Index: head/x11/sddm/Makefile =================================================================== --- head/x11/sddm/Makefile +++ head/x11/sddm/Makefile @@ -1,9 +1,8 @@ # $FreeBSD$ PORTNAME= sddm -PORTVERSION= 0.17.0 +PORTVERSION= 0.18.1 DISTVERSIONPREFIX= v -PORTREVISION= 8 CATEGORIES= x11 MAINTAINER= kde@FreeBSD.org @@ -40,20 +39,15 @@ USERS= sddm GROUPS= sddm -# There are multiple patches that apply to Display.cpp, -# fixing CVE-2018-14345 and backported from 0.18. -EXTRA_PATCHES= ${PATCHDIR}/git-patch-147cec38d ${PATCHDIR}/git-patch-b02b00559 - post-patch: @${REINPLACE_CMD} -e 's#/etc/X11#${LOCALBASE}/etc/X11#' \ -e 's#/usr/bin/#${LOCALBASE}/bin/#g' \ -e 's#/usr/share/#${LOCALBASE}/share/#' \ ${WRKSRC}/data/scripts/Xsession \ ${WRKSRC}/src/common/Configuration.h + @${CP} ${PATCHDIR}/VirtualTerminal_FreeBSD.cpp ${WRKSRC}/src/daemon post-install: - ${MV} ${STAGEDIR}${PREFIX}/etc/sddm.conf \ - ${STAGEDIR}${PREFIX}/etc/sddm.conf.sample # Install xsession.desktop to launch .xinitrc via sddm. ${MKDIR} ${STAGEDIR}${PREFIX}/share/xsessions ${INSTALL_DATA} ${WRKDIR}/xinitrc.desktop ${STAGEDIR}${PREFIX}/share/xsessions Index: head/x11/sddm/distinfo =================================================================== --- head/x11/sddm/distinfo +++ head/x11/sddm/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1525019041 -SHA256 (sddm-sddm-v0.17.0_GH0.tar.gz) = c6da2862688d21a091f1568b78a5f5900cd2e02a83dd42c016f0c5867e69a92d -SIZE (sddm-sddm-v0.17.0_GH0.tar.gz) = 3524362 +TIMESTAMP = 1581010748 +SHA256 (sddm-sddm-v0.18.1_GH0.tar.gz) = 07296fc747010a5dd58a45f16c3224b439997afad42566e4b043c841b1b71700 +SIZE (sddm-sddm-v0.18.1_GH0.tar.gz) = 3526726 Index: head/x11/sddm/files/VirtualTerminal_FreeBSD.cpp =================================================================== --- head/x11/sddm/files/VirtualTerminal_FreeBSD.cpp +++ head/x11/sddm/files/VirtualTerminal_FreeBSD.cpp @@ -0,0 +1,37 @@ +/*************************************************************************** +* Copyright (c) 2015 Pier Luigi Fiorini +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the +* Free Software Foundation, Inc., +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +***************************************************************************/ + +#include +#include + +#include "VirtualTerminal.h" + + +namespace SDDM { + namespace VirtualTerminal { + int setUpNewVt() { + qDebug() << "New VT is unsupported on FreeBSD"; + return -1; + } + + void jumpToVt(int vt, bool vt_auto) { + qDebug() << "Jumping to VT" << vt << "is unsupported on FreeBSD"; + } + } +} Index: head/x11/sddm/files/git-patch-b02b00559 =================================================================== --- head/x11/sddm/files/git-patch-b02b00559 +++ head/x11/sddm/files/git-patch-b02b00559 @@ -1,70 +0,0 @@ -diff --git a/src/daemon/Display.cpp b/src/daemon/Display.cpp -index 57d7ecb..c2ea728 100644 ---- src/daemon/Display.cpp -+++ src/daemon/Display.cpp -@@ -280,7 +280,7 @@ namespace SDDM { - return; - } - -- QString existingSessionId; -+ m_reuseSessionId = QString(); - - if (Logind::isAvailable() && mainConfig.Users.ReuseSession.get()) { - OrgFreedesktopLogin1ManagerInterface manager(Logind::serviceName(), Logind::managerPath(), QDBusConnection::systemBus()); -@@ -291,7 +291,7 @@ namespace SDDM { - if (s.userName == user) { - OrgFreedesktopLogin1SessionInterface