diff options
author | Gilles Dartiguelongue <eva@gentoo.org> | 2017-09-14 00:25:37 +0200 |
---|---|---|
committer | Gilles Dartiguelongue <eva@gentoo.org> | 2017-09-14 00:27:26 +0200 |
commit | 6f4c39f9e10e1c6a3a009371260e19aeeb286eba (patch) | |
tree | 69e097261f6dcb0cf1542ee645f8f192f538f05a /gnome-base | |
parent | x11-libs/gdk-pixbuf: version bump 2.36.9 → 2.36.10 (diff) | |
download | gentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.tar.gz gentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.tar.bz2 gentoo-6f4c39f9e10e1c6a3a009371260e19aeeb286eba.zip |
gnome-base/gdm: security bump to 3.24.2 → 3.24.3 (CVE-2017-12164)
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'gnome-base')
-rw-r--r-- | gnome-base/gdm/Manifest | 1 | ||||
-rw-r--r-- | gnome-base/gdm/gdm-3.24.3.ebuild | 213 |
2 files changed, 214 insertions, 0 deletions
diff --git a/gnome-base/gdm/Manifest b/gnome-base/gdm/Manifest index 120bc22e7a69..1bd35262ddeb 100644 --- a/gnome-base/gdm/Manifest +++ b/gnome-base/gdm/Manifest @@ -1,3 +1,4 @@ DIST gdm-3.22.3.tar.xz 1110740 SHA256 e7ca3ce77140efe1920f8864c2c77f89bc9f9f75e70e744994cf0a70d8780963 SHA512 b87acfca13c1d71ed1d7390625d1c36d58cfcde0ea969fa29cde5cabcb2fdf386e30e3b4d3ca057c2cdb99c202dca19d2a478b55083c468c7fb595e69881aebf WHIRLPOOL 7239028567fcdb6acba5e38982163ab52c5560d24ab3e97db065c7afbc4e7fa42611f6d271ca3d07cd30b0e5e641dee1c2958089efd69f3fd394733ebaa1c0e7 DIST gdm-3.24.2.tar.xz 1113644 SHA256 4378b9fad5536e03c56ad138d0e249fbcaa09977b867895426cb41c978fe5de8 SHA512 6e2649bce5520532a2976bac8a47629fc4c852d7127b913c29a9c43a7dba26d75472a083cbfff7b64bab56deb38ed13d8387d4d302d55f263c80120255a4a270 WHIRLPOOL 41b95ca05414af99c0ae426fb3bd28b25d3f477a22c2151bc7a94d72d09b10b48545ed511c72e7f493cabc99368776eaf16d0436db9c533efd4692ecfe4767fe +DIST gdm-3.24.3.tar.xz 1113992 SHA256 c07bb3fdde46deb0fdaf12bdfbce0365806dd4df4573783d7b8301d2a8ddbdf1 SHA512 d8edffb582545f452ec071990fd7d07d6cb755458bc77a9e1b807816f8202f70fc8177e4bb345125075347942c6760c5a5460e3570dc32ee2570ecc15e5f3345 WHIRLPOOL 4d78e4de6c402fc3c45b48aebf3ae12cbf2065056d524288308544c4b41c23e3dbb00d012054419f8ccd36e02a515186554391e0905a8f56659dd463f25060a8 DIST tango-gentoo-v1.1.tar.gz 29322 SHA256 518efa4257c8e689488399db23397a89f4dcd5990ce537ef6215860ad5606eb0 SHA512 87d47ddab68361db6d99866c51705dcb3e198f8345a1096859acf2c6cca5099dd23c7fb30d124f52c4933ea38fd45fadffbbe6ecbdfa84f5b60938a4824f9045 WHIRLPOOL 9e1635a505ea48f4fe8bdb3b8b3b43cfb9cf99e3204194c51361b198886e719921cfacbc15f9f6407aa7d0c4af178e24c74b998fc370fa2329040e5be1baf153 diff --git a/gnome-base/gdm/gdm-3.24.3.ebuild b/gnome-base/gdm/gdm-3.24.3.ebuild new file mode 100644 index 000000000000..98e6db80fbba --- /dev/null +++ b/gnome-base/gdm/gdm-3.24.3.ebuild @@ -0,0 +1,213 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +GNOME2_LA_PUNT="yes" + +inherit eutils gnome2 pam readme.gentoo-r1 systemd user versionator + +DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" +HOMEPAGE="https://wiki.gnome.org/Projects/GDM" + +SRC_URI="${SRC_URI} + branding? ( https://www.mail-archive.com/tango-artists@lists.freedesktop.org/msg00043/tango-gentoo-v1.1.tar.gz ) +" + +LICENSE=" + GPL-2+ + branding? ( CC-BY-SA-4.0 ) +" + +SLOT="0" + +IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux smartcard tcpd test wayland xinerama" + +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" + +# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 +# nspr used by smartcard extension +# dconf, dbus and g-s-d are needed at install time for dconf update +# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 +COMMON_DEPEND=" + app-text/iso-codes + >=dev-libs/glib-2.36:2[dbus] + >=x11-libs/gtk+-2.91.1:3 + >=gnome-base/dconf-0.20 + >=gnome-base/gnome-settings-daemon-3.1.4 + gnome-base/gsettings-desktop-schemas + >=media-libs/fontconfig-2.5.0:1.0 + >=media-libs/libcanberra-0.4[gtk3] + sys-apps/dbus + >=sys-apps/accountsservice-0.6.35 + + x11-apps/sessreg + x11-base/xorg-server + x11-libs/libXi + x11-libs/libXau + x11-libs/libX11 + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libXft + x11-libs/libxcb + >=x11-misc/xdg-utils-1.0.2-r3 + + virtual/pam + >=sys-apps/systemd-186:0=[pam] + + sys-auth/pambase[systemd] + + audit? ( sys-process/audit ) + introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) + plymouth? ( sys-boot/plymouth ) + selinux? ( sys-libs/libselinux ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + xinerama? ( x11-libs/libXinerama ) +" +# XXX: These deps are from session and desktop files in data/ directory +# fprintd is used via dbus by gdm-fingerprint-extension +# gnome-session-3.6 needed to avoid freezing with orca +RDEPEND="${COMMON_DEPEND} + >=gnome-base/gnome-session-3.6 + >=gnome-base/gnome-shell-3.1.90 + x11-apps/xhost + + accessibility? ( + >=app-accessibility/orca-3.10 + gnome-extra/mousetweaks ) + fprint? ( + sys-auth/fprintd + sys-auth/pam_fprint ) + + !gnome-extra/fast-user-switch-applet +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + dev-util/gdbus-codegen + >=dev-util/intltool-0.40.0 + dev-util/itstool + virtual/pkgconfig + x11-proto/inputproto + x11-proto/randrproto + test? ( >=dev-libs/check-0.9.4 ) + xinerama? ( x11-proto/xineramaproto ) +" + +DOC_CONTENTS=" + To make GDM start at boot, run:\n + # systemctl enable gdm.service\n + \n + For passwordless login to unlock your keyring, you need to install + sys-auth/pambase with USE=gnome-keyring and set an empty password + on your keyring. Use app-crypt/seahorse for that.\n + \n + You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 + for smartcard support +" + +pkg_setup() { + enewgroup gdm + enewgroup video # Just in case it hasn't been created yet + enewuser gdm -1 -1 /var/lib/gdm gdm,video + + # For compatibility with certain versions of nvidia-drivers, etc., need to + # ensure that gdm user is in the video group + if ! egetent group video | grep -q gdm; then + # FIXME XXX: is this at all portable, ldap-safe, etc.? + # XXX: egetent does not have a 1-argument form, so we can't use it to + # get the list of gdm's groups + local g=$(groups gdm) + elog "Adding user gdm to video group" + usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" + fi +} + +src_prepare() { + # ssh-agent handling must be done at xinitrc.d, bug #220603 + eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" + + # Gentoo does not have a fingerprint-auth pam stack + eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" + + # Show logo when branding is enabled + use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch" + + gnome2_src_prepare +} + +src_configure() { + local myconf + # PAM is the only auth scheme supported + # even though configure lists shadow and crypt + # they don't have any corresponding code. + # --with-at-spi-registryd-directory= needs to be passed explicitly because + # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 + # Xevie is obsolete, bug #482304 + # --with-initial-vt=7 conflicts with plymouth, bug #453392 + ! use plymouth && myconf="${myconf} --with-initial-vt=7" + + gnome2_src_configure \ + --enable-gdm-xsession \ + --enable-user-display-server \ + --with-run-dir=/run/gdm \ + --localstatedir="${EPREFIX}"/var \ + --disable-static \ + --with-xdmcp=yes \ + --enable-authentication-scheme=pam \ + --with-default-pam-config=exherbo \ + --with-pam-mod-dir=$(getpam_mod_dir) \ + --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \ + --without-xevie \ + --enable-systemd-journal \ + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ + $(use_with audit libaudit) \ + $(use_enable ipv6) \ + $(use_with plymouth) \ + $(use_with selinux) \ + $(use_with tcpd tcp-wrappers) \ + $(use_enable wayland wayland-support) \ + $(use_with xinerama) \ + ${myconf} +} + +src_install() { + gnome2_src_install + + if ! use accessibility ; then + rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die + fi + + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}/49-keychain-r1" 49-keychain + newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent + + # gdm user's home directory + keepdir /var/lib/gdm + fowners gdm:gdm /var/lib/gdm + + # install XDG_DATA_DIRS gdm changes + echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm + doenvd 99xdg-gdm + + use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg + + readme.gentoo_create_doc +} + +pkg_postinst() { + local d ret + + gnome2_pkg_postinst + + # bug #436456; gdm crashes if /var/lib/gdm subdirs are not owned by gdm:gdm + ret=0 + ebegin "Fixing "${EROOT}"var/lib/gdm ownership" + chown gdm:gdm "${EROOT}var/lib/gdm" || ret=1 + for d in "${EROOT}var/lib/gdm/"{.cache,.config,.local}; do + [[ ! -e "${d}" ]] || chown -R gdm:gdm "${d}" || ret=1 + done + eend ${ret} + + systemd_reenable gdm.service + + readme.gentoo_print_elog +} |