diff options
Diffstat (limited to 'x11-misc/sddm/files')
5 files changed, 202 insertions, 0 deletions
diff --git a/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch new file mode 100644 index 00000000..8209c073 --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch @@ -0,0 +1,94 @@ +From be202f533ab98a684c6a007e8d5b4357846bc222 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt <fabian@ritter-vogt.de> +Date: Tue, 6 Oct 2020 21:21:38 +0200 +Subject: [PATCH] Fix X not having access control on startup + +If the auth file is empty, X allows any local application (= any user on the +system) to connect. This is currently the case until X wrote the display +number to sddm and sddm used that to write the entry into the file. +To work around this chicken-and-egg problem, make use of the fact that X +doesn't actually look at the display number in the passed auth file and just +use :0 unconditionally. Also make sure that writing the entry was actually +successful. + +CVE-2020-28049 +--- + src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++----- + src/daemon/XorgDisplayServer.h | 2 +- + 2 files changed, 21 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp +index d04f6344..df685b2d 100644 +--- a/src/daemon/XorgDisplayServer.cpp ++++ b/src/daemon/XorgDisplayServer.cpp +@@ -88,7 +88,7 @@ namespace SDDM { + return m_cookie; + } + +- void XorgDisplayServer::addCookie(const QString &file) { ++ bool XorgDisplayServer::addCookie(const QString &file) { + // log message + qDebug() << "Adding cookie to" << file; + +@@ -104,13 +104,13 @@ namespace SDDM { + + // check file + if (!fp) +- return; ++ return false; + fprintf(fp, "remove %s\n", qPrintable(m_display)); + fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie)); + fprintf(fp, "exit\n"); + + // close pipe +- pclose(fp); ++ return pclose(fp) == 0; + } + + bool XorgDisplayServer::start() { +@@ -127,6 +127,15 @@ namespace SDDM { + // log message + qDebug() << "Display server starting..."; + ++ // generate auth file. ++ // For the X server's copy, the display number doesn't matter. ++ // An empty file would result in no access control! ++ m_display = QStringLiteral(":0"); ++ if(!addCookie(m_authPath)) { ++ qCritical() << "Failed to write xauth file"; ++ return false; ++ } ++ + if (daemonApp->testing()) { + QStringList args; + QDir x11socketDir(QStringLiteral("/tmp/.X11-unix")); +@@ -217,8 +226,14 @@ namespace SDDM { + emit started(); + } + +- // generate auth file +- addCookie(m_authPath); ++ // The file is also used by the greeter, which does care about the ++ // display number. Write the proper entry, if it's different. ++ if(m_display != QStringLiteral(":0")) { ++ if(!addCookie(m_authPath)) { ++ qCritical() << "Failed to write xauth file"; ++ return false; ++ } ++ } + changeOwner(m_authPath); + + // set flag +diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h +index d2bdf6d4..e97a0b53 100644 +--- a/src/daemon/XorgDisplayServer.h ++++ b/src/daemon/XorgDisplayServer.h +@@ -40,7 +40,7 @@ namespace SDDM { + + const QString &cookie() const; + +- void addCookie(const QString &file); ++ bool addCookie(const QString &file); + + public slots: + bool start(); diff --git a/x11-misc/sddm/files/sddm-0.18.1-drop-wayland-suffix.patch b/x11-misc/sddm/files/sddm-0.18.1-drop-wayland-suffix.patch new file mode 100644 index 00000000..70efa284 --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.18.1-drop-wayland-suffix.patch @@ -0,0 +1,28 @@ +From 9a440ba5917ff93c6a78726380c6267d91c13f19 Mon Sep 17 00:00:00 2001 +From: Alex <alex.shaw.as@gmail.com> +Date: Mon, 30 Sep 2019 16:50:16 -0400 +Subject: [PATCH] Prevent duplicate session name. + +Several desktop sessions (e.g. KDE Plasma) already include the string " (Wayland)" in the session name. When this happens, the session name displayed to the user is "Plasma (Wayland) (Wayland)". This change makes it so that only "Plasma (Wayland)" will be displayed. + +(cherry picked from commit f9a0648ff3f841b68a07c139c3540b9e75bfd279) +--- + src/common/Session.