Hello community, here is the log from the commit of package sddm.14879 for openSUSE:Leap:15.2:Update checked in at 2020-11-07 12:24:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/sddm.14879 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.sddm.14879.new.11331 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sddm.14879" Sat Nov 7 12:24:28 2020 rev:1 rq:845722 version:0.18.0 Changes: -------- New Changes file: --- /dev/null 2020-10-22 01:51:33.322291705 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.sddm.14879.new.11331/sddm.changes 2020-11-07 12:24:29.695147018 +0100 @@ -0,0 +1,811 @@ +------------------------------------------------------------------- +Tue Nov 3 10:28:39 UTC 2020 - Fabian Vogt <[email protected]> + +- Add patches to fix X not having access control on startup + (boo#1177201, CVE-2020-28049): + * 0001-Fix-X-not-having-access-control-on-startup.patch + * 0002-Don-t-disable-authentication-in-test-mode.patch + +------------------------------------------------------------------- +Wed Aug 21 11:15:04 UTC 2019 - Antonio Larrosa <[email protected]> + +- Add SLE branding package for PackageHub (boo#1101297) +- Change the Supplements of branding packages, so they get installed + when sddm and the respective branding package is installed. Also + added a Supplements to sddm so it gets recommended when + plasma5-workspace is installed. + +------------------------------------------------------------------- +Mon Feb 18 08:00:42 UTC 2019 - Fabian Vogt <[email protected]> + +- Add patch to fix reading garbage from getpwnam (boo#1125624): + * 0001-Use-C-scoping-for-handling-buffer-deletion.patch + +------------------------------------------------------------------- +Wed Jan 9 02:11:20 UTC 2019 - Jan Engelhardt <[email protected]> + +- Do not ignore errors from useradd. + +------------------------------------------------------------------- +Sun Jan 6 11:57:50 UTC 2019 - Fabian Vogt <[email protected]> + +- Add the dirs created by systemd-tmpfiles as %ghost as well +- Use service macros and create rcsddm link for sddm.service + +------------------------------------------------------------------- +Fri Jan 4 13:00:23 UTC 2019 - Fabian Vogt <[email protected]> + +- Add patch to delete socket on shutdown: + * 0001-Destroy-the-QLocalServer-in-Auth-on-shutdown.patch +- Move creation of runtime directories and cleanup of files on boot + into sddm-tmpfiles.conf (boo#1116431) + +------------------------------------------------------------------- +Wed Oct 3 17:21:43 UTC 2018 - [email protected] + +- Remove 0001-Don-t-leak-VT-FDs-in-jumpToVt.patch as the FD leak + worked around a race condition as a side effect + +------------------------------------------------------------------- +Tue Oct 2 19:18:53 UTC 2018 - [email protected] + +- Add patch to not leak tty FDs for wayland sessions: + * 0001-Don-t-leak-VT-FDs-in-jumpToVt.patch + +------------------------------------------------------------------- +Thu Sep 27 17:58:38 UTC 2018 - [email protected] + +- Fix wayland session start if fish is used as shell: + * 0001-Revert-Adds-sourcing-of-etc-profile-to-fish.patch + +------------------------------------------------------------------- +Sun Sep 23 10:54:12 UTC 2018 - [email protected] + +- Rewrite sddm-relaxed-auth.diff as sddm-relaxed-auth.patch: + * Set XAUTHLOCALHOSTNAME only where necessary + * Also set it for the Greeter session (boo#1091784) + +------------------------------------------------------------------- +Tue Jul 31 14:53:47 UTC 2018 - [email protected] + +- Add patch to not switch to "undead" sessions (boo#1102832): + * 0001-Session-reuse-Only-consider-online-sessions.patch +- Reenable ReuseSession=true again + +------------------------------------------------------------------- +Fri Jul 27 09:59:51 UTC 2018 - [email protected] + +- Disable ReuseSession=true for now (boo#1102832, kde#391253) + +------------------------------------------------------------------- +Wed Jul 18 11:16:05 UTC 2018 - [email protected] + +- Update to 0.18.0: + * Support theme supplied avatars + * Compile against Qt 5.11 + * Fix platform detection for HighDPI + * On close, switch VT to a running session if applicable + * Better ConsoleKit support + * Fix authentication when reusing existing sessions + * Hide sessions with NoDisplay=true + * Honor PAM's ambient supplemental groups + * Cleanup socket destruction + * Don't quit on SIGHUP + * Updated translations +- Set EnableHiDPI=true by default (boo#1089932) +- Set ReuseSession=true by default (boo#979775) +- Drop patches, now upstream: + * 0001-Don-t-add-session-files-with-NoDisplay-true-to-Sessi.patch + * 0001-Don-t-quit-on-SIGHUP.patch + * 0001-Fix-authentication-when-reusing-an-existing-session.patch + * 0001-Fix-build-with-Qt-5.10-Use-QString-instead-of-QLatin.patch + * 0001-Fix-build-with-Qt-5.11-1024.patch + * 0001-Fix-platform-detection-for-EnableHiDPI.patch + * 0001-Skip-theme-for-greeter-call-if-none-is-set.patch + * 0001-Support-for-theme-supplied-default-avatars.patch + * 0001-greeter-Use-Qt-command-line-parser.patch + * 0002-Remove-trailing-spaces.patch + * 0003-UserModel-optimize-filtering-out-duplicate-users-995.patch + * 0004-UserModel-fix-filtering-out-duplicate-users-998.patch + * 0005-UserModel-optimize-setting-of-default-user-icon-999.patch + * 0007-Honor-PAMs-ambient-supplemental-groups.patch +- Refresh patches: + * proper_pam.diff + * 0001-Systemd-service-unit-Use-tty7-by-default.patch + +------------------------------------------------------------------- +Mon Jul 16 15:08:57 UTC 2018 - [email protected] + +- Add patch to fix fallback to embedded theme: + * 0001-Skip-theme-for-greeter-call-if-none-is-set.patch +- Use %license +- Add patch to fix authentication when reusing an existing session + (boo#1101450, CVE-2018-14345): + * 0001-Fix-authentication-when-reusing-an-existing-session.patch + +------------------------------------------------------------------- +Sat Jul 7 11:27:49 UTC 2018 - [email protected] + +- Fix 0001-Support-both-X11-XDisplay-Wayland-and-WaylandDisplay.patch + * Corrected section name for Wayland + +------------------------------------------------------------------- +Tue Jul 3 07:26:24 UTC 2018 - [email protected] + +- Remove patch as libxcb bug is fixed meanwhile (bsc#1099908): + * 0001-Move-Xauthority-to-a-different-location-and-truncate.patch + +------------------------------------------------------------------- +Mon Jul 2 20:53:55 UTC 2018 - [email protected] + +- Backport fix for pam_group from develop branch (boo#1105342): + * 0007-Honor-PAMs-ambient-supplemental-groups.patch + +------------------------------------------------------------------- +Mon May 14 08:12:49 UTC 2018 - [email protected] + +- Add patch to not include sessions with NoDisplay=true in the list (boo#1086614): + * 0001-Don-t-add-session-files-with-NoDisplay-true-to-Sessi.patch + +------------------------------------------------------------------- +Wed May 9 19:15:48 UTC 2018 - [email protected] + +- Amend patch to also canonicalize desktop session paths (boo#1092251): + * 