summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGilles Dartiguelongue <eva@gentoo.org>2017-09-14 00:25:37 +0200
committerGilles Dartiguelongue <eva@gentoo.org>2017-09-14 00:27:26 +0200
commit6f4c39f9e10e1c6a3a009371260e19aeeb286eba (patch)
tree69e097261f6dcb0cf1542ee645f8f192f538f05a /gnome-base
parentx11-libs/gdk-pixbuf: version bump 2.36.9 → 2.36.10 (diff)
downloadgentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.tar.gz
gentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.tar.bz2
gentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.zip
gnome-base/gdm: security bump to 3.24.2 → 3.24.3 (CVE-2017-12164)
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'gnome-base')
-rw-r--r--gnome-base/gdm/Manifest1
-rw-r--r--gnome-base/gdm/gdm-3.24.3.ebuild213
2 files changed, 214 insertions, 0 deletions
diff --git a/gnome-base/gdm/Manifest b/gnome-base/gdm/Manifest
index 120bc22e7a69..1bd35262ddeb 100644
--- a/gnome-base/gdm/Manifest
+++ b/gnome-base/gdm/Manifest
@@ -1,3 +1,4 @@
DIST gdm-3.22.3.tar.xz 1110740 SHA256 e7ca3ce77140efe1920f8864c2c77f89bc9f9f75e70e744994cf0a70d8780963 SHA512 b87acfca13c1d71ed1d7390625d1c36d58cfcde0ea969fa29cde5cabcb2fdf386e30e3b4d3ca057c2cdb99c202dca19d2a478b55083c468c7fb595e69881aebf WHIRLPOOL 7239028567fcdb6acba5e38982163ab52c5560d24ab3e97db065c7afbc4e7fa42611f6d271ca3d07cd30b0e5e641dee1c2958089efd69f3fd394733ebaa1c0e7
DIST gdm-3.24.2.tar.xz 1113644 SHA256 4378b9fad5536e03c56ad138d0e249fbcaa09977b867895426cb41c978fe5de8 SHA512 6e2649bce5520532a2976bac8a47629fc4c852d7127b913c29a9c43a7dba26d75472a083cbfff7b64bab56deb38ed13d8387d4d302d55f263c80120255a4a270 WHIRLPOOL 41b95ca05414af99c0ae426fb3bd28b25d3f477a22c2151bc7a94d72d09b10b48545ed511c72e7f493cabc99368776eaf16d0436db9c533efd4692ecfe4767fe
+DIST gdm-3.24.3.tar.xz 1113992 SHA256 c07bb3fdde46deb0fdaf12bdfbce0365806dd4df4573783d7b8301d2a8ddbdf1 SHA512 d8edffb582545f452ec071990fd7d07d6cb755458bc77a9e1b807816f8202f70fc8177e4bb345125075347942c6760c5a5460e3570dc32ee2570ecc15e5f3345 WHIRLPOOL 4d78e4de6c402fc3c45b48aebf3ae12cbf2065056d524288308544c4b41c23e3dbb00d012054419f8ccd36e02a515186554391e0905a8f56659dd463f25060a8
DIST tango-gentoo-v1.1.tar.gz 29322 SHA256 518efa4257c8e689488399db23397a89f4dcd5990ce537ef6215860ad5606eb0 SHA512 87d47ddab68361db6d99866c51705dcb3e198f8345a1096859acf2c6cca5099dd23c7fb30d124f52c4933ea38fd45fadffbbe6ecbdfa84f5b60938a4824f9045 WHIRLPOOL 9e1635a505ea48f4fe8bdb3b8b3b43cfb9cf99e3204194c51361b198886e719921cfacbc15f9f6407aa7d0c4af178e24c74b998fc370fa2329040e5be1baf153
diff --git a/gnome-base/gdm/gdm-3.24.3.ebuild b/gnome-base/gdm/gdm-3.24.3.ebuild
new file mode 100644
index 000000000000..98e6db80fbba
--- /dev/null
+++ b/gnome-base/gdm/gdm-3.24.3.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_LA_PUNT="yes"
+
+inherit eutils gnome2 pam readme.gentoo-r1 systemd user versionator
+
+DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins"
+HOMEPAGE="https://wiki.gnome.org/Projects/GDM"
+
+SRC_URI="${SRC_URI}
+ branding? ( https://www.mail-archive.com/tango-artists@lists.freedesktop.org/msg00043/tango-gentoo-v1.1.tar.gz )
+"
+
+LICENSE="
+ GPL-2+
+ branding? ( CC-BY-SA-4.0 )
+"
+
+SLOT="0"
+
+IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux smartcard tcpd test wayland xinerama"
+
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86"
+
+# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686
+# nspr used by smartcard extension
+# dconf, dbus and g-s-d are needed at install time for dconf update
+# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784
+COMMON_DEPEND="
+ app-text/iso-codes
+ >=dev-libs/glib-2.36:2[dbus]
+ >=x11-libs/gtk+-2.91.1:3
+ >=gnome-base/dconf-0.20
+ >=gnome-base/gnome-settings-daemon-3.1.4
+ gnome-base/gsettings-desktop-schemas
+ >=media-libs/fontconfig-2.5.0:1.0
+ >=media-libs/libcanberra-0.4[gtk3]
+ sys-apps/dbus
+ >=sys-apps/accountsservice-0.6.35
+
+ x11-apps/sessreg
+ x11-base/xorg-server
+ x11-libs/libXi
+ x11-libs/libXau
+ x11-libs/libX11
+ x11-libs/libXdmcp
+ x11-libs/libXext
+ x11-libs/libXft
+ x11-libs/libxcb
+ >=x11-misc/xdg-utils-1.0.2-r3
+
+ virtual/pam
+ >=sys-apps/systemd-186:0=[pam]
+
+ sys-auth/pambase[systemd]
+
+ audit? ( sys-process/audit )
+ introspection? ( >=dev-libs/gobject-introspection-0.9.12:= )
+ plymouth? ( sys-boot/plymouth )
+ selinux? ( sys-libs/libselinux )
