summaryrefslogtreecommitdiff
path: root/gnome-base/gdm
diff options
context:
space:
mode:
Diffstat (limited to 'gnome-base/gdm')
-rw-r--r--gnome-base/gdm/Manifest4
-rw-r--r--gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch163
-rw-r--r--gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch61
-rw-r--r--gnome-base/gdm/gdm-3.24.3-r1.ebuild (renamed from gnome-base/gdm/gdm-3.24.3.ebuild)19
4 files changed, 232 insertions, 15 deletions
diff --git a/gnome-base/gdm/Manifest b/gnome-base/gdm/Manifest
index a72befd1d5ec..2284116bda0d 100644
--- a/gnome-base/gdm/Manifest
+++ b/gnome-base/gdm/Manifest
@@ -1,3 +1,5 @@
+AUX 3.24.3-CVE-2018-14424.patch 6513 BLAKE2B ac51cbf4412f53f8460037ca7a811c0f3b883afbd6fabbd248719594e8ec730aab4a9a9e8adece0c53d0dda99f900b0ad450b5d5cf7a74999abd6756983ee4e8 SHA512 7ab8875f15828d8601482953e7b7be96326ff23c0ec945ccbaa401370c622734388daeb6be1043fff8694498dbfe2d7fc74f90bf8c59170df67c78bdb731cd13
+AUX 3.24.3-display-object-lifetime-fix.patch 3235 BLAKE2B d92c20c97f4007121029c1c719c7598af8dbcd181098ec52f0b61f281796d1a9e3981f644cd2bd0ae80025f63faf169db44b91b3075c42566ca0a5dfbd7f9ae3 SHA512 57a585a93754adc2448a2a85a55c90f7f27c5da0689debc93236ac3c26c79cf295abea73bcec5fce3d7651b3998715d11e2b232a35f590e53b52a859bc666523
AUX 49-keychain-r1 193 BLAKE2B e4653256b9a0a23be84286d25278d2addf464cc541d43f57a33ed0390b562d03acf7f9d8510ad1b09d4a3736d2bb2a323f5fcc473014b6f351abb5bee71a419b SHA512 32a6d72de9b6b7bfbac0a563fc8710576419e6d989fe48da294b92b197722059ee0e46672d5df2833cd1a7dacf5ae4ebc31b12b605416fd25a0924c35e505d21
AUX 50-ssh-agent-r1 255 BLAKE2B d197daa7db7da3fc667e5bd561d2edf46b484365130a2d72259c4a2f316ec3af957599cd2c755f7e517ff32ed59e068d1dbcd47da6961534668786403590ff20 SHA512 85c8eca948646508ecc52a30a15b94c626196037ab65b4d797df472df34c714aacf800261902febda5b7bc051bff29efc9fff474a0c029838881b7f8704b13ba
AUX gdm-2.32.0-xinitrc-ssh-agent.patch 842 BLAKE2B 98233eaf06fbe0950aa36bbc8bee2ac7ffa3cdebe75e32b8ef9a5035c383135bfc77e201d2ee07e7ec6b53770bef20484a3fba93b1cd7f434253704b70563e38 SHA512 40630ec2e7bee66102e141a0ba4d02e4202d052bb829606f684b6c23c9f3dbc2d43cea71d7eba163398251af2d7c7b34d0abafee76ccd6400521551de1c385bd
@@ -5,5 +7,5 @@ AUX gdm-3.8.4-fingerprint-auth.patch 923 BLAKE2B e681da8518ed1d002c1205658bb35e4