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch +- Add patch to fix build with Qt 5.11: + * 0001-Fix-build-with-Qt-5.11-1024.patch + +------------------------------------------------------------------- +Mon Apr 23 06:55:16 UTC 2018 - [email protected] + +- Add patch to show a username input field with too many users: + * 0006-Don-t-fill-UserModel-if-theme-does-not-require-it.patch +- Backport related changes from develop branch: + * 0001-Support-for-theme-supplied-default-avatars.patch + * 0002-Remove-trailing-spaces.patch + * 0003-UserModel-optimize-filtering-out-duplicate-users-995.patch + * 0004-UserModel-fix-filtering-out-duplicate-users-998.patch + * 0005-UserModel-optimize-setting-of-default-user-icon-999.patch + +------------------------------------------------------------------- +Mon Apr 16 09:30:50 UTC 2018 - [email protected] + +- Revert previous change, had the opposite effect for some reason + +------------------------------------------------------------------- +Thu Apr 12 08:50:03 UTC 2018 - [email protected] + +- Start the X server with -keeptty (boo#1089287) + +------------------------------------------------------------------- +Sat Mar 24 13:55:06 UTC 2018 - [email protected] + +- Don't add a suffix for wayland sessions anymore, for symmetry with + gdm and lightdm: + * 0001-Remove-suffix-for-Wayland-session.patch + +------------------------------------------------------------------- +Thu Mar 22 08:56:30 UTC 2018 - [email protected] + +- Add patch to fix build with Qt < 5.10: + * 0001-Fix-build-with-Qt-5.10-Use-QString-instead-of-QLatin.patch + +------------------------------------------------------------------- +Fri Mar 9 20:02:50 UTC 2018 - [email protected] + +- Reorder patches for easier maintainability, needs refresh of: + * 0001-Move-Xauthority-to-a-different-location-and-truncate.patch ++++ 614 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.sddm.14879.new.11331/sddm.changes New: ---- 00-general.conf 0001-Destroy-the-QLocalServer-in-Auth-on-shutdown.patch 0001-Fix-X-not-having-access-control-on-startup.patch 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch 0001-Remove-suffix-for-Wayland-session.patch 0001-Revert-Adds-sourcing-of-etc-profile-to-fish.patch 0001-Session-reuse-Only-consider-online-sessions.patch 0001-Support-both-X11-XDisplay-Wayland-and-WaylandDisplay.patch 0001-Systemd-service-unit-Use-tty7-by-default.patch 0001-Use-C-scoping-for-handling-buffer-deletion.patch 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch 0002-Don-t-disable-authentication-in-test-mode.patch 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch 0006-Don-t-fill-UserModel-if-theme-does-not-require-it.patch 10-theme-SLE.conf 10-theme.conf X11-displaymanagers-sddm proper_pam.diff sddm-0.18.0.tar.gz sddm-relaxed-auth.patch sddm-service-handle-plymouth.patch sddm-tmpfiles.conf sddm.changes sddm.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sddm.spec ++++++ # # spec file for package sddm # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %if 0%{?is_backports} %bcond_without sle_branding %else %bcond_with sle_branding %endif Name: sddm Version: 0.18.0 Release: 0 Summary: QML-based display manager License: GPL-2.0+ Group: System/GUI/KDE Url: https://github.com/sddm/sddm Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: X11-displaymanagers-%{name} Source2: 00-general.conf Source3: 10-theme.conf Source4: sddm-tmpfiles.conf Source5: 10-theme-SLE.conf # Patch0-100: PATCH-FIX-UPSTREAM # Merged: https://github.com/sddm/sddm/pull/1062 Patch0: 0001-Session-reuse-Only-consider-online-sessions.patch # No PR, committed directly Patch1: 0001-Use-C-scoping-for-handling-buffer-deletion.patch Patch2: 0001-Fix-X-not-having-access-control-on-startup.patch Patch3: 0002-Don-t-disable-authentication-in-test-mode.patch # Not merged yet: https://github.com/sddm/sddm/pull/997 Patch50: 0001-Remove-suffix-for-Wayland-session.patch # Not merged yet: https://github.com/sddm/sddm/pull/1017 Patch51: 0006-Don-t-fill-UserModel-if-theme-does-not-require-it.patch # Open issue: https://github.com/sddm/sddm/issues/1059 Patch52: 0001-Revert-Adds-sourcing-of-etc-profile-to-fish.patch # Not merged yet: https://github.com/sddm/sddm/pull/1117 Patch53: 0001-Destroy-the-QLocalServer-in-Auth-on-shutdown.patch # Patch100-?: PATCH-FIX-OPENSUSE # Use openSUSE pam config Patch100: proper_pam.diff Patch101: 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch # Insert XAUTHLOCALHOSTNAME into users enviroment, so the session handles hostname changes with a single X instance/run # related patches: libxcb/bug-262309_xcb-xauthlocalhostname.diff, xauth/xauth-tolerant-hostname-changes.diff, kdebase4-workspace/kdm-relaxed-auth.diff Patch102: sddm-relaxed-auth.patch Patch103: 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch # sddm has some rudimentary support for plymouth handling, which only works with plymouth-quit.service # (the servce is not enabled on openSUSE). For users of sddm.service, we need to issue plymouth quit command by hand in this case Patch104: sddm-service-handle-plymouth.patch # Use tty7 by default in the systemd service unit Patch105: 0001-Systemd-service-unit-Use-tty7-by-default.patch Patch107: 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch Patch108: 0001-Support-both-X11-XDisplay-Wayland-and-WaylandDisplay.patch BuildRequires: cmake BuildRequires: extra-cmake-modules >= 1.4.0 BuildRequires: fdupes BuildRequires: kf5-filesystem BuildRequires: libqt5-linguist-devel BuildRequires: pam-devel BuildRequires: pkgconfig # Autodetect UID_MIN and UID_MAX from /etc/login.defs BuildRequires: shadow BuildRequires: pkgconfig(Qt5Core) >= 5.6.0 BuildRequires: pkgconfig(Qt5DBus) BuildRequires: pkgconfig(Qt5Network) BuildRequires: pkgconfig(Qt5Quick) BuildRequires: pkgconfig(Qt5Test) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(xcb-xkb) Requires(post): diffutils Requires: sddm-branding = %{version} Requires: xdm Supplements: plasma5-workspace # Merged the -lang package back into the main package Provides: %{name}-lang = %{version} Obsoletes: %{name}-lang < %{version} %if 0%{?sle_version} < 150000 && !0%{?is_opensuse} BuildRequires: python-docutils %else BuildRequires: python3-docutils %endif %description SDDM is a display manager for X11. It uses technologies like QtQuick, which in turn gives the designer the ability to create animated user interfaces. %package branding-openSUSE Summary: openSUSE branding for SDDM, a QML-based display manager Group: System/GUI/KDE Requires: sddm-theme-openSUSE Requires: %{name} = %{version} Requires(post): %{name} Requires(post): diffutils Supplements: packageand(%{name}:branding-openSUSE) Conflicts: otherproviders(sddm-branding) Provides: sddm-branding = %{version} %description branding-openSUSE SDDM is a display manager for X11. It uses technologies like QtQuick, which in turn gives the designer the ability to create animated user interfaces. This package provides the openSUSE branding for SDDM. %if %{with sle_branding} %package branding-SLE Summary: SLE branding for SDDM, a QML-based display