
         const char *session_id;
+        int fd = -1;
 #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER)
         g_autofree char *display_session_type = NULL;
 #endif
@@ -1813,6 +1814,15 @@ on_start_user_session (StartUserSessionO
 #endif
                       NULL);
 
+        fd = open(BLOCK_INITIAL_SETUP, 
O_RDONLY|O_CREAT|O_EXCL|O_NOFOLLOW|O_CLOEXEC, 0644);
+        if (fd == -1 && errno != EEXIST) {
+                g_warning ("GdmDisplay: Could not write initial-setup-done 
marker to %s: %s",
+                           BLOCK_INITIAL_SETUP,
+                           strerror(errno));
+        }
+        else {
+                close(fd);
+        }
         if (doing_initial_setup)
                 chown_initial_setup_home_dir ();
 
@@ -1833,8 +1843,6 @@ on_start_user_session (StartUserSessionO
 
                 g_object_ref (display);
                 if (doing_initial_setup) {
-                        g_autoptr(GError) error = NULL;
-
 #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER)
                         if (g_strcmp0 (display_session_type, "wayland") == 0) {
                                 g_debug ("GdmManager: closing down initial 
setup display in background");
@@ -1847,16 +1855,6 @@ on_start_user_session (StartUserSessionO
                                 gdm_display_unmanage (display);
                                 gdm_display_finish (display);
                         }
-
-                        if (!g_file_set_contents 
(ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT,
-                                                  "1",
-                                                  1,
-                                                  &error)) {
-                                g_warning ("GdmDisplay: Could not write 
initial-setup-done marker to %s: %s",
-                                           
ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT,
-                                           error->message);
-                                g_clear_error (&error);
-                        }
                 } else {
                         g_debug ("GdmManager: session has its display server, 
reusing our server for another login screen");
                 }
++++++ gdm-switch-to-tty1.patch ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:51.992456027 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:51.992456027 +0200
@@ -8,7 +8,7 @@
  
 +#define SHELLSCRIPT "\
 +/bin/bash -c \
-+\'PROCESS=\"X Xwayland\"\;\
++\'PROCESS=\"X Xwayland plymouth\"\;\
 +R=$(pidof $PROCESS)\;\
 +while [ $? == 0 ]\;\
 +do sleep 1\;\

++++++ gdm-xauthlocalhostname.patch ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:52.012455976 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:52.012455976 +0200
@@ -1,8 +1,7 @@
-Index: gdm-3.31.91/common/gdm-common.c
-===================================================================
---- gdm-3.31.91.orig/common/gdm-common.c       2019-02-21 20:44:14.000000000 
+0100
-+++ gdm-3.31.91/common/gdm-common.c    2019-02-27 07:47:16.998264608 +0100
-@@ -632,6 +632,8 @@ gdm_get_script_environment (const char *
+diff -urp gdm-3.33.90.orig/common/gdm-common.c gdm-3.33.90/common/gdm-common.c
+--- gdm-3.33.90.orig/common/gdm-common.c       2019-08-13 14:42:23.000000000 
-0500
++++ gdm-3.33.90/common/gdm-common.c    2019-08-31 20:49:56.456485182 -0500
+@@ -631,6 +631,8 @@ gdm_get_script_environment (const char *
  
          if (display_hostname) {
                  g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup 
(display_hostname));
@@ -11,9 +10,9 @@
          }
  
          /* Runs as root */
-@@ -843,3 +845,14 @@ gdm_shell_expand (const char *str,
-         }
-         return g_string_free (s, FALSE);
+@@ -952,3 +954,14 @@ gdm_find_display_session_for_uid (const
+ 
+         return TRUE;
  }
 +
 +char *
@@ -26,11 +25,10 @@
 +                return g_strdup ("localhost");
 +        }
 +}
-Index: gdm-3.31.91/common/gdm-common.h
-===================================================================
---- gdm-3.31.91.orig/common/gdm-common.h       2019-02-21 20:44:14.000000000 
+0100
-+++ gdm-3.31.91/common/gdm-common.h    2019-02-27 07:47:16.998264608 +0100
-@@ -56,6 +56,7 @@ char          *gdm_generate_random_bytes
+diff -urp gdm-3.33.90.orig/common/gdm-common.h gdm-3.33.90/common/gdm-common.h
+--- gdm-3.33.90.orig/common/gdm-common.h       2019-08-13 14:42:23.000000000 
-0500
++++ gdm-3.33.90/common/gdm-common.h    2019-08-31 20:49:56.460485202 -0500
+@@ -65,6 +65,7 @@ char          *gdm_generate_random_bytes
  gboolean       gdm_get_login_window_session_id (const char  *seat_id,
                                                  char       **session_id);
  gboolean       gdm_goto_login_session    (GError **error);
@@ -38,10 +36,9 @@
  