AUX gdm-3.8.4-logo.patch 805 BLAKE2B 80c323529acfe9287009494060f3e4d588dcf415845d3502840674ac0108cdd721e9af71e2df7cf94bb69fb3526d76e96bd21f31ed002fce460b30fd2afa3a20 SHA512 98dc0b01f4a4cbb87b32ec52450eb21f07bf96dc4d919cf662314c50fe0f2b1a19c90e3d8d2a0de905e8ada41642c0f89aa89dd640ead7e3d732468c9e363fb2
DIST gdm-3.24.3.tar.xz 1113992 BLAKE2B 79ae5ccf0477779bdb05cea4f0e8b2766caee0552efe8fe044da655037bfd603f1e4ab89a4eb0687f786bf44e9fd1c27e07bc498a769c8f88f0cc22b2dd1c9b1 SHA512 d8edffb582545f452ec071990fd7d07d6cb755458bc77a9e1b807816f8202f70fc8177e4bb345125075347942c6760c5a5460e3570dc32ee2570ecc15e5f3345
DIST tango-gentoo-v1.1.tar.gz 29322 BLAKE2B 83fa2bf37727e60851dd679054fe1b153ebfea58c9a9a40f891f7d68d3b047b02e8effa1d1b4e08d64500a2072ce7200f159c92a352da7124de27e1b05bb6027 SHA512 87d47ddab68361db6d99866c51705dcb3e198f8345a1096859acf2c6cca5099dd23c7fb30d124f52c4933ea38fd45fadffbbe6ecbdfa84f5b60938a4824f9045
-EBUILD gdm-3.24.3.ebuild 5989 BLAKE2B 30e27e656a9bdf1018f19ad8c17a7bb630d1ab4ce902e411bea5b9eaa17ed870c9028eaa77717a5eab502a00bef98a28551467ab9b5dfca59892e6024eda8554 SHA512 66b4242cb343b289746c368de1d4a76868951d2ed5c422866c42a621d546e973902a7a4987cfee52a3b8abea9633acfe64ba08b49ada717c58871202a6ce1e70
+EBUILD gdm-3.24.3-r1.ebuild 5789 BLAKE2B d21c9bfcc1ee3fb9c72323c9197a7f1e10a2d384e69bbe0a6eb58d40d4d8d223269c15503efcdb8869b919843f8e5cc7280a098056f1e3ef44cd3bc7b21a3b87 SHA512 2bd2933dabc1493fce0b08371b11ddd09ba59f354ee60cab47dd8e329366703591f14e9e38c6c552c1f9b414b97439f1910ed96167fb6d1927f1afdb06065c58
MISC metadata.xml 477 BLAKE2B 29eb8d343cd5195f35dc73d07c695dd3090f8f8ea436b88c8a8fb7f15beac82aaeb2b83215443851866e7fcec51aa14ff19c30597a74cd9a73b384ee801b16f0 SHA512 4da6d5a4f518596834d4138db716bf58d2b2f28f07fed6379a6f0d8bdecb6b803fb3b24880dfcb93ff5aac03f512bf08af7f9742d01a497dd4fc6d7a74d1a844
diff --git a/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch b/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch
new file mode 100644
index 000000000000..4edb0670958f
--- /dev/null
+++ b/gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch
@@ -0,0 +1,163 @@
+From 6060db704a19b0db68f2e9e6a2d020c0c78b6bba Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Thu, 19 Jul 2018 18:26:05 +0100
+Subject: [PATCH] display-store: Pass the display object rather than the id in
+ the removed signal
+
+By the time GdmDisplayStore emits the "display-removed" signal, the display
+is no longer in the store and gdm_display_store_lookup will not work in
+signal handlers.
