Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package sddm for openSUSE:Factory checked in 
at 2023-04-07 18:16:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sddm (Old)
 and      /work/SRC/openSUSE:Factory/.sddm.new.19717 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "sddm"

Fri Apr  7 18:16:24 2023 rev:62 rq:1077522 version:0.19.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/sddm/sddm.changes        2023-02-22 
15:21:04.957689806 +0100
+++ /work/SRC/openSUSE:Factory/.sddm.new.19717/sddm.changes     2023-04-07 
18:16:27.960593713 +0200
@@ -1,0 +2,20 @@
+Tue Apr  4 09:00:00 UTC 2023 - Fabian Vogt <fv...@suse.com>
+
+- Replace proper_pam.diff with installation of source files:
+  * sddm.pam, sddm-autologin.pam, sddm-greeter.pam
+- PAM services:
+  * Make use of substack for common-*
+  * Include postlogin-*
+  * Run pam_keyinit before common-session
+  * Deny password in sddm-greeter
+- /run/sddm is owned by root:root
+- Add patch to fix possible deadlock:
+  * 0001-Process-all-available-auth-messages-in-a-loop.patch
+- Add missing dependencies on update-alternatives
+
+-------------------------------------------------------------------
+Tue Apr  4 08:59:47 UTC 2023 - Stefan Schubert <sch...@suse.com>
+
+- Migration of PAM settings to /usr/lib/pam.d.
+
+-------------------------------------------------------------------

Old:
----
  proper_pam.diff

New:
----
  0001-Process-all-available-auth-messages-in-a-loop.patch
  sddm-autologin.pam
  sddm-greeter.pam
  sddm.pam

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sddm.spec ++++++
--- /var/tmp/diff_new_pack.G4EPmz/_old  2023-04-07 18:16:28.804598574 +0200
+++ /var/tmp/diff_new_pack.G4EPmz/_new  2023-04-07 18:16:28.816598643 +0200
@@ -29,18 +29,21 @@
 Source3:        10-theme.conf
 Source4:        sddm-tmpfiles.conf
 Source5:        system-user-sddm.conf
+# PAM configuration
+Source20:       sddm.pam
+Source21:       sddm-autologin.pam
+Source22:       sddm-greeter.pam
 # Patch0-100: PATCH-FIX-UPSTREAM
 Patch0:         0001-Use-PAM-s-username.patch
 Patch1:         0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch
 Patch2:         0004-Retry-starting-the-display-server.patch
 Patch3:         0001-disable-automatic-portal-launching.patch
+Patch4:         0001-Process-all-available-auth-messages-in-a-loop.patch
 # Not merged yet: https://github.com/sddm/sddm/pull/997
 Patch50:        0001-Remove-suffix-for-Wayland-session.patch
 # Not merged yet: https://github.com/sddm/sddm/pull/1230
 Patch55:        0001-Redesign-Xauth-handling.patch
 # Patch100-?: PATCH-FIX-OPENSUSE
-# Use openSUSE pam config
-Patch100:       proper_pam.diff
 Patch101:       0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch
 Patch102:       0001-Set-XAUTHLOCALHOSTNAME-in-sessions.patch
 Patch103:       0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
@@ -70,6 +73,9 @@
 BuildRequires:  pkgconfig(xcb-xkb)
 %systemd_requires
 %sysusers_requires
+BuildRequires:  update-alternatives
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
 Requires(post): diffutils
 Requires:       sddm-branding = %{version}
 Requires:       xdm
@@ -156,6 +162,18 @@
   install -Dm 0644 %{SOURCE3} 
%{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/10-theme.conf
   install -Dm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/sddm.conf
 
+  # Install PAM config
+  rm -r %{buildroot}%{_sysconfdir}/pam.d # Remove sddm's config, for debian 
only
+  pam_dest="%{?_pam_vendordir}%{!?_pam_vendordir:%{_sysconfdir}/pam.d}"
+  install -Dm 0644 %{SOURCE20} %{buildroot}${pam_dest}/sddm
+  install -Dm 0644 %{SOURCE21} %{buildroot}${pam_dest}/sddm-autologin
+  install -Dm 0644 %{SOURCE22} %{buildroot}${pam_dest}/sddm-greeter
+
+  # Make it compatible on older systems
+  %if 0%{?suse_version} < 1550
+    sed -i'' '/postlogin-/d' %{buildroot}${pam_dest}/*
+  %endif
+
   # Adjust paths to X session scripts in 00-general.conf
   sed -e 's-/usr/etc-%{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}-g' -i 
%{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/00-general.conf
 
@@ -176,6 +194,12 @@
 
 %pre -f sddm.pre
 %service_add_pre sddm.service
+%if 0%{?suse_version} > 1500
+# Prepare for migration to /usr/etc; save any old .rpmsave
+for i in pam.d/sddm pam.d/sddm-autologin pam.d/sddm-greeter ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave 
%{_sysconfdir}/${i}.rpmsave.old ||:
+done
+%endif
 