manager Group: System/GUI/KDE Requires: sddm-theme-SLE Requires: %{name} = %{version} Requires(post): %{name} Requires(post): diffutils Supplements: packageand(%{name}:branding-SLE) Conflicts: otherproviders(sddm-branding) Provides: sddm-branding = %{version} %description branding-SLE SDDM is a display manager for X11. It uses technologies like QtQuick, which in turn gives the designer the ability to create animated user interfaces. This package provides the SLE branding for SDDM. %endif %package branding-upstream Summary: Upstream branding for SDDM, a QML-based display manager Group: System/GUI/KDE Requires: %{name} = %{version} Requires(post): %{name} Requires(post): diffutils Supplements: packageand(%{name}:branding-upstream) Conflicts: otherproviders(sddm-branding) Provides: sddm-branding = %{version} %description branding-upstream SDDM is a display manager for X11. It uses technologies like QtQuick, which in turn gives the designer the ability to create animated user interfaces. This package provides upstream branding for SDDM. %prep %autosetup -p1 %build %cmake \ -DCMAKE_BUILD_TYPE=Release \ -DMINIMUM_VT=7 \ -DCMAKE_INSTALL_LIBEXECDIR="%{_libexecdir}/%{name}" \ -DIMPORTS_INSTALL_DIR="%{_libdir}/qt5/qml" \ -DSESSION_COMMAND="%{_sysconfdir}/X11/xdm/Xsession" \ -DBUILD_MAN_PAGES=ON \ -DSTATE_DIR="%{_localstatedir}/lib/sddm" \ -DRUNTIME_DIR="/run/sddm" \ -DPID_FILE="/run/sddm.pid" %make_jobs %install %kf5_makeinstall -C build # We don't want the example config. # However, we need to package the file so it does not end up being removed. echo > %{buildroot}%{_sysconfdir}/sddm.conf pushd %{buildroot}%{_sysconfdir}/dbus-1/system.d mv org.freedesktop.DisplayManager.conf sddm_org.freedesktop.DisplayManager.conf popd install -Dm 0644 %{SOURCE1} %{buildroot}%{_libexecdir}/X11/displaymanagers/%{name} install -Dm 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/00-general.conf install -Dm 0644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/10-theme.conf install -Dm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/sddm.conf %if %{with sle_branding} install -Dm 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/10-theme-SLE.conf %endif mkdir -p %{buildroot}%{_sysconfdir}/alternatives touch %{buildroot}%{_sysconfdir}/alternatives/default-displaymanager ln -s %{_sysconfdir}/alternatives/default-displaymanager %{buildroot}%{_libexecdir}/X11/displaymanagers/default-displaymanager install -d %{buildroot}%{_rundir}/sddm install -d %{buildroot}%{_localstatedir}/lib/sddm install -d %{buildroot}%{_sysconfdir}/sddm.conf.d install -d %{buildroot}%{_sbindir} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcsddm %fdupes %{buildroot}%{_datadir}/sddm %pre %service_add_pre sddm.service getent group sddm >/dev/null || %{_sbindir}/groupadd -r sddm getent passwd sddm >/dev/null || %{_sbindir}/useradd -r -g sddm -s /bin/false \ -c "SDDM daemon" -d %{_localstatedir}/lib/sddm sddm %post %service_add_post sddm.service %{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/sddm.conf if [ $1 -eq 2 -a -f %{_sysconfdir}/sddm.conf ]; then # Avoid changing sddm.conf's timestamp if no modifications done tempconf="$(mktemp)" # SDDM 0.14.0 moved maui into the built-in resources # SDDM <= 0.15.0 had no system config dir, so we need to remove the # moved configuration options from the old single config file sed -e 's/^Current=maui$/Current=/g' \ -e '\#^DisplayCommand=%{_sysconfdir}/X11/xdm/Xsetup#d' \ -e '\#^MinimumVT=7$#d' \ -e '\#^ServerPath=%{_bindir}/X$#d' \ -e '\#^SessionCommand=%{_sysconfdir}/X11/xdm/Xsession$#d' \ %{_sysconfdir}/sddm.conf > "${tempconf}" cmp -s "${tempconf}" "%{_sysconfdir}/sddm.conf" || cp "${tempconf}" "%{_sysconfdir}/sddm.conf" rm "${tempconf}" fi %{_sbindir}/update-alternatives --install %{_libexecdir}/X11/displaymanagers/default-displaymanager \ default-displaymanager %{_libexecdir}/X11/displaymanagers/sddm 25 %preun %service_del_preun sddm.service %postun %service_del_postun sddm.service [ -f %{_libexecdir}/X11/displaymanagers/sddm ] || %{_sbindir}/update-alternatives \ --remove default-displaymanager %{_libexecdir}/X11/displaymanagers/sddm %post branding-upstream if [ $1 -eq 2 -a -f %{_sysconfdir}/sddm.conf ]; then # Avoid changing sddm.conf's timestamp if no modifications done tempconf="$(mktemp)" # SDDM <= 0.15.0 had no system config dir, so we need to remove the # theme configuration from the old single config file sed -e '/^Current=$/d' %{_sysconfdir}/sddm.conf > "${tempconf}" cmp -s "${tempconf}" "%{_sysconfdir}/sddm.conf" || cp "${tempconf}" "%{_sysconfdir}/sddm.conf" rm "${tempconf}" fi : %post branding-openSUSE if [ $1 -eq 2 -a -f %{_sysconfdir}/sddm.conf ]; then # Avoid changing sddm.conf's timestamp if no modifications done tempconf="$(mktemp)" # Upgrade from previous theme name # SDDM <= 0.15.0 had no system config dir, so we need to remove the # theme configuration from the old single config file sed -e 's/^Current=breeze$/Current=breeze-openSUSE/g' \ -e 's/^Current=maui$/Current=breeze-openSUSE/g' \ -e '/^Current=breeze-openSUSE$/d' \ -e '/^CursorTheme=breeze_cursors$/d' %{_sysconfdir}/sddm.conf > "${tempconf}" cmp -s "${tempconf}" "%{_sysconfdir}/sddm.conf" || cp "${tempconf}" "%{_sysconfdir}/sddm.conf" rm "${tempconf}" fi : %if %{with sle_branding} %post branding-SLE if [ $1 -eq 2 -a -f %{_sysconfdir}/sddm.conf ]; then # Avoid changing sddm.conf's timestamp if no modifications done tempconf="$(mktemp)" # Upgrade from previous theme name # SDDM <= 0.15.0 had no system config dir, so we need to remove the # theme configuration from the old single config file sed -e 's/^Current=breeze$/Current=breeze-SLE/g' \ -e 's/^Current=maui$/Current=breeze-SLE/g' \ -e '/^Current=breeze-SLE$/d' \ -e '/^CursorTheme=breeze_cursors$/d' %{_sysconfdir}/sddm.conf > "${tempconf}" cmp -s "${tempconf}" "%{_sysconfdir}/sddm.conf" || cp "${tempconf}" "%{_sysconfdir}/sddm.conf" rm "${tempconf}" fi : %endif %files %license LICENSE* %doc README* %config(noreplace) %{_sysconfdir}/sddm.conf %dir %{_sysconfdir}/sddm.conf.d/ %config %{_sysconfdir}/pam.d/sddm %config %{_sysconfdir}/pam.d/sddm-autologin %config %{_sysconfdir}/pam.d/sddm-greeter %config(noreplace) %{_sysconfdir}/dbus-1/system.d/sddm_org.freedesktop.DisplayManager.conf %dir %{_libexecdir}/X11/displaymanagers/ %{_libexecdir}/X11/displaymanagers/%{name} %{_libexecdir}/X11/displaymanagers/default-displaymanager %ghost %{_sysconfdir}/alternatives/default-displaymanager %{_bindir}/sddm %{_bindir}/sddm-greeter %{_sbindir}/rcsddm %{_libdir}/qt5/qml/ %dir %{_datadir}/sddm/ %dir %{_prefix}/lib/sddm/ %dir %{_prefix}/lib/sddm/sddm.conf.d/ %{_prefix}/lib/sddm/sddm.conf.d/00-general.conf %{_libexecdir}/sddm/sddm-helper %{_datadir}/sddm/faces/ %{_datadir}/sddm/flags/ %{_datadir}/sddm/scripts/ %{_datadir}/sddm/themes/ %{_datadir}/sddm/translations/ %ghost %attr(711,sddm,sddm) %dir %{_rundir}/sddm %ghost %attr(750,sddm,sddm) %dir %{_localstatedir}/lib/sddm %{_mandir}/man*/sddm*%{ext_man} %{_unitdir}/sddm.service %{_tmpfilesdir}/sddm.conf %files branding-openSUSE %license LICENSE* %doc README* %{_prefix}/lib/sddm/sddm.conf.d/10-theme.conf %if %{with sle_branding} %files branding-SLE %license LICENSE* %doc README* %{_prefix}/lib/sddm/sddm.conf.d/10-theme-SLE.conf %endif %files branding-upstream %license LICENSE* %doc README* %changelog ++++++ 00-general.conf ++++++ [XDisplay] ServerPath=/usr/bin/X SessionCommand=/etc/X11/xdm/Xsession DisplayCommand=/etc/X11/xdm/Xsetup MinimumVT=7 # boo#1089932 EnableHiDPI=true [Users] # boo#979775 ReuseSession=true ++++++ 0001-Destroy-the-QLocalServer-in-Auth-on-shutdown.patch ++++++ >From 462cc1d77be372b907fab3f3b624087aef0e1f6e Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Fri, 4 Jan 2019 13:29:35 +0100 Subject: [PATCH] Destroy the QLocalServer in Auth on shutdown This is necessary to remove the sddm-auth* sockets. --- src/auth/Auth.