+
+Change the "display-removed" parameter from the display id to the GdmDisplay
+object, so that signal handers can perform any cleanup they need to do
+
+CVE-2018-14424
+
+Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401
+---
+ daemon/gdm-display-store.c | 11 +++--------
+ daemon/gdm-display-store.h | 2 +-
+ daemon/gdm-local-display-factory.c | 13 +++----------
+ daemon/gdm-manager.c | 19 +++++++++----------
+ daemon/gdm-manager.h | 3 ++-
+ 5 files changed, 18 insertions(+), 30 deletions(-)
+
+diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c
+index af76f519..fd24334e 100644
+--- a/daemon/gdm-display-store.c
++++ b/daemon/gdm-display-store.c
+@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
+ static void
+ stored_display_free (StoredDisplay *stored_display)
+ {
+- char *id;
+-
+- gdm_display_get_id (stored_display->display, &id, NULL);
+-
+ g_signal_emit (G_OBJECT (stored_display->store),
+ signals[DISPLAY_REMOVED],
+ 0,
+- id);
+- g_free (id);
++ stored_display->display);
+
+ g_debug ("GdmDisplayStore: Unreffing display: %p",
+ stored_display->display);
+@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
+ G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
+ NULL,
+ NULL,
+- g_cclosure_marshal_VOID__STRING,
++ g_cclosure_marshal_VOID__OBJECT,
+ G_TYPE_NONE,
+- 1, G_TYPE_STRING);
++ 1, G_TYPE_OBJECT);
+
+ g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
+ }
+diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h
+index 28359933..0aff8ee2 100644
+--- a/daemon/gdm-display-store.h
++++ b/daemon/gdm-display-store.h
+@@ -49,7 +49,7 @@ typedef struct
+ void (* display_added) (GdmDisplayStore *display_store,
+ const char *id);
+ void (* display_removed) (GdmDisplayStore *display_store,
+- const char *id);
++ GdmDisplay *display);
+ } GdmDisplayStoreClass;
+
+ typedef enum
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index b29f5ac5..403921d3 100644
+--- a/daemon/gdm-local-display-factory.c
++++ b/daemon/gdm-local-display-factory.c
+@@ -558,18 +558,11 @@ on_display_added (GdmDisplayStore *display_store,
+
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+- const char *id,
++ GdmDisplay *display,
+ GdmLocalDisplayFactory *factory)
+ {
+- GdmDisplay *display;
+-
+- display = gdm_display_store_lookup (display_store, id);
+-
+- if (display != NULL) {
+- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
+- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+-
+- }
++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+ }
+
+ static gboolean
+diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
+index 7539acf1..1943d89e 100644
+--- a/daemon/gdm-manager.c
++++ b/daemon/gdm-manager.c
+@@ -1700,19 +1700,18 @@ on_display_status_changed (GdmDisplay *display,
+
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+- const char *id,
++ GdmDisplay *display,
+ GdmManager *manager)
+ {
+- GdmDisplay *display;
++ char *id;
+
+- display = gdm_display_store_lookup (display_store, id);
+- if (display != NULL) {
+- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++ gdm_display_get_id (display, &id, NULL);
++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++ g_free (id);
+
+- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
+
+- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
+- }
++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
+ }
+
+ static void
+@@ -2694,9 +2693,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
+ G_STRUCT_OFFSET (GdmManagerClass, display_removed),
+ NULL,
+ NULL,
+- g_cclosure_marshal_VOID__STRING,
++ g_cclosure_marshal_VOID__OBJECT,
+ G_TYPE_NONE,
+- 1, G_TYPE_STRING);
++ 1, G_TYPE_OBJECT);
+
+ g_object_class_install_property (object_class,
+ PROP_XDMCP_ENABLED,
+diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h
+index 41c68a7a..c8fb3f22 100644
+--- a/daemon/gdm-manager.h
++++ b/daemon/gdm-manager.h
+@@ -24,6 +24,7 @@
+
+ #include <glib-object.h>
+
++#include "gdm-display.h"
+ #include "gdm-manager-glue.h"
+
+ G_BEGIN_DECLS
+@@ -50,7 +51,7 @@ typedef struct
+ void (* display_added) (GdmManager *manager,
+ const char *id);
+ void (* display_removed) (GdmManager *manager,
+- const char *id);
++ GdmDisplay *display);
+ } GdmManagerClass;
+
+ typedef enum
+--
+2.17.1
+
diff --git a/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch
new file mode 100644
index 000000000000..47366ed686cb
--- /dev/null
+++ b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch
@@ -0,0 +1,61 @@
+From 765b306c364885dd89d47fe9fe8618ce6a467bc1 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Thu, 19 Jul 2018 16:01:23 -0400
+Subject: [PATCH] display: tie skeleton handlers to object lifetime
+
+Right now we assume a display skeleton object won't
+outlive its associated display object.