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ xinerama? ( x11-libs/libXinerama )
+"
+# XXX: These deps are from session and desktop files in data/ directory
+# fprintd is used via dbus by gdm-fingerprint-extension
+# gnome-session-3.6 needed to avoid freezing with orca
+RDEPEND="${COMMON_DEPEND}
+ >=gnome-base/gnome-session-3.6
+ >=gnome-base/gnome-shell-3.1.90
+ x11-apps/xhost
+
+ accessibility? (
+ >=app-accessibility/orca-3.10
+ gnome-extra/mousetweaks )
+ fprint? (
+ sys-auth/fprintd
+ sys-auth/pam_fprint )
+
+ !gnome-extra/fast-user-switch-applet
+"
+DEPEND="${COMMON_DEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ dev-util/gdbus-codegen
+ >=dev-util/intltool-0.40.0
+ dev-util/itstool
+ virtual/pkgconfig
+ x11-proto/inputproto
+ x11-proto/randrproto
+ test? ( >=dev-libs/check-0.9.4 )
+ xinerama? ( x11-proto/xineramaproto )
+"
+
+DOC_CONTENTS="
+ To make GDM start at boot, run:\n
+ # systemctl enable gdm.service\n
+ \n
+ For passwordless login to unlock your keyring, you need to install
+ sys-auth/pambase with USE=gnome-keyring and set an empty password
+ on your keyring. Use app-crypt/seahorse for that.\n
+ \n
+ You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11
+ for smartcard support
+"
+
+pkg_setup() {
+ enewgroup gdm
+ enewgroup video # Just in case it hasn't been created yet
+ enewuser gdm -1 -1 /var/lib/gdm gdm,video
+
+ # For compatibility with certain versions of nvidia-drivers, etc., need to
+ # ensure that gdm user is in the video group
+ if ! egetent group video | grep -q gdm; then
+ # FIXME XXX: is this at all portable, ldap-safe, etc.?
+ # XXX: egetent does not have a 1-argument form, so we can't use it to
+ # get the list of gdm's groups
+ local g=$(groups gdm)
+ elog "Adding user gdm to video group"
+ usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed"
+ fi
+}
+
+src_prepare() {
+ # ssh-agent handling must be done at xinitrc.d, bug #220603
+ eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch"
+
+ # Gentoo does not have a fingerprint-auth pam stack
+ eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch"
+
+ # Show logo when branding is enabled
+ use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch"
+
+ gnome2_src_prepare
+}
+
+src_configure() {
+ local myconf
+ # PAM is the only auth scheme supported
+ # even though configure lists shadow and crypt
+ # they don't have any corresponding code.
+ # --with-at-spi-registryd-directory= needs to be passed explicitly because
+ # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4
+ # Xevie is obsolete, bug #482304
+ # --with-initial-vt=7 conflicts with plymouth, bug #453392
+ ! use plymouth && myconf="${myconf} --with-initial-vt=7"
+
+ gnome2_src_configure \
+ --enable-gdm-xsession \
+ --enable-user-display-server \
+ --with-run-dir=/run/gdm \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --with-xdmcp=yes \
+ --enable-authentication-scheme=pam \
+ --with-default-pam-config=exherbo \
+ --with-pam-mod-dir=$(getpam_mod_dir) \
+ --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \
+ --without-xevie \
+ --enable-systemd-journal \
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+ $(use_with audit libaudit) \
+ $(use_enable ipv6) \
+ $(use_with plymouth) \
+ $(use_with selinux) \
+ $(use_with tcpd tcp-wrappers) \
+ $(use_enable wayland wayland-support) \
+ $(use_with xinerama) \
+ ${myconf}
+}
+
+src_install() {
+ gnome2_src_install
+
+ if ! use accessibility ; then
+ rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die
+ fi
+
+ exeinto /etc/X11/xinit/xinitrc.d
+ newexe "${FILESDIR}/49-keychain-r1" 49-keychain
+ newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent
+
+ # gdm user's home directory
+ keepdir /var/lib/gdm
+ fowners gdm:gdm /var/lib/gdm
+
+ # install XDG_DATA_DIRS gdm changes
+ echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm
+ doenvd 99xdg-gdm
+
+ use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg
+
+ readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ local d ret
+
+ gnome2_pkg_postinst
+
+ # bug #436456; gdm crashes if /var/lib/gdm subdirs are not owned by gdm:gdm
+ ret=0
+ ebegin "Fixing "${EROOT}"var/lib/gdm ownership"
+ chown gdm:gdm "${EROOT}var/lib/gdm" || ret=1
+ for d in "${EROOT}var/lib/gdm/"{.cache,.config,.local}; do
+ [[ ! -e "${d}" ]] || chown -R gdm:gdm "${d}" || ret=1
+ done
+ eend ${ret}
+
+ systemd_reenable gdm.service
+
+ readme.gentoo_print_elog
+}