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/auth/Auth.cpp b/src/auth/Auth.cpp index 597efc2..2c2e182 100644 --- a/src/auth/Auth.cpp +++ b/src/auth/Auth.cpp @@ -30,6 +30,8 @@ #include <QtQml/QtQml> +#include <memory> + #include <unistd.h> namespace SDDM { @@ -42,12 +44,9 @@ namespace SDDM { QMap<qint64, Auth::Private*> helpers; private: - static Auth::SocketServer *self; SocketServer(); }; - Auth::SocketServer *Auth::SocketServer::self = nullptr; - class Auth::Private : public QObject { Q_OBJECT public: @@ -99,11 +98,12 @@ namespace SDDM { } Auth::SocketServer* Auth::SocketServer::instance() { + static std::unique_ptr<Auth::SocketServer> self; if (!self) { - self = new SocketServer(); + self.reset(new SocketServer()); self->listen(QStringLiteral("sddm-auth%1").arg(QUuid::createUuid().toString().replace(QRegExp(QStringLiteral("[{}]")), QString()))); } - return self; + return self.get(); } -- 2.19.1 ++++++ 0001-Fix-X-not-having-access-control-on-startup.patch ++++++ >From 47d3a2a3eb32c2d9218f50a801a17d066f3fb463 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Tue, 6 Oct 2020 21:21:38 +0200 Subject: [PATCH 1/2] Fix X not having access control on startup If the auth file is empty, X allows any local application (= any user on the system) to connect. This is currently the case until X wrote the display number to sddm and sddm used that to write the entry into the file. To work around this chicken-and-egg problem, make use of the fact that X doesn't actually look at the display number in the passed auth file and just use :0 unconditionally. Also make sure that writing the entry was actually successful. CVE-2020-28049 (cherry picked from commit be202f533ab98a684c6a007e8d5b4357846bc222) --- src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++----- src/daemon/XorgDisplayServer.h | 2 +- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp index 28ce524..0d3c7ca 100644 --- a/src/daemon/XorgDisplayServer.cpp +++ b/src/daemon/XorgDisplayServer.cpp @@ -87,7 +87,7 @@ namespace SDDM { return m_cookie; } - void XorgDisplayServer::addCookie(const QString &file) { + bool XorgDisplayServer::addCookie(const QString &file) { // log message qDebug() << "Adding cookie to" << file; @@ -103,13 +103,13 @@ namespace SDDM { // check file if (!fp) - return; + return false; fprintf(fp, "remove %s\n", qPrintable(m_display)); fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie)); fprintf(fp, "exit\n"); // close pipe - pclose(fp); + return pclose(fp) == 0; } bool XorgDisplayServer::start() { @@ -126,6 +126,15 @@ namespace SDDM { // log message qDebug() << "Display server starting..."; + // generate auth file. + // For the X server's copy, the display number doesn't matter. + // An empty file would result in no access control! + m_display = QStringLiteral(":0"); + if(!addCookie(m_authPath)) { + qCritical() << "Failed to write xauth file"; + return false; + } + if (daemonApp->testing()) { QStringList args; args << m_display << QStringLiteral("-ac") << QStringLiteral("-br") << QStringLiteral("-noreset") << QStringLiteral("-screen") << QStringLiteral("800x600"); @@ -210,8 +219,14 @@ namespace SDDM { emit started(); } - // generate auth file - addCookie(m_authPath); + // The file is also used by the greeter, which does care about the + // display number. Write the proper entry, if it's different. + if(m_display != QStringLiteral(":0")) { + if(!addCookie(m_authPath)) { + qCritical() << "Failed to write xauth file"; + return false; + } + } changeOwner(m_authPath); // set flag diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h index d2bdf6d..e97a0b5 100644 --- a/src/daemon/XorgDisplayServer.h +++ b/src/daemon/XorgDisplayServer.h @@ -40,7 +40,7 @@ namespace SDDM { const QString &cookie() const; - void addCookie(const QString &file); + bool addCookie(const QString &file); public slots: bool start(); -- 2.25.1 ++++++ 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch ++++++ >From 25cc8be1ccb41de8f789ac4ea55437a3159e5d4e Mon Sep 17 00:00:00 2001 From: Hrvoje Senjan <[email protected]> Date: Sat, 2 Sep 2017 11:27:01 +0200 Subject: [PATCH] Read the DISPLAYMANAGER_AUTOLOGIN value from sysconfig/displaymanager Support DISPLAYMANAGER_AUTOLOGIN entry from /etc/sysconfig/displaymanager, the value overwrites any entry in sddm.conf/[Autologin]/User. Patch also defaults to default.desktop as default autologin session. This is controlled only by sddm.conf file. --- CMakeLists.txt | 1 + src/common/Configuration.h | 5 +++-- src/common/Constants.h.in | 1 + src/daemon/Display.cpp | 12 ++++++++++++ 4 files changed, 17 insertions(+), 2 deletions(-) Index: sddm-0.17.0/CMakeLists.txt =================================================================== --- sddm-0.17.0.orig/CMakeLists.txt +++ sddm-0.17.0/CMakeLists.txt @@ -186,6 +186,7 @@ set(WAYLAND_SESSION_COMMAND "${DATA_ set(CONFIG_FILE "${CMAKE_INSTALL_FULL_SYSCONFDIR}/sddm.conf" CACHE PATH "Path of the sddm config file") set(CONFIG_DIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/sddm.conf.d" CACHE PATH "Path of the sddm config directory") set(SYSTEM_CONFIG_DIR "${CMAKE_INSTALL_PREFIX}/lib/sddm/sddm.conf.d" CACHE PATH "Path of the system sddm config directory") +set(DISPLAY_MANAGER_CONFIG_FILE "${CMAKE_INSTALL_FULL_SYSCONFDIR}/sysconfig/displaymanager" CACHE PATH "Path of the sysconfig/displaymanager config file") set(LOG_FILE "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/sddm.log" CACHE PATH "Path of the sddm log file") set(DBUS_CONFIG_FILENAME "org.freedesktop.DisplayManager.conf" CACHE STRING "Name of the sddm config file") set(COMPONENTS_TRANSLATION_DIR "${DATA_INSTALL_DIR}/translations" CACHE PATH "Components translations directory") Index: sddm-0.17.0/src/common/Configuration.h =================================================================== --- sddm-0.17.0.orig/src/common/Configuration.h +++ sddm-0.17.0/src/common/Configuration.h @@ -94,14 +94,15 @@ namespace SDDM { Section(Autologin, Entry(User, QString, QString(), _S("Username for autologin session")); - Entry(Session, QString, QString(), _S("Name of session file for autologin session (if empty try last logged in)")); + Entry(Session, QString, _S("default.desktop"), _S("Name of session file for autologin session (if empty try last logged in)")); + Entry(Relogin, bool, false, _S("Whether sddm should automatically log back into sessions when they exit")); ); ); Config(StateConfig, []()->QString{auto tmp = getpwnam("sddm"); return tmp ? QString::fromLocal8Bit(tmp->pw_dir) : QStringLiteral(STATE_DIR);}().append(QStringLiteral("/state.conf")), QString(), QString(), Section(Last, - Entry(Session, QString, QString(), _S("Name of the session for the last logged-in user.