  GPtrArray     *gdm_get_script_environment (const char *username,
                                             const char *display_name,
-Index: gdm-3.31.91/daemon/gdm-display-access-file.c
-===================================================================
---- gdm-3.31.91.orig/daemon/gdm-display-access-file.c  2019-02-21 
20:44:14.000000000 +0100
-+++ gdm-3.31.91/daemon/gdm-display-access-file.c       2019-02-27 
07:47:16.998264608 +0100
+diff -urp gdm-3.33.90.orig/daemon/gdm-display-access-file.c 
gdm-3.33.90/daemon/gdm-display-access-file.c
+--- gdm-3.33.90.orig/daemon/gdm-display-access-file.c  2019-08-02 
14:44:35.000000000 -0500
++++ gdm-3.33.90/daemon/gdm-display-access-file.c       2019-08-31 
20:49:56.460485202 -0500
 @@ -441,13 +441,10 @@ _get_auth_info_for_display (GdmDisplayAc
                   *
                   * https://bugs.freedesktop.org/show_bug.cgi?id=43425
@@ -59,11 +56,10 @@
          } else {
                  *family = FamilyWild;
                  gdm_display_get_remote_hostname (display, address, NULL);
-Index: gdm-3.31.91/daemon/gdm-launch-environment.c
-===================================================================
---- gdm-3.31.91.orig/daemon/gdm-launch-environment.c   2019-02-21 
20:44:14.000000000 +0100
-+++ gdm-3.31.91/daemon/gdm-launch-environment.c        2019-02-27 
07:47:16.998264608 +0100
-@@ -218,6 +218,11 @@ build_launch_environment (GdmLaunchEnvir
+diff -urp gdm-3.33.90.orig/daemon/gdm-launch-environment.c 
gdm-3.33.90/daemon/gdm-launch-environment.c
+--- gdm-3.33.90.orig/daemon/gdm-launch-environment.c   2019-08-13 
20:37:16.000000000 -0500
++++ gdm-3.33.90/daemon/gdm-launch-environment.c        2019-08-31 
20:49:56.460485202 -0500
+@@ -216,6 +216,11 @@ build_launch_environment (GdmLaunchEnvir
                  g_hash_table_insert (hash, g_strdup ("GDM_SEAT_ID"), g_strdup 
(seat_id));
          }
  
@@ -75,10 +71,9 @@
          g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup 
("true"));
  
          return hash;
-Index: gdm-3.31.91/daemon/gdm-session.c
-===================================================================
---- gdm-3.31.91.orig/daemon/gdm-session.c      2019-02-27 07:47:16.990264560 
+0100
-+++ gdm-3.31.91/daemon/gdm-session.c   2019-02-27 07:47:16.998264608 +0100
+diff -urp gdm-3.33.90.orig/daemon/gdm-session.c 
gdm-3.33.90/daemon/gdm-session.c
+--- gdm-3.33.90.orig/daemon/gdm-session.c      2019-08-31 20:49:31.756354259 
-0500
++++ gdm-3.33.90/daemon/gdm-session.c   2019-08-31 20:49:56.464485224 -0500
 @@ -2683,6 +2683,14 @@ set_up_session_environment (GdmSession *
                  }
          }

++++++ gdm.obsinfo ++++++
--- /var/tmp/diff_new_pack.PLbN8j/_old  2019-10-17 13:04:52.036455914 +0200
+++ /var/tmp/diff_new_pack.PLbN8j/_new  2019-10-17 13:04:52.036455914 +0200
@@ -1,5 +1,5 @@
 name: gdm
-version: 3.32.0+2
-mtime: 1552499029
-commit: 820f90f5a78b81b2e4610da14627266c2135c8b0
+version: 3.34.1
+mtime: 1570438590
+commit: 80e010198217284d3cf52e8b334862a80b00cbd1

Reply via email to