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/common/Session.cpp b/src/common/Session.cpp +index aa4dad3..923ecd4 100644 +--- a/src/common/Session.cpp ++++ b/src/common/Session.cpp +@@ -169,7 +169,7 @@ namespace SDDM { + + if (line.startsWith(QLatin1String("Name="))) { + if (type == WaylandSession) +- m_displayName = QObject::tr("%1 (Wayland)").arg(line.mid(5)); ++ m_displayName = QObject::tr("%1").arg(line.mid(5)); + else + m_displayName = line.mid(5); + } +-- +2.38.1 + diff --git a/x11-misc/sddm/files/sddm-0.18.1-fix-qt-5.15.7.patch b/x11-misc/sddm/files/sddm-0.18.1-fix-qt-5.15.7.patch new file mode 100644 index 00000000..65e9b857 --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.18.1-fix-qt-5.15.7.patch @@ -0,0 +1,33 @@ +From 5fe712d0e73c6263647bf306f40fbac94a52f4a6 Mon Sep 17 00:00:00 2001 +From: Harald Sitter <sitter@kde.org> +Date: Mon, 24 Oct 2022 13:15:48 +0200 +Subject: disable automatic portal launching + +in Qt6 (and the KDE patch collection for Qt 5) genericunixservices will +internally attempt to probe the portal tech early on in the app life +cycle. this causes the protal system to launch app and then crash +because we aren't actually providing a fully functional session. instead +opt out of this altogether + +(cherry picked from commit fc24321541f6f65b7d1aac89cd82336ffd53e1a0) +--- + src/greeter/GreeterApp.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/greeter/GreeterApp.cpp b/src/greeter/GreeterApp.cpp +index 4e117a7..a491f4d 100644 +--- a/src/greeter/GreeterApp.cpp ++++ b/src/greeter/GreeterApp.cpp +@@ -318,6 +318,9 @@ int main(int argc, char **argv) + QSurfaceFormat::setDefaultFormat(format); + } + ++ // Qt internally may load the xdg portal system early on, prevent this, we do not have a functional session running. ++ qputenv("QT_NO_XDG_DESKTOP_PORTAL", "1"); ++ + QGuiApplication app(argc, argv); + + QCommandLineParser parser; +-- +2.38.1 + diff --git a/x11-misc/sddm/files/sddm-0.18.1-nvidia-glitches-vt-switch.patch b/x11-misc/sddm/files/sddm-0.18.1-nvidia-glitches-vt-switch.patch new file mode 100644 index 00000000..ab2fc18c --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.18.1-nvidia-glitches-vt-switch.patch @@ -0,0 +1,46 @@ +From 76c11653522453efcf86f6f2f53bca1a497ea350 Mon Sep 17 00:00:00 2001 +From: David Edmundson <kde@davidedmundson.co.uk> +Date: Thu, 28 Mar 2019 11:43:37 +0000 +Subject: Enable QSurfaceFormat::ResetNotification on new Qt + +This fixes graphical glitches on nvidia after VT switching. + +It's opt-in as it requires code paths to handle glGetError differently. +The version comparison is because my early implementations missed a code +path. This was fixed in 5.12.2, but we may as well play safe + +(cherry picked from commit cd4e1fa21e1ab7178fa5d2ef858f3271575fd315) +--- + src/greeter/GreeterApp.cpp | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/greeter/GreeterApp.cpp b/src/greeter/GreeterApp.cpp +index d47998e..4e117a7 100644 +--- a/src/greeter/GreeterApp.cpp ++++ b/src/greeter/GreeterApp.cpp +@@ -40,6 +40,9 @@ + #include <QDebug> + #include <QTimer> + #include <QTranslator> ++#include <QLibraryInfo> ++#include <QVersionNumber> ++#include <QSurfaceFormat> + + #include <iostream> + +@@ -309,6 +312,12 @@ int main(int argc, char **argv) + qDebug() << "High-DPI autoscaling not Enabled"; + } + ++ if (QLibraryInfo::version() >= QVersionNumber(5, 13, 0)) { ++ auto format(QSurfaceFormat::defaultFormat()); ++ format.setOption(QSurfaceFormat::ResetNotification); ++ QSurfaceFormat::setDefaultFormat(format); ++ } ++ + QGuiApplication app(argc, argv); + + QCommandLineParser parser; +-- +2.38.1 + diff --git a/x11-misc/sddm/files/sddm.tmpfiles b/x11-misc/sddm/files/sddm.tmpfiles new file mode 100644 index 00000000..300d6461 --- /dev/null +++ b/x11-misc/sddm/files/sddm.tmpfiles @@ -0,0 +1 @@ +d /var/lib/sddm 0755 sddm sddm |