\n" + Entry(Session, QString, _S("/usr/share/xsessions/default.desktop"), _S("Name of the session for the last logged-in user.\n" "This session will be preselected when the login screen appears.")); Entry(User, QString, QString(), _S("Name of the last logged-in user.\n" "This user will be preselected when the login screen appears")); Index: sddm-0.17.0/src/common/Constants.h.in =================================================================== --- sddm-0.17.0.orig/src/common/Constants.h.in +++ sddm-0.17.0/src/common/Constants.h.in @@ -35,6 +35,7 @@ #define CONFIG_FILE "@CONFIG_FILE@" #define CONFIG_DIR "@CONFIG_DIR@" #define SYSTEM_CONFIG_DIR "@SYSTEM_CONFIG_DIR@" +#define DISPLAY_MANAGER_CONFIG_FILE "@DISPLAY_MANAGER_CONFIG_FILE@" #define LOG_FILE "@LOG_FILE@" #define PID_FILE "@PID_FILE@" Index: sddm-0.17.0/src/daemon/Display.cpp =================================================================== --- sddm-0.17.0.orig/src/daemon/Display.cpp +++ sddm-0.17.0/src/daemon/Display.cpp @@ -35,6 +35,7 @@ #include <QDebug> #include <QFile> #include <QTimer> +#include <QSettings> #include <pwd.h> #include <unistd.h> @@ -151,6 +152,11 @@ namespace SDDM { // log message qDebug() << "Display server started."; + QSettings sysconfSettings(QStringLiteral(DISPLAY_MANAGER_CONFIG_FILE), QSettings::NativeFormat); + QString sysconfigUser = sysconfSettings.value(QStringLiteral("DISPLAYMANAGER_AUTOLOGIN"), QStringLiteral("")).toString(); + + mainConfig.Autologin.User.set(sysconfigUser); + if ((daemonApp->first || mainConfig.Autologin.Relogin.get()) && !mainConfig.Autologin.User.get().isEmpty()) { // reset first flag ++++++ 0001-Remove-suffix-for-Wayland-session.patch ++++++ >From aa342153bf3bd88a7af5dc6c454cb4c9d16f95ee Mon Sep 17 00:00:00 2001 From: Pier Luigi Fiorini <[email protected]> Date: Tue, 20 Mar 2018 18:22:39 +0100 Subject: [PATCH] Remove suffix for Wayland session Some desktops like GNOME specify which windowing system is in use with the Name entry of their desktop file. For Wayland-only desktops such as Liri this information is redundant and so is for X11-only window managers. Do not append the Wayland suffix and let desktops handle it themeselves. [ChangeLog][Greeter] Remove suffix for Wayland sessions --- src/common/Session.cpp | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/common/Session.cpp b/src/common/Session.cpp index 4812d67..a2be266 100644 --- a/src/common/Session.cpp +++ b/src/common/Session.cpp @@ -161,12 +161,8 @@ namespace SDDM { if (current_section != QLatin1String("Desktop Entry")) continue; // We are only interested in the "Desktop Entry" section - if (line.startsWith(QLatin1String("Name="))) { - if (type == WaylandSession) - m_displayName = QObject::tr("%1 (Wayland)").arg(line.mid(5)); - else - m_displayName = line.mid(5); - } + if (line.startsWith(QLatin1String("Name="))) + m_displayName = line.mid(5); if (line.startsWith(QLatin1String("Comment="))) m_comment = line.mid(8); if (line.startsWith(QLatin1String("Exec="))) -- 2.16.2 ++++++ 0001-Revert-Adds-sourcing-of-etc-profile-to-fish.patch ++++++ >From 35a1af25f7b58e96fb19accb4b3c376a9b362571 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Thu, 27 Sep 2018 19:53:55 +0200 Subject: [PATCH] Revert "Adds sourcing of /etc/profile to fish" This reverts commit f749f1d65165de7ce7b9ae073b19f057b205ab35. See https://github.com/sddm/sddm/issues/1059 --- data/scripts/Xsession | 1 - data/scripts/wayland-session | 1 - 2 files changed, 2 deletions(-) diff --git a/data/scripts/Xsession b/data/scripts/Xsession index c7fa214..2a0691e 100755 --- a/data/scripts/Xsession +++ b/data/scripts/Xsession @@ -39,7 +39,6 @@ case $SHELL in rm -f $xsess_tmp ;; */fish) - [ -f /etc/profile ] && . /etc/profile xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX` $SHELL --login -c "/bin/sh -c 'export -p' > $xsess_tmp" . $xsess_tmp diff --git a/data/scripts/wayland-session b/data/scripts/wayland-session index 42be624..de4f519 100755 --- a/data/scripts/wayland-session +++ b/data/scripts/wayland-session @@ -39,7 +39,6 @@ case $SHELL in rm -f $wlsess_tmp ;; */fish) - [ -f /etc/profile ] && . /etc/profile xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX` $SHELL --login -c "/bin/sh -c 'export -p' > $xsess_tmp" . $xsess_tmp -- 2.18.0 ++++++ 0001-Session-reuse-Only-consider-online-sessions.patch ++++++ >From f131270ff3ae6e6b4e2dc965cd05b46e194b48c1 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Tue, 31 Jul 2018 16:51:13 +0200 Subject: [PATCH] Session reuse: Only consider "online" sessions Otherwise it might switch to already dead sessions ("closing" or "lingering"). --- src/daemon/Display.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/daemon/Display.cpp b/src/daemon/Display.cpp index 86e597e..ec442b0 100644 --- a/src/daemon/Display.cpp +++ b/src/daemon/Display.cpp @@ -290,8 +290,8 @@ namespace SDDM { foreach(const SessionInfo &s, reply.value()) { if (s.userName == user) { OrgFreedesktopLogin1SessionInterface session(Logind::serviceName(), s.sessionPath.path(), QDBusConnection::systemBus()); - if (session.service() == QLatin1String("sddm")) { - m_reuseSessionId = s.sessionId; + if (session.service() == QLatin1String("sddm") && session.state() == QLatin1String("online")) { + m_reuseSessionId = s.sessionId; break; } } -- 2.18.0 ++++++ 0001-Support-both-X11-XDisplay-Wayland-and-WaylandDisplay.patch ++++++ >From 823c0e9daeac9a1b8a8c667f38685e1ce92dca61 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Fri, 9 Mar 2018 21:51:23 +0100 Subject: [PATCH] Support both [X11], [XDisplay], [Wayland] and [WaylandDisplay] config sections In sddm 0.14.0, the [XDisplay] and [WaylandDisplay] sections were renamed for no good reason. This totally breaks existing configurations, so we need to fix that. Reverting would break forwards compat., so just alias them for now. --- src/common/ConfigReader.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/common/ConfigReader.cpp b/src/common/ConfigReader.cpp index 4b5983c..952f8ef 100644 --- a/src/common/ConfigReader.cpp +++ b/src/common/ConfigReader.cpp @@ -198,6 +198,12 @@ namespace SDDM { // get rid of comments first lineRef = lineRef.left(lineRef.indexOf(QLatin1Char('#'))).trimmed(); + // In version 0.13.0, these sections were renamed for no good reason... + if (currentSection == QStringLiteral("XDisplay")) + currentSection = QStringLiteral("X11"); + else if (currentSection == QStringLiteral("WaylandDisplay")) + currentSection = QStringLiteral("Wayland"); + // value assignment int separatorPosition = lineRef.indexOf(QLatin1Char('=')); if (separatorPosition >= 0) { -- 2.16.2 ++++++ 0001-Systemd-service-unit-Use-tty7-by-default.patch ++++++ >From b7cd2c4a505eaadecf1ba5cd895928f23b23e9f2 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Sat, 1 Apr 2017 21:21:36 +0200 Subject: [PATCH] Systemd service unit: Use tty7 by default - We use tty7 by default in sddm.conf --- services/sddm.service.