session(Logind::serviceName(), s.sessionPath.path(), QDBusConnection::systemBus()); - if (session.service() == QLatin1String("sddm")) { -- existingSessionId = s.sessionId; -+ m_reuseSessionId = s.sessionId; - break; - } - } -@@ -334,19 +334,8 @@ namespace SDDM { - m_auth->insertEnvironment(env); - - m_auth->setUser(user); -- if (existingSessionId.isNull()) { -+ if (m_reuseSessionId.isNull()) { - m_auth->setSession(session.exec()); -- } else { -- //we only want to unlock the session if we can lock in, so we want to go via PAM auth, but not start a new session -- //by not setting the session and the helper will emit authentication and then quit -- connect(m_auth, &Auth::authentication, this, [=](const QString &, bool success){ -- if(!success) -- return; -- qDebug() << "activating existing seat"; -- OrgFreedesktopLogin1ManagerInterface manager(Logind::serviceName(), Logind::managerPath(), QDBusConnection::systemBus()); -- manager.UnlockSession(existingSessionId); -- manager.ActivateSession(existingSessionId); -- }); - } - m_auth->start(); - } -@@ -355,7 +344,13 @@ namespace SDDM { - if (success) { - qDebug() << "Authenticated successfully"; - -- m_auth->setCookie(qobject_cast(m_displayServer)->cookie()); -+ if (!m_reuseSessionId.isNull()) { -+ OrgFreedesktopLogin1ManagerInterface manager(Logind::serviceName(), Logind::managerPath(), QDBusConnection::systemBus()); -+ manager.UnlockSession(m_reuseSessionId); -+ manager.ActivateSession(m_reuseSessionId); -+ } else { -+ m_auth->setCookie(qobject_cast(m_displayServer)->cookie()); -+ } - - // save last user and last session - if (mainConfig.Users.RememberLastUser.get()) -diff --git a/src/daemon/Display.h b/src/daemon/Display.h -index 09d3cf9..a6a06b2 100644 ---- src/daemon/Display.h -+++ src/daemon/Display.h -@@ -85,6 +85,7 @@ namespace SDDM { - - QString m_passPhrase; - QString m_sessionName; -+ QString m_reuseSessionId; - - Auth *m_auth { nullptr }; - DisplayServer *m_displayServer { nullptr }; Index: head/x11/sddm/files/patch-data_scripts_Xsession =================================================================== --- head/x11/sddm/files/patch-data_scripts_Xsession +++ head/x11/sddm/files/patch-data_scripts_Xsession @@ -8,14 +8,10 @@ daemon on first use. Autolaunched dbus daemons tend to linger and may only exit if the X server exits. ---- data/scripts/Xsession.orig 2017-12-05 16:00:16 UTC +--- data/scripts/Xsession.orig 2019-03-13 09:22:35 UTC +++ data/scripts/Xsession -@@ -94,8 +94,8 @@ if [ -f "$USERXSESSION" ]; then - . "$USERXSESSION" - fi - --if [ -z "$@" ]; then -+if [ -z "$1" ]; then +@@ -98,5 +98,5 @@ fi + if [ -z "$*" ]; then exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session." else - exec $@ Index: head/x11/sddm/files/patch-services_sddm-greeter.pam =================================================================== --- head/x11/sddm/files/patch-services_sddm-greeter.pam +++ head/x11/sddm/files/patch-services_sddm-greeter.pam @@ -1,19 +0,0 @@ ---- services/sddm-greeter.pam.orig 2017-12-05 16:00:16 UTC -+++ services/sddm-greeter.pam -@@ -1,8 +1,5 @@ - #%PAM-1.0 - --# Load environment from /etc/environment and ~/.pam_environment --auth required pam_env.so -- - # Always let the greeter start without authentication - auth required pam_permit.so - -@@ -13,6 +10,4 @@ account required pam_permit.so - password required pam_deny.so - - # Setup