diff --git a/9000-add-openeuler-pam-config.patch b/9000-add-openeuler-pam-config.patch deleted file mode 100644 index 729208f8e3c9ac7415a75da3f9d30f630754f22d..0000000000000000000000000000000000000000 --- a/9000-add-openeuler-pam-config.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ru gdm-3.30.1-origin/configure.ac gdm-3.30.1/configure.ac ---- gdm-3.30.1-origin/configure.ac 2019-12-17 15:33:13.656357443 +0800 -+++ gdm-3.30.1/configure.ac 2019-12-17 17:19:34.848463487 +0800 -@@ -200,6 +200,7 @@ - AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, arch, none @<:@default=auto@:>@])) - dnl If not given, try autodetecting from release files (see NetworkManager source) - if test x$with_default_pam_config = x; then -+ AC_CHECK_FILE(/etc/openEuler-release,with_default_pam_config="redhat") - AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat") - AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat") - AC_CHECK_FILE(/etc/exherbo-release,with_default_pam_config="exherbo") diff --git a/CVE-2019-3825-1.patch b/CVE-2019-3825-1.patch deleted file mode 100644 index a34572206e5dd96d266b92201c9a985f414443cd..0000000000000000000000000000000000000000 --- a/CVE-2019-3825-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7726c81db92d2339fc468ed41c967f5412db66ed Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Wed, 6 Feb 2019 16:14:52 -0500 -Subject: [PATCH] manager: don't kill timed login session immediately after it - starts - -At the moment GDM is misidentifying timed login sessions as if -they are automatic login sessions. That leads to their displays -getting killed sometimes shortly after log in. - -This commit corrects the check, so that timed login sessions aren't -treated as autologin sessions. ---- - daemon/gdm-manager.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c -index 4d2ad9dec..dbf64473a 100644 ---- a/daemon/gdm-manager.c -+++ b/daemon/gdm-manager.c -@@ -1683,7 +1683,8 @@ on_start_user_session (StartUserSessionOperation *operation) - session_id); - - -- if (g_strcmp0 (operation->service_name, "gdm-autologin") == 0) { -+ if (g_strcmp0 (operation->service_name, "gdm-autologin") == 0 && -+ !gdm_session_client_is_connected (operation->session)) { - /* remove the unused prepared greeter display since we're not going - * to have a greeter */ - gdm_display_store_remove (self->priv->display_store, display); --- -GitLab - diff --git a/CVE-2019-3825-2.patch b/CVE-2019-3825-2.patch deleted file mode 100644 index eec0d2fabbdaf4604fd45f380d4882783a6b4ad0..0000000000000000000000000000000000000000 --- a/CVE-2019-3825-2.patch +++ /dev/null @@ -1,226 +0,0 @@ -From d9d22a1c48a528873e3cc84a73fc868507b8dd4d Mon Sep 17 00:00:00 2001 -From: Iain Lane -Date: Thu, 31 Jan 2019 10:52:35 +0000 -Subject: [PATCH] manager,session: Add some debugging around starting - reauthentication - -There's a bug right now dealing with timed login and reauthentication, -but it's not clear what's going on by looking at the logs. - -This commit sprinkles some more logging throughout the code, to make -the bug easier to track. ---- - daemon/gdm-manager.c | 46 ++++++++++++++++++++++++++++++++++++++------ - daemon/gdm-session.c | 25 ++++++++++++++++++++---- - 2 files changed, 61 insertions(+), 10 deletions(-) - -diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c -index dbf64473a..1e5719558 100644 ---- a/daemon/gdm-manager.c -+++ b/daemon/gdm-manager.c -@@ -335,23 +335,40 @@ find_session_for_user_on_seat (GdmManager *manager, - - for (node = manager->priv->user_sessions; node != NULL; node = node->next) { - GdmSession *candidate_session = node->data; -- const char *candidate_username, *candidate_seat_id; -+ const char *candidate_username, *candidate_seat_id, *candidate_session_id; - -- if (candidate_session == dont_count_session) -+ candidate_session_id = gdm_session_get_session_id (candidate_session); -+ -+ if (candidate_session == dont_count_session) { -+ g_debug ("GdmSession: Ignoring session %s as requested", -+ candidate_session_id); - continue; -+ } - -- if (!gdm_session_is_running (candidate_session)) -+ if (!gdm_session_is_running (candidate_session)) { -+ g_debug ("GdmSession: Ignoring session %s as it isn't running", -+ candidate_session_id); - continue; -+ } - - candidate_username = gdm_session_get_username (candidate_session); - candidate_seat_id = gdm_session_get_display_seat_id (candidate_session); - -+ g_debug ("GdmManager: Considering session %s on seat %s belonging to user %s", -+ candidate_session_id, -+ candidate_seat_id, -+ candidate_username); -+ - if (g_strcmp0 (candidate_username, username) == 0 && - g_strcmp0 (candidate_seat_id, seat_id) == 0) { -+ g_debug ("GdmManager: yes, found session %s", candidate_session_id); - return candidate_session; - } -+ -+ g_debug ("GdmManager: no, will not use session %s", candidate_session_id); - } - -+ g_debug ("GdmManager: no matching sessions found"); - return NULL; - } - -@@ -835,8 +852,12 @@ gdm_manager_handle_open_session (GdmDBusManager *manager, - #endif - if (session == NULL) { - session = get_user_session_for_display (display); -+ g_debug ("GdmSession: Considering session %s for username %s", -+ gdm_session_get_session_id (session), -+ gdm_session_get_username (session)); - - if (gdm_session_is_running (session)) { -+ g_debug ("GdmSession: the session is running, and therefore can't be used"); - g_dbus_method_invocation_return_error_literal (invocation, - G_DBUS_ERROR, - G_DBUS_ERROR_ACCESS_DENIED, -@@ -1012,6 +1033,10 @@ open_temporary_reauthentication_channel (GdmManager *self, - environment); - g_strfreev (environment); - -+ g_debug ("GdmSession: Created session for temporary reauthentication channel for user %d (seat %s)", -+ (int) uid, -+ seat_id); -+ - g_object_set_data_full (G_OBJECT (session), - "caller-session-id", - g_strdup (session_id), -@@ -1091,11 +1116,13 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager - } - - if (is_login_screen) { -+ g_debug ("GdmManager: looking for login screen session for user %s on seat %s", username, seat_id); - session = find_session_for_user_on_seat (self, - username, - seat_id, - NULL); - } else { -+ g_debug ("GdmManager: looking for user session on display"); - session = get_user_session_for_display (display); - } - -@@ -1918,7 +1945,7 @@ on_session_client_connected (GdmSession *session, - gboolean enabled; - gboolean allow_timed_login = FALSE; - -- g_debug ("GdmManager: client connected"); -+ g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client); - - display = get_display_for_user_session (session); - -@@ -1964,7 +1991,7 @@ on_session_client_disconnected (GdmSession *session, - GPid pid_of_client, - GdmManager *manager) - { -- g_debug ("GdmManager: client disconnected"); -+ g_debug ("GdmManager: client with pid %d disconnected", (int) pid_of_client); - } - - typedef struct -@@ -2031,9 +2058,10 @@ on_session_conversation_started (GdmSession *session, - gboolean enabled; - char *username; - -- g_debug ("GdmManager: session conversation started for service %s", service_name); -+ g_debug ("GdmManager: session conversation started for service %s on session", service_name); - - if (g_strcmp0 (service_name, "gdm-autologin") != 0) { -+ g_debug ("GdmManager: ignoring session conversation since its not automatic login conversation"); - return; - } - -@@ -2143,6 +2171,12 @@ create_user_session_for_display (GdmManager *manager, - display_auth_file, - display_is_local, - NULL); -+ -+ g_debug ("GdmSession: Created user session for user %d on display %s (seat %s)", -+ (int) allowed_user, -+ display_id, -+ display_seat_id); -+ - g_free (display_name); - g_free (remote_hostname); - g_free (display_auth_file); -diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c -index 04f879a7a..09f471086 100644 ---- a/daemon/gdm-session.c -+++ b/daemon/gdm-session.c -@@ -654,7 +654,10 @@ gdm_session_select_user (GdmSession *self, - const char *text) - { - -- g_debug ("GdmSession: Setting user: '%s'", text); -+ g_debug ("GdmSession: selecting user '%s' for session '%s' (%p)", -+ text, -+ gdm_session_get_session_id (self), -+ self); - - g_free (self->priv->selected_user); - self->priv->selected_user = g_strdup (text); -@@ -1429,6 +1432,7 @@ gdm_session_handle_client_select_user (GdmDBusGreeter *greeter_interface, - gdm_dbus_greeter_complete_select_user (greeter_interface, - invocation); - } -+ g_debug ("GdmSession: client selected user '%s' on session (%p)", username, self); - gdm_session_select_user (self, username); - return TRUE; - } -@@ -1485,7 +1489,10 @@ gdm_session_handle_client_begin_auto_login (GdmDBusGreeter *greeter_inter - invocation); - } - -- g_debug ("GdmSession: begin auto login for user '%s'", username); -+ g_debug ("GdmSession: client requesting automatic login for user '%s' on session '%s' (%p)", -+ username, -+ gdm_session_get_session_id (self), -+ self); - - gdm_session_setup_for_user (self, "gdm-autologin", username); - -@@ -1788,7 +1795,9 @@ setup_outside_server (GdmSession *self) - GDBusServer *server; - GError *error = NULL; - -- g_debug ("GdmSession: Creating D-Bus server for greeters and such"); -+ g_debug ("GdmSession: Creating D-Bus server for greeters and such for session %s (%p)", -+ gdm_session_get_session_id (self), -+ self); - - observer = g_dbus_auth_observer_new (); - g_signal_connect_object (observer, -@@ -2172,7 +2181,7 @@ gdm_session_start_conversation (GdmSession *self, - conversation->job = NULL; - } - -- g_debug ("GdmSession: starting conversation %s", service_name); -+ g_debug ("GdmSession: starting conversation %s for session (%p)", service_name, self); - - conversation = start_conversation (self, service_name); - -@@ -2331,6 +2340,10 @@ gdm_session_setup_for_user (GdmSession *self, - - update_session_type (self); - -+ g_debug ("GdmSession: Set up service %s for username %s on session (%p)", -+ service_name, -+ username, -+ self); - gdm_session_select_user (self, username); - - self->priv->is_program_session = FALSE; -@@ -2961,6 +2974,10 @@ gdm_session_start_reauthentication (GdmSession *session, - - g_return_if_fail (conversation != NULL); - -+ g_debug ("GdmSession: starting reauthentication for session %s for client with pid %d", -+ conversation->session_id, -+ (int) uid_of_caller); -+ - conversation->reauth_pid_of_caller = pid_of_caller; - - gdm_dbus_worker_call_start_reauthentication (conversation->worker_proxy, --- -GitLab - diff --git a/CVE-2019-3825-3.patch b/CVE-2019-3825-3.patch deleted file mode 100644 index 4068ba8380d59463b5fbd5d2968e1921fba9a5e1..0000000000000000000000000000000000000000 --- a/CVE-2019-3825-3.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 94d9fec87960e3ff5f7b75dadcde2807db148fbd Mon Sep 17 00:00:00 2001 -From: Iain Lane -Date: Thu, 31 Jan 2019 17:51:52 +0000 -Subject: [PATCH] session: Don't allow greeter operations on an running session - -If a client has a reference to a session that starts running, -refuse to allow further operations on the session. - -CVE-2019-3825 ---- - daemon/gdm-session.c | 75 ++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 75 insertions(+) - -diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c -index 09f471086..ca06608c4 100644 ---- a/daemon/gdm-session.c -+++ b/daemon/gdm-session.c -@@ -1414,6 +1414,21 @@ gdm_session_handle_client_select_session (GdmDBusGreeter *greeter_interf - const char *session, - GdmSession *self) - { -+ if (gdm_session_is_running (self)) { -+ const char *username; -+ -+ username = gdm_session_get_username (self); -+ g_debug ("GdmSession: refusing to select session %s since it's already running (for user %s)", -+ session, -+ username); -+ g_dbus_method_invocation_return_error (invocation, -+ G_DBUS_ERROR, -+ G_DBUS_ERROR_INVALID_ARGS, -+ "Session already running for user %s", -+ username); -+ return TRUE; -+ } -+ - if (self->priv->greeter_interface != NULL) { - gdm_dbus_greeter_complete_select_session (greeter_interface, - invocation); -@@ -1428,6 +1443,22 @@ gdm_session_handle_client_select_user (GdmDBusGreeter *greeter_interface, - const char *username, - GdmSession *self) - { -+ if (gdm_session_is_running (self)) { -+ const char *session_username; -+ -+ session_username = gdm_session_get_username (self); -+ g_debug ("GdmSession: refusing to select user %s, since session (%p) already running (for user %s)", -+ username, -+ self, -+ session_username); -+ g_dbus_method_invocation_return_error (invocation, -+ G_DBUS_ERROR, -+ G_DBUS_ERROR_INVALID_ARGS, -+ "Session already running for user %s", -+ session_username); -+ return TRUE; -+ } -+ - if (self->priv->greeter_interface != NULL) { - gdm_dbus_greeter_complete_select_user (greeter_interface, - invocation); -@@ -1444,6 +1475,20 @@ gdm_session_handle_client_start_session_when_ready (GdmDBusGreeter *greet - gboolean client_is_ready, - GdmSession *self) - { -+ if (gdm_session_is_running (self)) { -+ const char *username; -+ -+ username = gdm_session_get_username (self); -+ g_debug ("GdmSession: refusing to start session (%p), since it's already running (for user %s)", -+ self, -+ username); -+ g_dbus_method_invocation_return_error (invocation, -+ G_DBUS_ERROR, -+ G_DBUS_ERROR_INVALID_ARGS, -+ "Session already running for user %s", -+ username); -+ return TRUE; -+ } - - if (self->priv->greeter_interface != NULL) { - gdm_dbus_greeter_complete_start_session_when_ready (greeter_interface, -@@ -1462,6 +1507,20 @@ gdm_session_handle_get_timed_login_details (GdmDBusGreeter *greeter_inter - GDBusMethodInvocation *invocation, - GdmSession *self) - { -+ if (gdm_session_is_running (self)) { -+ const char *username; -+ -+ username = gdm_session_get_username (self); -+ g_debug ("GdmSession: refusing to give timed login details, session (%p) already running (for user %s)", -+ self, -+ username); -+ g_dbus_method_invocation_return_error (invocation, -+ G_DBUS_ERROR, -+ G_DBUS_ERROR_INVALID_ARGS, -+ "Session already running for user %s", -+ username); -+ return TRUE; -+ } - - if (self->priv->greeter_interface != NULL) { - gdm_dbus_greeter_complete_get_timed_login_details (greeter_interface, -@@ -1484,6 +1543,22 @@ gdm_session_handle_client_begin_auto_login (GdmDBusGreeter *greeter_inter - const char *username, - GdmSession *self) - { -+ const char *session_username; -+ -+ if (gdm_session_is_running (self)) { -+ session_username = gdm_session_get_username (self); -+ g_debug ("GdmSession: refusing auto login operation, session (%p) already running for user %s (%s requested)", -+ self, -+ session_username, -+ username); -+ g_dbus_method_invocation_return_error (invocation, -+ G_DBUS_ERROR, -+ G_DBUS_ERROR_INVALID_ARGS, -+ "Session already owned by user %s", -+ session_username); -+ return TRUE; -+ } -+ - if (self->priv->greeter_interface != NULL) { - gdm_dbus_greeter_complete_begin_auto_login (greeter_interface, - invocation); --- -GitLab - diff --git a/CVE-2019-3825-4.patch b/CVE-2019-3825-4.patch deleted file mode 100644 index 6b2ca91c46611115d084c590abc7db1f996eeae5..0000000000000000000000000000000000000000 --- a/CVE-2019-3825-4.patch +++ /dev/null @@ -1,50 +0,0 @@ -From dd45295425c5a843c30aa8797b02d59ff488acb8 Mon Sep 17 00:00:00 2001 -From: Iain Lane -Date: Mon, 4 Feb 2019 15:12:38 +0000 -Subject: [PATCH] GdmManager: Don't perform timed login if