+
+In theory that should be true, but if we accidentally
+leak the skeleton it could erroneously happen.
+
+If that does happen then we'll end accessing free'd
+memory, so the leak will turn into a crasher.
+
+This commit addresses this problem by ensuring
+the skeleton signal handlers are disconnected when the
+associated display object goes away.
+
+CVE-2018-14424
+---
+ daemon/gdm-display.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
+index 1b58781d..5e193f2f 100644
+--- a/daemon/gdm-display.c
++++ b/daemon/gdm-display.c
+@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self)
+ self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id);
+ self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ());
+
+- g_signal_connect (self->priv->display_skeleton, "handle-get-id",
+- G_CALLBACK (handle_get_id), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname",
+- G_CALLBACK (handle_get_remote_hostname), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id",
+- G_CALLBACK (handle_get_seat_id), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name",
+- G_CALLBACK (handle_get_x11_display_name), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-is-local",
+- G_CALLBACK (handle_is_local), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-is-initial",
+- G_CALLBACK (handle_is_initial), self);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-id",
++ G_CALLBACK (handle_get_id), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname",
++ G_CALLBACK (handle_get_remote_hostname), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id",
++ G_CALLBACK (handle_get_seat_id), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name",
++ G_CALLBACK (handle_get_x11_display_name), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-local",
++ G_CALLBACK (handle_is_local), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial",
++ G_CALLBACK (handle_is_initial), self, 0);
+
+ g_dbus_object_skeleton_add_interface (self->priv->object_skeleton,
+ G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton));
+--
+2.17.1
+
diff --git a/gnome-base/gdm/gdm-3.24.3.ebuild b/gnome-base/gdm/gdm-3.24.3-r1.ebuild
index 6dc61fc310ac..b434e40bb942 100644
--- a/gnome-base/gdm/gdm-3.24.3.ebuild
+++ b/gnome-base/gdm/gdm-3.24.3-r1.ebuild
@@ -4,7 +4,7 @@
EAPI=6
GNOME2_LA_PUNT="yes"
-inherit eutils gnome2 pam readme.gentoo-r1 systemd user versionator
+inherit eutils gnome2 pam readme.gentoo-r1 systemd user
DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins"
HOMEPAGE="https://wiki.gnome.org/Projects/GDM"
@@ -126,6 +126,10 @@ src_prepare() {
# Gentoo does not have a fingerprint-auth pam stack
eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch"
+ # CVE-2018-14424, bug #662782
+ eapply "${FILESDIR}/${PV}-CVE-2018-14424.patch"
+ eapply "${FILESDIR}/${PV}-display-object-lifetime-fix.patch"
+
# Show logo when branding is enabled
use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch"
@@ -192,20 +196,7 @@ src_install() {
}
pkg_postinst() {
- local d ret
-
gnome2_pkg_postinst
-
- # bug #436456; gdm crashes if /var/lib/gdm subdirs are not owned by gdm:gdm
- ret=0
- ebegin "Fixing "${EROOT}"var/lib/gdm ownership"
- chown gdm:gdm "${EROOT}var/lib/gdm" || ret=1
- for d in "${EROOT}var/lib/gdm/"{.cache,.config,.local}; do
- [[ ! -e "${d}" ]] || chown -R gdm:gdm "${d}" || ret=1
- done
- eend ${ret}
-
systemd_reenable gdm.service
-
readme.gentoo_print_elog
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 20:26:48 +0000