session --session required pam_unix.so ---session optional pam_systemd.so ---session optional pam_elogind.so -+session required pam_permit.so Index: head/x11/sddm/files/patch-services_sddm-greeter.pam.in =================================================================== --- head/x11/sddm/files/patch-services_sddm-greeter.pam.in +++ head/x11/sddm/files/patch-services_sddm-greeter.pam.in @@ -0,0 +1,18 @@ +--- services/sddm-greeter.pam.in.orig 2019-03-13 09:22:35 UTC ++++ services/sddm-greeter.pam.in +@@ -1,8 +1,5 @@ + #%PAM-1.0 + +-# Load environment from /etc/environment and ~/.pam_environment +-auth required pam_env.so +- + # Always let the greeter start without authentication + auth required pam_permit.so + +@@ -13,5 +10,4 @@ account required pam_permit.so + password required pam_deny.so + + # Setup session +-session required pam_unix.so +-session optional @LOGIND_PAM_MODULE@ ++session required pam_permit.so Index: head/x11/sddm/files/patch-src_common_Configuration.h =================================================================== --- head/x11/sddm/files/patch-src_common_Configuration.h +++ head/x11/sddm/files/patch-src_common_Configuration.h @@ -6,14 +6,9 @@ used together with Plasma. If they aren't available sddm falls back to a compiled-in theme. ---- src/common/Configuration.h.orig 2017-12-05 16:00:16 UTC +--- src/common/Configuration.h.orig 2019-03-13 09:22:35 UTC +++ src/common/Configuration.h -@@ -42,14 +42,14 @@ namespace SDDM { - Entry(Numlock, NumState, NUM_NONE, _S("Initial NumLock state. Can be on, off or none.\n" - "If property is set to none, numlock won't be changed\n" - "NOTE: Currently ignored if autologin is enabled.")); -- Entry(InputMethod, QString, QStringLiteral("qtvirtualkeyboard"), _S("Input method module")); -+ Entry(InputMethod, QString, QString(), _S("Input method module")); +@@ -47,10 +47,10 @@ namespace SDDM { // Name Entries (but it's a regular class again) Section(Theme, Entry(ThemeDir, QString, _S(DATA_INSTALL_DIR "/themes"), _S("Theme directory path")); @@ -26,7 +21,7 @@ Entry(EnableAvatars, bool, true, _S("Enable display of custom user avatars")); Entry(DisableAvatarsThreshold,int, 7, _S("Number of users to use as threshold\n" "above which avatars are disabled\n" -@@ -80,7 +80,7 @@ namespace SDDM { +@@ -81,7 +81,7 @@ namespace SDDM { ); Section(Users, Index: head/x11/sddm/files/patch-src_daemon_CMakeLists.txt =================================================================== --- head/x11/sddm/files/patch-src_daemon_CMakeLists.txt +++ head/x11/sddm/files/patch-src_daemon_CMakeLists.txt @@ -1,13 +1,11 @@ -Remove VirtualTerminal.cpp from the sources that need to be built. -See also 'patch-src_daemon_Display.cpp'. - ---- src/daemon/CMakeLists.txt.orig 2017-12-05 16:00:16 UTC +--- src/daemon/CMakeLists.txt.orig 2019-03-13 09:22:35 UTC +++ src/daemon/CMakeLists.txt -@@ -29,7 +29,6 @@ set(DAEMON_SOURCES +@@ -29,7 +29,7 @@ set(DAEMON_SOURCES SeatManager.cpp SignalHandler.cpp SocketServer.cpp - VirtualTerminal.cpp ++ VirtualTerminal_FreeBSD.cpp ) qt5_add_dbus_adaptor(DAEMON_SOURCES "${CMAKE_SOURCE_DIR}/data/interfaces/org.freedesktop.DisplayManager.xml" "DisplayManager.h" SDDM::DisplayManager) Index: head/x11/sddm/files/patch-src_daemon_Display.cpp =================================================================== --- head/x11/sddm/files/patch-src_daemon_Display.cpp +++ head/x11/sddm/files/patch-src_daemon_Display.cpp @@ -7,30 +7,9 @@ may confuse the desktop session started from ~/.xinitrc. These environment variables are used for OnlyShowIn and NotShowIn in .desktop files. ---- src/daemon/Display.cpp.orig 2017-12-05 16:00:16 UTC +--- src/daemon/Display.cpp.orig 2019-03-13 09:22:35 UTC +++ src/daemon/Display.cpp -@@ -30,7 +30,9 @@ - #include "Greeter.h" - #include "Utils.h" - #include "SignalHandler.h" -+#if defined(Q_OS_LINUX) - #include "VirtualTerminal.h" -+#endif - - #include - #include -@@ -310,8 +312,10 @@ namespace SDDM { - - // create new VT for Wayland sessions otherwise use greeter vt - int vt = terminalId(); -+#if defined(Q_OS_LINUX) - if (session.xdgSessionType() == QLatin1String("wayland")) - vt = VirtualTerminal::setUpNewVt(); -+#endif - m_lastSession.setVt(vt); - - QProcessEnvironment env; -@@ -321,11 +325,13 @@ namespace SDDM { +@@ -321,11 +321,13 @@ namespace SDDM { env.insert(QStringLiteral("XDG_SEAT_PATH"), daemonApp->displayManager()->seatPath(seat()->name())); env.insert(QStringLiteral("XDG_SESSION_PATH"), daemonApp->displayManager()->sessionPath(QStringLiteral("Session%1").arg(daemonApp->newSessionId()))); env.insert(QStringLiteral("DESKTOP_SESSION"), session.desktopSession()); @@ -44,15 +23,3 @@ env.insert(QStringLiteral("XDG_SESSION_DESKTOP"), session.desktopNames()); if (seat()->name() == QLatin1String("seat0")) { env.insert(QStringLiteral("XDG_VTNR"), QString::number(vt)); -@@ -366,9 +372,11 @@ namespace SDDM { - stateConfig.Last.Session.setDefault(); - stateConfig.save(); - -+#if defined(Q_OS_LINUX) - // switch to the new VT for Wayland sessions - if (m_lastSession.xdgSessionType() == QLatin1String("wayland")) - VirtualTerminal::jumpToVt(m_lastSession.vt()); -+#endif - - if (m_socket) - emit loginSucceeded(m_socket); Index: head/x11/sddm/files/patch-src_daemon_SignalHandler.cpp =================================================================== --- head/x11/sddm/files/patch-src_daemon_SignalHandler.cpp +++ head/x11/sddm/files/patch-src_daemon_SignalHandler.cpp @@ -1,45 +0,0 @@ -From 62d776518594f517dc59de3c87e53afdda339079 Mon Sep 17 00:00:00 2001 -From: Romain Labolle -Date: Sat, 3 Mar 2018 22:09:30 +0100 -Subject: [PATCH] Add SOCK_CLOEXEC to signal handling sockets - -SDDM is currennty leaking 8 sockets file descriptors to the user session. -Adding the CLOEXEC flag to the fd to avoid thoses leaks. ---- - src/daemon/SignalHandler.cpp | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/daemon/SignalHandler.cpp b/src/daemon/SignalHandler.cpp -index 5c536603..3054e635 100644 ---- src/daemon/SignalHandler.cpp.orig 2017-12-05 16:00:16 UTC -+++ src/daemon/SignalHandler.cpp -@@ -34,25 +34,25 @@ namespace SDDM { - int sigusr1Fd[2]; - - SignalHandler::SignalHandler(QObject *parent) : QObject(parent) { -- if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sighupFd)) -+ if (::socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sighupFd)) - qCritical() << "Failed to create socket pair for SIGHUP handling."; - - snhup = new QSocketNotifier(sighupFd[1], QSocketNotifier::Read, this); - connect(snhup, SIGNAL(activated(int)), this, SLOT(handleSighup())); - -- if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sigintFd)) -+ if (::socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sigintFd)) - qCritical() << "Failed to create