session gets started - -At the moment it's possible for the login screen to initiate -a timed login operation shortly after a user successfully starts -their session. - -GDM won't complete the timed login operation, since a session is -already running, but will erroneously overwrite the username -associated with the session, misattributing the users session -to the timed login user. - -Later, attempts to log in as the timed user will instead unlock the -session for the other user, since that session is now associated -with the timed login user. - -This commit refuses timed login requests on sessions that are -already running, so the username doesn't get corrupted. - -CVE-2019-3825 - -Closes https://gitlab.gnome.org/GNOME/gdm/issues/460 ---- - daemon/gdm-manager.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c -index 1e5719558..b8619fbba 100644 ---- a/daemon/gdm-manager.c -+++ b/daemon/gdm-manager.c -@@ -1947,6 +1947,14 @@ on_session_client_connected (GdmSession *session, - - g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client); - -+ if (gdm_session_is_running (session)) { -+ const char *session_username; -+ session_username = gdm_session_get_username (session); -+ g_debug ("GdmManager: ignoring connection, since session already running (for user %s)", -+ session_username); -+ return; -+ } -+ - display = get_display_for_user_session (session); - - if (display == NULL) { --- -GitLab - diff --git a/display-Use-autoptr-to-handle-errors-in-look-for-exi.patch b/display-Use-autoptr-to-handle-errors-in-look-for-exi.patch deleted file mode 100644 index 76adc349e39bee348c8511e016226d49feaef2df..0000000000000000000000000000000000000000 --- a/display-Use-autoptr-to-handle-errors-in-look-for-exi.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 4e6e5335d29c039bed820c43bfd1c19cb62539ff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= -Date: Tue, 27 Oct 2020 15:38:28 +0100 -Subject: [PATCH] display: Use autoptr to handle errors in look for existing - users - -It will make things just cleaner ---- - daemon/gdm-display.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - -diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c -index 5e193f2..a65cbf1 100644 ---- a/daemon/gdm-display.c -+++ b/daemon/gdm-display.c -@@ -539,9 +539,9 @@ gdm_display_real_prepare (GdmDisplay *self) - static void - look_for_existing_users_sync (GdmDisplay *self) - { -- GError *error = NULL; -- GVariant *call_result; -- GVariant *user_list; -+ g_autoptr(GError) error = NULL; -+ g_autoptr(GVariant) call_result = NULL; -+ g_autoptr(GVariant) user_list = NULL; - - self->priv->accountsservice_proxy = g_dbus_proxy_new_sync (self->priv->connection, - 0, NULL, -@@ -553,7 +553,7 @@ look_for_existing_users_sync (GdmDisplay *self) - - if (!self->priv->accountsservice_proxy) { - g_warning ("Failed to contact accountsservice: %s", error->message); -- goto out; -+ return FALSE; - } - - call_result = g_dbus_proxy_call_sync (self->priv->accountsservice_proxy, -@@ -566,15 +566,12 @@ look_for_existing_users_sync (GdmDisplay *self) - - if (!call_result) { - g_warning ("Failed to list cached users: %s", error->message); -- goto out; -+ return FALSE; - } - - g_variant_get (call_result, "(@ao)", &user_list); - self->priv->have_existing_user_accounts = g_variant_n_children (user_list) > 0; -- g_variant_unref (user_list); -- g_variant_unref (call_result); --out: -- g_clear_error (&error); -+ return TRUE; - } - - gboolean --- -1.8.3.1 - diff --git a/gdm-3.30.1.tar.xz b/gdm-3.30.1.tar.xz deleted file mode 100644 index e67ddc764904fc82799fb5394b0987582add0d9a..0000000000000000000000000000000000000000 Binary files a/gdm-3.30.1.tar.xz and /dev/null differ diff --git a/gdm-3.38.2.1.tar.xz b/gdm-3.38.2.1.