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: sddm-0.18.0/services/sddm.service.in =================================================================== --- sddm-0.18.0.orig/services/sddm.service.in +++ sddm-0.18.0/services/sddm.service.in @@ -1,8 +1,8 @@ [Unit] Description=Simple Desktop Display Manager Documentation=man:sddm(1) man:sddm.conf(5) [email protected] -After=systemd-user-sessions.service [email protected] plymouth-quit.service systemd-logind.service [email protected] +After=systemd-user-sessions.service [email protected] plymouth-quit.service systemd-logind.service [Service] ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/sddm ++++++ 0001-Use-C-scoping-for-handling-buffer-deletion.patch ++++++ >From 047ef56e5cfa757ebfcb03a248edad579564b5f3 Mon Sep 17 00:00:00 2001 From: David Edmundson <[email protected]> Date: Thu, 7 Feb 2019 13:35:41 +0000 Subject: [PATCH] Use C++ scoping for handling buffer deletion --- src/helper/UserSession.cpp | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp index d4fd2cf..b3aec35 100644 --- a/src/helper/UserSession.cpp +++ b/src/helper/UserSession.cpp @@ -135,21 +135,19 @@ namespace SDDM { long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); if (bufsize == -1) bufsize = 16384; - char *buffer = (char *)malloc(bufsize); - if (buffer == NULL) + QScopedPointer<char, QScopedPointerPodDeleter> buffer(static_cast<char*>(malloc(bufsize))); + if (buffer.isNull()) exit(Auth::HELPER_OTHER_ERROR); - int err = getpwnam_r(username.constData(), &pw, buffer, bufsize, &rpw); + int err = getpwnam_r(username.constData(), &pw, buffer.data(), bufsize, &rpw); if (rpw == NULL) { if (err == 0) qCritical() << "getpwnam_r(" << username << ") username not found!"; else qCritical() << "getpwnam_r(" << username << ") failed with error: " << strerror(err); - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } if (setgid(pw.pw_gid) != 0) { qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } @@ -181,7 +179,6 @@ namespace SDDM { &n_user_groups)) == -1 ) { qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid << ") failed"; - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } } @@ -198,7 +195,6 @@ namespace SDDM { // setgroups(2) handles duplicate groups if (setgroups(n_groups, groups) != 0) { qCritical() << "setgroups() failed for user: " << username; - free(buffer); exit (Auth::HELPER_OTHER_ERROR); } delete[] groups; @@ -210,7 +206,6 @@ namespace SDDM { if (initgroups(pw.pw_name, pw.pw_gid) != 0) { qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } @@ -218,23 +213,21 @@ namespace SDDM { if (setuid(pw.pw_uid) != 0) { qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username; - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } if (chdir(pw.pw_dir) != 0) { qCritical() << "chdir(" << pw.pw_dir << ") failed for user: " << username; qCritical() << "verify directory exist and has sufficient permissions"; - free(buffer); exit(Auth::HELPER_OTHER_ERROR); } - free(buffer); + const QString homeDir = QString::fromLocal8Bit(pw.pw_dir); //we cannot use setStandardError file as this code is run in the child process //we want to redirect after we setuid so that the log file is owned by the user // determine stderr log file based on session type QString sessionLog = QStringLiteral("%1/%2") - .arg(QString::fromLocal8Bit(pw.pw_dir)) + .arg(homeDir) .arg(sessionType == QLatin1String("x11") ? mainConfig.X11.SessionLogFile.get() : mainConfig.Wayland.SessionLogFile.get()); -- 2.20.1 ++++++ 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch ++++++ >From e88acb4c8971992bbde1a2e22b04353b0deef0ea Mon Sep 17 00:00:00 2001 From: Hrvoje Senjan <[email protected]> Date: Sat, 2 Sep 2017 11:09:51 +0200 Subject: [PATCH] Write the daemon's PID to a file on startup openSUSE's generic display-manager service doesn't know what to do without a pid file. drop the patch as soon as that sick dinosaur is killed. --- src/common/Constants.h.in | 1 + src/daemon/DaemonApp.cpp | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/common/Constants.h.in b/src/common/Constants.h.in index 7500a49..09b80a7 100644 --- a/src/common/Constants.h.in +++ b/src/common/Constants.h.in @@ -37,6 +37,7 @@ #define SYSTEM_CONFIG_DIR "@SYSTEM_CONFIG_DIR@" #define LOG_FILE "@LOG_FILE@" +#define PID_FILE "@PID_FILE@" #define MINIMUM_VT @MINIMUM_VT@ #define UID_MIN @UID_MIN@ diff --git a/src/daemon/DaemonApp.cpp b/src/daemon/DaemonApp.cpp index b5c8d49..c38e5a4 100644 --- a/src/daemon/DaemonApp.cpp +++ b/src/daemon/DaemonApp.cpp @@ -31,6 +31,7 @@ #include <QDebug> #include <QHostInfo> #include <QTimer> +#include <QFile> #include <iostream> @@ -46,6 +47,16 @@ namespace SDDM { // log message qDebug() << "Initializing..."; + // Write PID File + if ( ! QString(QStringLiteral(PID_FILE)).isEmpty() ) { + QFile pidFile(QStringLiteral(PID_FILE)); + QString pid = QString::number(QCoreApplication::applicationPid()); + if ( pidFile.open(QIODevice::WriteOnly | QIODevice::Text) ) { + pidFile.write(pid.toLatin1().data(), qstrlen(pid.toLatin1().data())); + pidFile.close(); + } + } + // set testing parameter m_testing = (arguments().indexOf(QStringLiteral("--test-mode")) != -1); -- 2.14.1 ++++++ 0002-Don-t-disable-authentication-in-test-mode.patch ++++++ >From 3c17fa476b793a2f17498bce6147f2395f12d229 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Fri, 9 Oct 2020 20:53:34 +0200 Subject: [PATCH 2/2] Don't disable authentication in --test-mode For some reason Xephyr was started with the "-ac" option, although handling of the auth file is completely functional. (cherry picked from commit bb8e817493020113e1b0f3207f7bbcd1593e9c9e) --- src/daemon/XorgDisplayServer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp index 0d3c7ca..bddef79 100644 --- a/src/daemon/XorgDisplayServer.cpp +++ b/src/daemon/XorgDisplayServer.cpp @@ -137,7 +137,7 @@ namespace SDDM { if (daemonApp->testing()) { QStringList args; - args << m_display << QStringLiteral("-ac") << QStringLiteral("-br") << QStringLiteral("-noreset") << QStringLiteral("-screen") << QStringLiteral("800x600"); + args << m_display << QStringLiteral("-auth") << m_authPath << QStringLiteral("-br") << QStringLiteral("-noreset") << QStringLiteral("-screen") << QStringLiteral("800x600"); process->start(mainConfig.X11.XephyrPath.get(), args); -- 2.25.1 ++++++ 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch ++++++ >From 793feb3a90f9ff97ebfcc5f77bc6168b32cd5810 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Mon, 15 May 2017 11:33:46 +0200 Subject: [PATCH] Leave duplicate symlinks out of the SessionModel Used for autologin, default.desktop with update-alternatives. "explicit" needed to be removed from the constructor due to GCC bug 58255 --- src/common/Session.h | 2 +- src/greeter/SessionModel.cpp | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) Index: sddm-0.17.0/src/common/Session.h =================================================================== --- sddm-0.17.0.orig/src/common/Session.h +++ sddm-0.17.0/src/common/Session.h @@ -35,7 +35,7 @@ namespace SDDM { WaylandSession }; - explicit Session(); + Session(); Session(Type type, const QString &fileName); bool isValid() const; Index: sddm-0.17.0/src/greeter/SessionModel.cpp =================================================================== --- sddm-0.17.0.orig/src/greeter/SessionModel.cpp +++ sddm-0.17.0/src/greeter/SessionModel.cpp @@ -122,6 +122,12 @@ namespace SDDM { if (!dir.exists(session)) continue; + // Skip symlinks that point to the same directory, + // they will be visited under the real name + QFileInfo fi_link(dir, session); + if (fi_link.isSymLink() && dir.canonicalPath() == fi_link.canonicalPath()) + continue; + Session *si = new Session(type, session); bool execAllowed = true; QFileInfo fi(si->tryExec()); @@ -149,8 +155,12 @@ namespace SDDM { delete si; } // find out index of the last session + QString canonicalLastSession = QFileInfo(stateConfig.Last.Session.get()).canonicalFilePath(); for (int i = 0; i < d->sessions.size(); ++i) { - if (d->sessions.at(i)->fileName() == stateConfig.Last.Session.get()) { + QString sessionPath = d->sessions.at(i)->directory().absoluteFilePath(d->sessions.at(i)->fileName()); + QString canonicalSession = QFileInfo(sessionPath).canonicalFilePath(); + + if (canonicalSession == canonicalLastSession) { d->lastIndex = i; break; } ++++++ 0006-Don-t-fill-UserModel-if-theme-does-not-require-it.patch ++++++ >From 2dcff84bfe21c8e1c7976797c3f22b91b45f0695 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Sat, 21 Apr 2018 17:40:56 +0200 Subject: [PATCH 6/6] Don't fill UserModel if theme does not require it Certain themes switch to a username input field if there are too many users to show. In those cases we don't need to provide a complete user model. The last logged in user is still added (if available) to keep the index and data valid. To tell sddm that a theme does not need a full user model, theme.conf has to set "General/needsFullUserModel=false". Fixes #479 --- src/greeter/GreeterApp.cpp | 11 ++++++++++- src/greeter/UserModel.cpp | 49 ++++++++++++++++++++++++++++++++++------------ src/greeter/UserModel.h | 4 +++- 3 files changed, 49 insertions(+), 15 deletions(-) diff --git a/src/greeter/GreeterApp.cpp b/src/greeter/GreeterApp.cpp index 1230efa..a9d785c 100644 --- a/src/greeter/GreeterApp.cpp +++ b/src/greeter/GreeterApp.cpp @@ -60,7 +60,6 @@ namespace SDDM { // Create models m_sessionModel = new SessionModel(); - m_userModel = new UserModel(); m_keyboard = new KeyboardModel(); } @@ -111,6 +110,16 @@ namespace SDDM { else m_themeConfig = new ThemeConfig(configFile); + const bool themeNeedsAllUsers = m_themeConfig->value(QStringLiteral("needsFullUserModel"), true).toBool(); + if(m_userModel && themeNeedsAllUsers && !m_userModel->containsAllUsers()) { + // The theme needs all users, but the current user model doesn't have them -> recreate + m_userModel->deleteLater(); + m_userModel = nullptr; + } + + if (!m_userModel) + m_userModel = new UserModel(themeNeedsAllUsers, nullptr); + // Set default icon theme from greeter theme if (m_themeConfig->contains(QStringLiteral("iconTheme"))) QIcon::setThemeName(m_themeConfig->value(QStringLiteral("iconTheme")).toString()); diff --git a/src/greeter/UserModel.cpp b/src/greeter/UserModel.cpp index f6f4f95..fdf2b7e 100644 --- a/src/greeter/UserModel.cpp +++ b/src/greeter/UserModel.cpp @@ -33,13 +33,25 @@ namespace SDDM { class User { public: + User(const struct passwd *data, const QString icon) : + name(QString::fromLocal8Bit(data->pw_name)), + realName(QString::fromLocal8Bit(data->pw_gecos).split(QLatin1Char(',')).first()), + homeDir(QString::fromLocal8Bit(data->pw_dir)), + uid(data->pw_uid), + gid(data->pw_gid), + // if shadow is used pw_passwd will be 'x' nevertheless, so this + // will always be true + needsPassword(strcmp(data->pw_passwd, "") != 0), + icon(icon) + {} + QString name; QString realName; QString homeDir; - QString icon; - bool needsPassword { false }; int uid { 0 }; int gid { 0 }; + bool needsPassword { false }; + QString icon; }; typedef std::shared_ptr<User> UserPtr; @@ -48,9 +60,10 @@ namespace SDDM { public: int lastIndex { 0 }; QList<UserPtr> users; + bool containsAllUsers { true }; }; - UserModel::UserModel(QObject *parent) : QAbstractListModel(parent), d(new UserModelPrivate()) { + UserModel::UserModel(bool needAllUsers, QObject *parent) : QAbstractListModel(parent), d(new UserModelPrivate()) { const QString facesDir = mainConfig.Theme.FacesDir.get(); const QString themeDir = mainConfig.Theme.ThemeDir.get(); const QString currentTheme = mainConfig.Theme.Current.get(); @@ -59,6 +72,8 @@ namespace SDDM { const QString iconURI = QStringLiteral("file://%1").arg( QFile::exists(themeDefaultFace) ? themeDefaultFace : defaultFace); + bool lastUserFound = false; + struct passwd *current_pw; while ((current_pw = getpwent()) != nullptr) { @@ -78,19 +93,23 @@ namespace SDDM { continue; // create user - UserPtr user { new User() }; - user->name = QString::fromLocal8Bit(current_pw->pw_name); - user->realName = QString::fromLocal8Bit(current_pw->pw_gecos).split(QLatin1Char(',')).first(); - user->homeDir = QString::fromLocal8Bit(current_pw->pw_dir); - user->uid = int(current_pw->pw_uid); - user->gid = int(current_pw->pw_gid); - // if shadow is used pw_passwd will be 'x' nevertheless, so this - // will always be true - user->needsPassword = strcmp(current_pw->pw_passwd, "") != 0; - user->icon = iconURI; + UserPtr user { new User(current_pw, iconURI) }; // add user d->users << user; + + if (user->name == lastUser()) + lastUserFound = true; + + if (!needAllUsers && d->users.count() > mainConfig.Theme.DisableAvatarsThreshold.get()) { + struct passwd *lastUserData; + // If the theme doesn't require that all users are present, try to add the data for lastUser at least + if(!lastUserFound && (lastUserData = getpwnam(qPrintable(lastUser())))) + d->users << UserPtr(new User(lastUserData, themeDefaultFace)); + + d->containsAllUsers = false; + break; + } } endpwent(); @@ -182,4 +201,8 @@ namespace SDDM { int UserModel::disableAvatarsThreshold() const { return mainConfig.Theme.DisableAvatarsThreshold.get(); } + + bool UserModel::containsAllUsers() const { + return d->containsAllUsers; + } } diff --git a/src/greeter/UserModel.h b/src/greeter/UserModel.h index 1bbf77e..b63cf9a 100644 --- a/src/greeter/UserModel.h +++ b/src/greeter/UserModel.h @@ -34,6 +34,7 @@ namespace SDDM { Q_PROPERTY(QString lastUser READ lastUser CONSTANT) Q_PROPERTY(int count READ rowCount CONSTANT) Q_PROPERTY(int disableAvatarsThreshold READ disableAvatarsThreshold CONSTANT) + Q_PROPERTY(bool containsAllUsers READ containsAllUsers CONSTANT) public: enum UserRoles { NameRole = Qt::UserRole + 1, @@ -43,7 +44,7 @@ namespace SDDM { NeedsPasswordRole }; - UserModel(QObject *parent = 0); + UserModel(bool needAllUsers, QObject *parent = 0); ~UserModel(); QHash<int, QByteArray> roleNames() const override; @@ -55,6 +56,7 @@ namespace SDDM { QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override; int disableAvatarsThreshold() const; + bool containsAllUsers() const; private: UserModelPrivate *d { nullptr }; }; -- 2.16.2 ++++++ 10-theme-SLE.conf ++++++ [Theme] Current=breeze-SLE CursorTheme=breeze_cursors ++++++ 10-theme.conf ++++++ [Theme] Current=breeze-openSUSE CursorTheme=breeze_cursors ++++++ X11-displaymanagers-sddm ++++++ sddm_start_proc () { if [ -x /usr/bin/plymouth ]; then /usr/bin/plymouth quit fi return 0 } sddm_vars() { case $1 in sddm) DISPLAYMANAGER=/usr/bin/sddm STARTPROC=sddm_start_proc RELOADPROC=sddm_start_proc ;; *) return 1 ;; esac return 0 } ++++++ proper_pam.diff ++++++ Index: sddm-0.18.0/services/sddm-autologin.pam =================================================================== --- sddm-0.18.0.orig/services/sddm-autologin.pam +++ sddm-0.18.0/services/sddm-autologin.pam @@ -1,13 +1,6 @@ #%PAM-1.0 -auth required pam_env.so -auth required pam_tally.so file=/var/log/faillog onerr=succeed -auth required pam_shells.so -auth required pam_nologin.so -auth required pam_permit.so --auth optional pam_gnome_keyring.so --auth optional pam_kwallet5.so -account include system-local-login -password include system-local-login -session include system-local-login --session optional pam_gnome_keyring.so auto_start --session optional pam_kwallet5.so auto_start +auth required pam_permit.so +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session Index: sddm-0.18.0/services/sddm.pam =================================================================== --- sddm-0.18.0.orig/services/sddm.pam +++ sddm-0.18.0/services/sddm.pam @@ -1,15 +1,6 @@ #%PAM-1.0 - -auth include system-login --auth optional pam_gnome_keyring.so --auth optional pam_kwallet5.so - -account include system-login - -password include system-login --password optional pam_gnome_keyring.so use_authtok - -session optional pam_keyinit.so force revoke -session include system-login --session optional pam_gnome_keyring.so auto_start --session optional pam_kwallet5.so auto_start +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session Index: sddm-0.18.0/services/sddm-greeter.pam.in =================================================================== --- sddm-0.18.0.orig/services/sddm-greeter.pam.in +++ sddm-0.18.0/services/sddm-greeter.pam.in @@ -1,17 +1,7 @@ #%PAM-1.0 - -# Load environment from /etc/environment and ~/.pam_environment -auth required pam_env.so - -# Always let the greeter start without authentication -auth required pam_permit.so - -# No action required for account management -account required pam_permit.so - -# Can't change password -password required pam_deny.so - -# Setup session -session required pam_unix.so -session optional @LOGIND_PAM_MODULE@ +# PAM configuration used only for the greeter session +auth required pam_permit.so +account required pam_permit.so +password include common-password +session required pam_loginuid.so +session include common-session ++++++ sddm-relaxed-auth.patch ++++++ From: Fabian Vogt <[email protected]> Subject: Set XAUTHLOCALHOSTNAME to allow hostname changes Our libxcb is patched to retry with $XAUTHLOCALHOSTNAME as hostname if the Xauthority entry for the current hostname does not work. There's a stale PR to do something similar (FamilyWild using libXau) upstream: https://github.com/sddm/sddm/pull/863 FamilyWild is not a complete solution either, only when using a temporary Xauthority file for each session separately. Index: sddm-0.18.0/src/helper/Backend.cpp =================================================================== --- sddm-0.18.0.orig/src/helper/Backend.cpp +++ sddm-0.18.0/src/helper/Backend.cpp @@ -27,6 +27,7 @@ #include "UserSession.h" #include <QtCore/QProcessEnvironment> +#include <QtNetwork/QHostInfo> #include <pwd.h> @@ -69,6 +70,7 @@ namespace SDDM { .arg(QString::fromLocal8Bit(pw->pw_dir)) .arg(mainConfig.X11.UserAuthFile.get()); env.insert(QStringLiteral("XAUTHORITY"), value); + env.insert(QStringLiteral("XAUTHLOCALHOSTNAME"), QHostInfo::localHostName()); } // TODO: I'm fairly sure this shouldn't be done for PAM sessions, investigate! m_app->session()->setProcessEnvironment(env); Index: sddm-0.18.0/src/daemon/Display.cpp =================================================================== --- sddm-0.18.0.orig/src/daemon/Display.cpp +++ sddm-0.18.0/src/daemon/Display.cpp @@ -316,8 +316,10 @@ namespace SDDM { QProcessEnvironment env; env.insert(QStringLiteral("PATH"), mainConfig.Users.DefaultPath.get()); - if (session.xdgSessionType() == QLatin1String("x11")) + if (session.xdgSessionType() == QLatin1String("x11")) { env.insert(QStringLiteral("DISPLAY"), name()); + env.insert(QStringLiteral("XAUTHLOCALHOSTNAME"), daemonApp->hostName()); + } env.insert(QStringLiteral("XDG_SEAT_PATH"), daemonApp->displayManager()->seatPath(seat()->name())); env.insert(QStringLiteral("XDG_SESSION_PATH"), daemonApp->displayManager()->sessionPath(QStringLiteral("Session%1").arg(daemonApp->newSessionId()))); env.insert(QStringLiteral("DESKTOP_SESSION"), session.desktopSession()); Index: sddm-0.18.0/src/daemon/Greeter.cpp =================================================================== --- sddm-0.18.0.orig/src/daemon/Greeter.cpp +++ sddm-0.18.0/src/daemon/Greeter.cpp @@ -114,6 +114,7 @@ namespace SDDM { // set process environment QProcessEnvironment env = QProcessEnvironment::systemEnvironment(); env.insert(QStringLiteral("DISPLAY"), m_display->name()); + env.insert(QStringLiteral("XAUTHLOCALHOSTNAME"), daemonApp->hostName()); env.insert(QStringLiteral("XAUTHORITY"), m_authPath); env.insert(QStringLiteral("XCURSOR_THEME"), xcursorTheme); env.insert(QStringLiteral("QT_IM_MODULE"), mainConfig.InputMethod.get()); @@ -175,6 +176,7 @@ namespace SDDM { env.insert(QStringLiteral("PATH"), mainConfig.Users.DefaultPath.get()); env.insert(QStringLiteral("DISPLAY"), m_display->name()); env.insert(QStringLiteral("XAUTHORITY"), m_authPath); + env.insert(QStringLiteral("XAUTHLOCALHOSTNAME"), daemonApp->hostName()); env.insert(QStringLiteral("XCURSOR_THEME"), xcursorTheme); env.insert(QStringLiteral("XDG_SEAT"), m_display->seat()->name()); env.insert(QStringLiteral("XDG_SEAT_PATH"), daemonApp->displayManager()->seatPath(m_display->seat()->name())); ++++++ sddm-service-handle-plymouth.patch ++++++ Index: sddm-0.14.0/services/sddm.service.in =================================================================== --- sddm-0.14.0.orig/services/sddm.service.in +++ sddm-0.14.0/services/sddm.service.in @@ -6,6 +6,7 @@ After=systemd-user-sessions.service gett [Service] ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/sddm +ExecStartPre=-@CMAKE_INSTALL_FULL_BINDIR@/plymouth quit --retain-splash Restart=always [Install] ++++++ sddm-tmpfiles.conf ++++++ # Home dir of the sddm user. Also contains state.conf, # where the the last logged in user and session are saved in. d /var/lib/sddm 0750 sddm sddm # This contains X11 auth files d /run/sddm 0711 root root # Remove leftover auth files on boot r! /run/sddm/* # Remove leftover sockets on boot r! /tmp/sddm-auth*