socket pair for SIGINT handling."; - - snint = new QSocketNotifier(sigintFd[1], QSocketNotifier::Read, this); - connect(snint, SIGNAL(activated(int)), this, SLOT(handleSigint())); - -- if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sigtermFd)) -+ if (::socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sigtermFd)) - qCritical() << "Failed to create socket pair for SIGTERM handling."; - - snterm = new QSocketNotifier(sigtermFd[1], QSocketNotifier::Read, this); - connect(snterm, SIGNAL(activated(int)), this, SLOT(handleSigterm())); - -- if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sigusr1Fd)) -+ if (::socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sigusr1Fd)) - qCritical() << "Failed to create socket pair for SIGUSR1 handling."; - - snusr1 = new QSocketNotifier(sigusr1Fd[1], QSocketNotifier::Read, this); Index: head/x11/sddm/files/patch-src_helper_Backend.cpp =================================================================== --- head/x11/sddm/files/patch-src_helper_Backend.cpp +++ head/x11/sddm/files/patch-src_helper_Backend.cpp @@ -0,0 +1,33 @@ +--- src/helper/Backend.cpp.orig 2019-03-13 09:22:35 UTC ++++ src/helper/Backend.cpp +@@ -29,6 +29,10 @@ + #include + + #include ++#if defined(Q_OS_FREEBSD) ++#include ++#include ++#endif /* defined(Q_OS_FREEBSD) */ + + namespace SDDM { + Backend::Backend(HelperApp* parent) +@@ -70,6 +74,19 @@ namespace SDDM { + .arg(mainConfig.X11.UserAuthFile.get()); + env.insert(QStringLiteral("XAUTHORITY"), value); + } ++#if defined(Q_OS_FREEBSD) ++ /* get additional environment variables via setclassenvironment(); ++ this needs to be done here instead of in UserSession::setupChildProcess ++ as the environment for execve() is prepared here */ ++ login_cap_t *lc; ++ ++ if ((lc = login_getpwclass(pw)) != 0) { ++ setclassenvironment(lc, pw, 1); /* path variables */ ++ setclassenvironment(lc, pw, 0); /* non-path variables */ ++ /* copy all environment variables that are now set */ ++ env.insert(QProcessEnvironment::systemEnvironment()); ++ } ++#endif /* defined(Q_OS_FREEBSD) */ + // TODO: I'm fairly sure this shouldn't be done for PAM sessions, investigate! + m_app->session()->setProcessEnvironment(env); + } Index: head/x11/sddm/files/patch-src_helper_CMakeLists.txt =================================================================== --- head/x11/sddm/files/patch-src_helper_CMakeLists.txt +++ head/x11/sddm/files/patch-src_helper_CMakeLists.txt @@ -0,0 +1,12 @@ +--- src/helper/CMakeLists.txt.orig 2019-03-13 09:22:35 UTC ++++ src/helper/CMakeLists.txt +@@ -37,6 +37,9 @@ if(PAM_FOUND) + else() + target_link_libraries(sddm-helper crypt) + endif() ++if("${CMAKE_SYSTEM_NAME}" STREQUAL "FreeBSD") ++ target_link_libraries(sddm-helper util) ++endif() + + if(JOURNALD_FOUND) + target_link_libraries(sddm-helper ${JOURNALD_LIBRARIES}) Index: head/x11/sddm/files/patch-src_helper_HelperApp.cpp =================================================================== --- head/x11/sddm/files/patch-src_helper_HelperApp.cpp +++ head/x11/sddm/files/patch-src_helper_HelperApp.cpp @@ -1,10 +1,8 @@ ---- src/helper/HelperApp.cpp.orig 2017-12-05 16:00:16 UTC +--- src/helper/HelperApp.cpp.orig 2019-03-13 09:22:35 UTC +++ src/helper/HelperApp.cpp -@@ -33,8 +33,11 @@ - #include - #include +@@ -35,7 +35,9 @@ #include -+#include + #include +#if defined(Q_OS_LINUX) #include @@ -12,7 +10,7 @@ #include #include -@@ -301,12 +304,20 @@ namespace SDDM { +@@ -302,12 +304,20 @@ namespace SDDM { // append to failed login database btmp if (!authSuccessful) { @@ -33,7 +31,7 @@ } } -@@ -342,8 +353,12 @@ namespace SDDM { +@@ -343,8 +353,12 @@ namespace SDDM { qWarning() << "Failed to write utmpx: " << strerror(errno); endutxent(); Index: head/x11/sddm/files/patch-src_helper_UserSession.cpp =================================================================== --- head/x11/sddm/files/patch-src_helper_UserSession.cpp +++ head/x11/sddm/files/patch-src_helper_UserSession.cpp @@ -1,15 +1,16 @@ -Run sddm-greeter via the session command (Xsession script) so it also gets X -resources and a ConsoleKit and D-Bus session. The ConsoleKit session has its -session-class set to "user" instead of "greeter" because ck-launch-session -doesn't provide a way to change this. ConsoleKit doesn't do anything with -this value though so it is believed to be harmless. The XDG_SESSION_CLASS -environment variable does have the value "greeter". - -Remove double quotes because we fixed the use of "$@" in the script. - ---- src/helper/UserSession.cpp.orig 2017-12-05 16:00:16 UTC +--- src/helper/UserSession.cpp.orig 2019-03-13 09:22:35 UTC +++ src/helper/UserSession.cpp -@@ -45,10 +45,8 @@ namespace SDDM { +@@ -33,6 +33,9 @@ + #include + #include + #include ++#if defined(Q_OS_FREEBSD) ++#include ++#endif /* defined(Q_OS_FREEBSD) */ + + namespace SDDM { + UserSession::UserSession(HelperApp *parent) +@@ -46,10 +49,8 @@ namespace SDDM { bool UserSession::start() { QProcessEnvironment env = qobject_cast(parent())->session()->processEnvironment(); @@ -22,3 +23,33 @@ qInfo() << "Starting:" << cmd; QProcess::start(cmd); } else if (env.value(QStringLiteral("XDG_SESSION_TYPE")) == QLatin1String("wayland")) { +@@ -130,6 +131,21 @@ namespace SDDM { + + // switch user + const QByteArray username = qobject_cast(parent())->user().toLocal8Bit(); ++#if defined(Q_OS_FREEBSD) ++ struct passwd *pw = getpwnam(username.constData()); ++ /* execve() uses the environment prepared in Backend::openSession(), ++ therefore environment variables which are set here are ignored. */ ++ if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) { ++ qCritical() << "setusercontext(NULL, *, " << pw->pw_uid << ", LOGIN_SETALL) failed for user: " << username; ++ exit(Auth::HELPER_OTHER_ERROR); ++ } ++ if (chdir(pw->pw_dir) != 0) { ++ qCritical() << "chdir(" << pw->pw_dir << ") failed for user: " << username; ++ qCritical() << "verify directory exist and has sufficient permissions"; ++ exit(Auth::HELPER_OTHER_ERROR); ++ } ++ const QString homeDir = QString::fromLocal8Bit(pw->pw_dir); ++#else /* defined(Q_OS_FREEBSD) */ + struct passwd pw; + struct passwd *rpw; + long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); +@@ -221,6 +237,7 @@ namespace SDDM { + exit(Auth::HELPER_OTHER_ERROR); + } + const QString homeDir = QString::fromLocal8Bit(pw.pw_dir); ++#endif /* defined(Q_OS_FREEBSD) */ + + //we cannot use setStandardError file as this code is run in the child process + //we want to redirect after we setuid so that the log file is owned by the user Index: head/x11/sddm/pkg-message =================================================================== --- head/x11/sddm/pkg-message +++ head/x11/sddm/pkg-message @@ -1,8 +0,0 @@ -[ -{ type: install - message: <