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..07b5c66789580d66db1fc983d89ad496531e6a1d Binary files /dev/null and b/gdm-3.38.2.1.tar.xz differ diff --git a/gdm-should-recover-automatically.patch b/gdm-should-recover-automatically.patch deleted file mode 100644 index 0d588317b4d2667e6f0cb7874b868bef4a6bf4f5..0000000000000000000000000000000000000000 --- a/gdm-should-recover-automatically.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 10f8add3b6f75113676812ef52e32823f91afb44 Mon Sep 17 00:00:00 2001 -From: si-gui <245140120@qq.com> -Date: Fri, 18 Dec 2020 15:18:09 +0800 -Subject: [PATCH] gdm should recover automatically - ---- - data/gdm.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/data/gdm.service.in b/data/gdm.service.in -index 72201c1..d2892b8 100644 ---- a/data/gdm.service.in -+++ b/data/gdm.service.in -@@ -20,6 +20,7 @@ After=rc-local.service plymouth-start.service systemd-user-sessions.service - OnFailure=plymouth-quit.service - - [Service] -+ExecStartPre=/bin/sh -c "systemctl stop session-c*.scope" - ExecStart=@sbindir@/gdm - KillMode=mixed - Restart=always --- -2.23.0 - diff --git a/gdm.spec b/gdm.spec index ed1dc9783b62ae4fb3bcadc2755974fdfe388811..999e60724095736560f9211df3b495723c7cab06 100644 --- a/gdm.spec +++ b/gdm.spec @@ -1,28 +1,21 @@ Name: gdm Epoch: 1 -Version: 3.30.1 -Release: 10 +Version: 3.38.2.1 +Release: 1 Summary: A graphical display manager License: GPLv2+ URL: https://wiki.gnome.org/Projects/GDM -Source0: http://download.gnome.org/sources/gdm/3.30/gdm-%{version}.tar.xz -Patch0: 9000-add-openeuler-pam-config.patch -Patch1: display-Use-autoptr-to-handle-errors-in-look-for-exi.patch -Patch2: gdm-should-recover-automatically.patch -Patch3: CVE-2019-3825-1.patch -Patch4: CVE-2019-3825-2.patch -Patch5: CVE-2019-3825-3.patch -Patch6: CVE-2019-3825-4.patch +Source0: http://download.gnome.org/sources/gdm/3.38/gdm-%{version}.tar.xz BuildRequires: pam-devel >= 0:0.99.8.1-11 desktop-file-utils >= 0.2.90 BuildRequires: libtool automake autoconf libattr-devel gettext-devel libdmx-devel -BuildRequires: audit-libs-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1 +BuildRequires: audit-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1 BuildRequires: pkgconfig(accountsservice) >= 0.6.3 pkgconfig(check) BuildRequires: pkgconfig(gobject-introspection-1.0) pkgconfig(gtk+-3.0) >= 2.99.2 BuildRequires: pkgconfig(iso-codes) pkgconfig(libcanberra-gtk3) pkgconfig(libselinux) BuildRequires: pkgconfig(libsystemd) pkgconfig(ply-boot-client) pkgconfig(systemd) BuildRequires: pkgconfig(x11) pkgconfig(xau) pkgconfig(xorg-server) libXdmcp-devel -BuildRequires: systemd keyutils-libs-devel dconf +BuildRequires: systemd keyutils-libs-devel dconf meson itstool Requires(pre): shadow-utils Requires(post): systemd @@ -60,19 +53,17 @@ The gdm-devel package contains header files and others for building applications that use GDM. %prep -%autosetup -n %{name}-%{version} -p1 -autoreconf -if +%autosetup -n %{name}-%{version} %build -%configure --with-pam-prefix=%{_sysconfdir} --with-run-dir=/run/gdm \ - --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \ - --enable-split-authentication --enable-profiling --enable-console-helper \ - --with-selinux - -sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool -sed -i -e 's/ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then/ func_append compile_command " -Wl,-O1,--as-needed"\n func_append finalize_command " -Wl,-O1,--as-needed"\n\0/' libtool - -%make_build +%meson -Dpam-prefix=%{_sysconfdir} \ + -Drun-dir=/run/gdm \ + -Dudev-dir=%{_udevrulesdir} \ + -Ddefault-path=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin \ + -Dprofiling=true \ + -Dplymouth=enabled \ + -Dselinux=enabled +%meson_build %install install -d %{buildroot}%{_sysconfdir}/gdm/Init @@ -82,7 +73,7 @@ install -d %{buildroot}/var/log/gdm install -d %{buildroot}%{_datadir}/gdm/autostart/LoginWindow install -d %{buildroot}/run/gdm -%make_install +%meson_install (cd %{buildroot}%{_sysconfdir}/gdm; ln -sf ../X11/xinit/Xsession .) @@ -106,11 +97,38 @@ if [ $1 -ge 2 ] ; then fi if [ -n "$oldconffile" ]; then - sed -e 's@^Greeter=/usr/bin/gdmlogin@Greeter=/usr/libexec/gdmlogin@' $oldconffile > $newconffile - sed -e 's@^RemoteGreeter=/usr/bin/gdmgreeter@RemoteGreeter=/usr/libexec/gdmgreeter@' $oldconffile >> $newconffile + sed \ + -e 's@^command=/usr/X11R6/bin/X@#command=/usr/bin/Xorg@' \ + -e 's@^Xnest=/usr/X11R6/bin/Xnest@#Xnest=/usr/X11R6/bin/Xnest@' \ + -e 's@^BaseXsession=/etc/X11/xdm/Xsession@#BaseXsession=/etc/X11/xinit/Xsession@' \ + -e 's@^BaseXsession=/etc/X11/gdm/Xsession@#&@' \ + -e 's@^BaseXsession=/etc/gdm/Xsession@#&@' \ + -e 's@^Greeter=/usr/bin/gdmgreeter@#Greeter=/usr/libexec/gdmgreeter@' \ + -e 's@^RemoteGreeter=/usr/bin/gdmlogin@#RemoteGreeter=/usr/libexec/gdmlogin@' \ + -e 's@^GraphicalTheme=Bluecurve@#&@' \ + -e 's@^BackgroundColor=#20305a@#&@' \ + -e 's@^DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin@#&@' \ + -e 's@^RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin@#&@' \ + -e 's@^HostImageDir=/usr/share/hosts/@#HostImageDir=/usr/share/pixmaps/faces/@' \ + -e 's@^LogDir=/var/log/gdm@#&@' \ + -e 's@^PostLoginScriptDir=/etc/X11/gdm/PostLogin@#&@' \ + -e 's@^PreLoginScriptDir=/etc/X11/gdm/PreLogin@#&@' \ + -e 's@^PreSessionScriptDir=/etc/X11/gdm/PreSession@#&@' \ + -e 's@^PostSessionScriptDir=/etc/X11/gdm/PostSession@#&@' \ + -e 's@^DisplayInitDir=/var/run/gdm.pid@#&@' \ + -e 's@^RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot@#&@' \ + -e 's@^HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff@#&@' \ + -e 's@^ServAuthDir=/var/gdm@#&@' \ + -e 's@^Greeter=/usr/bin/gdmlogin@Greeter=/usr/libexec/gdmlogin@' \ + -e 's@^RemoteGreeter=/usr/bin/gdmgreeter@RemoteGreeter=/usr/libexec/gdmgreeter@' \ + $oldconffile > $newconffile fi fi +if [ $1 -ge 2 -a -f $newconffile ] && grep -q /etc/X11/gdm $custom ; then + sed -i -e 's@/etc/X11/gdm@/etc/gdm@g' $custom +fi + if [ -f "$newconffile" ]; then sed -ie 's@^#WaylandEnable=false@WaylandEnable=false@' $newconffile fi @@ -131,13 +149,6 @@ fi %config %{_sysconfdir}/gdm/PreSession/* %config %{_sysconfdir}/gdm/PostSession/* %{_sysconfdir}/gdm/Xsession -%config %{_sysconfdir}/pam.d/gdm-autologin -%config %{_sysconfdir}/pam.d/gdm-password -%config %{_sysconfdir}/pam.d/gdm-pin -%config %{_sysconfdir}/pam.d/gdm-smartcard -%config %{_sysconfdir}/pam.d/gdm-fingerprint -%exclude %{_sysconfdir}/pam.d/gdm -%{_sysconfdir}/pam.d/gdm-launch-environment %{_sysconfdir}/dbus-1/system.d/gdm.conf %{_datadir}/gdm/gdm.schemas %{_datadir}/gdm/greeter-dconf-defaults @@ -145,11 +156,9 @@ fi %{_datadir}/gdm/gdb-cmd %{_datadir}/gdm/greeter/applications/* %{_datadir}/gdm/greeter/autostart/* -%{_datadir}/pixmaps/*.png %{_datadir}/glib-2.0/schemas/* %{_datadir}/dconf/profile/gdm %{_datadir}/gnome-session/sessions/gnome-login.session -%{_datadir}/icons/hicolor/*/*/*.png %{_libexecdir}/* %{_sbindir}/gdm %{_bindir}/* @@ -157,9 +166,9 @@ fi %{_libdir}/security/pam_gdm.so %{_libdir}/libgdm*.so* %attr(0711, root, gdm) %dir /run/gdm -%attr(1755, root, gdm) %dir %{_localstatedir}/cache/gdm %{_udevrulesdir}/61-gdm.rules %{_unitdir}/gdm.service +%{_userunitdir}/gnome-session@gnome-login.target.d/session.conf %files devel %{_includedir}/gdm/*.h @@ -167,6 +176,9 @@ fi %{_libdir}/pkgconfig/*.pc %changelog +* Thu Jul 21 2022 weichao.zhang - 1:3.38.2.1-1 +- Upgrade to 3.38.2.1,Fix CVE-2020-27837 + * Fri Feb 5 2021 wangxiao - 1:3.30.1-10 - fix CVE-2019-3825 @@ -191,5 +203,5 @@ fi * Tue Dec 17 2019 Jiangping Hu - 1:3.30.1-4 - Add openEuler PAM config -* Wed Nov 23 2019 Jiangping Hu - 1:3.30.1-3 +* Sat Nov 23 2019 Jiangping Hu - 1:3.30.1-3 - Package init