 %post
 %service_add_post sddm.service
@@ -200,6 +224,14 @@
 %{_sbindir}/update-alternatives --install 
%{_prefix}/lib/X11/displaymanagers/default-displaymanager \
   default-displaymanager %{_prefix}/lib/X11/displaymanagers/sddm 25
 
+%if 0%{?suse_version} > 1500
+%posttrans
+# Migration to /usr/etc, restore just created .rpmsave
+for i in pam.d/sddm pam.d/sddm-autologin pam.d/sddm-greeter ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave 
%{_sysconfdir}/${i} ||:
+done
+%endif
+
 %preun
 %service_del_preun sddm.service
 
@@ -250,9 +282,15 @@
 %doc README*
 %config(noreplace) %{_sysconfdir}/sddm.conf
 %dir %{_sysconfdir}/sddm.conf.d/
+%if 0%{?suse_version} > 1500
+%{_pam_vendordir}/sddm
+%{_pam_vendordir}/sddm-autologin
+%{_pam_vendordir}/sddm-greeter
+%else
 %config %{_sysconfdir}/pam.d/sddm
 %config %{_sysconfdir}/pam.d/sddm-autologin
 %config %{_sysconfdir}/pam.d/sddm-greeter
+%endif
 %{_datadir}/dbus-1/system.d/sddm_org.freedesktop.DisplayManager.conf
 %dir %{_prefix}/lib/X11/displaymanagers/
 %{_prefix}/lib/X11/displaymanagers/%{name}
@@ -273,7 +311,7 @@
 %{_datadir}/sddm/scripts/
 %{_datadir}/sddm/themes/
 %{_datadir}/sddm/translations/
-%ghost %attr(711,sddm,sddm) %dir %{_rundir}/sddm
+%ghost %attr(711,root,root) %dir %{_rundir}/sddm
 %ghost %attr(750,sddm,sddm) %dir %{_localstatedir}/lib/sddm
 %{_mandir}/man*/sddm*%{ext_man}
 %{_unitdir}/sddm.service

++++++ 0001-Process-all-available-auth-messages-in-a-loop.patch ++++++
>From aaf9ee34dc0e2776a8177de14b5e6c880a5ffacf Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fab...@ritter-vogt.de>
Date: Tue, 4 Apr 2023 16:36:21 +0200
Subject: [PATCH] Process all available auth messages in a loop

When QLocalSocket::readyRead is emitted, it's important to read all available
data. Otherwise the event loop is reentered while data is still available and
readyRead won't be emitted again.

This can happen in practice if sddm-helper sends a message which does not
need a reply (e.g. INFO) followed by another message before the daemon
processed the first one. In that case the daemon would never process the second
one, potentially leaving sddm-helper waiting for a reply.

(cherry picked from commit 48a98c7ba45b49cf443ac46f0d218f044933c603)
---
 src/auth/Auth.cpp | 92 ++++++++++++++++++++++++-----------------------
 1 file changed, 47 insertions(+), 45 deletions(-)

diff --git a/src/auth/Auth.cpp b/src/auth/Auth.cpp
index c2228ae..9e132af 100644
--- a/src/auth/Auth.cpp
+++ b/src/auth/Auth.cpp
@@ -152,55 +152,57 @@ namespace SDDM {
         Auth *auth = qobject_cast<Auth*>(parent());
         Msg m = MSG_UNKNOWN;
         SafeDataStream str(socket);
-        str.receive();
-        str >> m;
-        switch (m) {
-            case ERROR: {
-                QString message;
-                Error type = ERROR_NONE;
-                str >> message >> type;
-                Q_EMIT auth->error(message, type);
-                break;
-            }
-            case INFO: {
-                QString message;
-                Info type = INFO_NONE;
-                str >> message >> type;
-                Q_EMIT auth->info(message, type);
-                break;
-            }
-            case REQUEST: {
-                Request r;
-                str >> r;
-                request->setRequest(&r);
-                break;
-            }
-            case AUTHENTICATED: {
-                QString user;
-                str >> user;
-                if (!user.isEmpty()) {
-                    auth->setUser(user);
-                    Q_EMIT auth->authentication(user, true);
+        while (socket->bytesAvailable() > 0) {
+            str.receive();
+            str >> m;
+            switch (m) {
+                case ERROR: {
+                    QString message;
+                    Error type = ERROR_NONE;
+                    str >> message >> type;
+                    Q_EMIT auth->error(message, type);
+                    break;
+                }
+                case INFO: {
+                    QString message;
+                    Info type = INFO_NONE;
+                    str >> message >> type;
+                    Q_EMIT auth->info(message, type);
+                    break;
+                }
+                case REQUEST: {
+                    Request r;
+                    str >> r;
+                    request->setRequest(&r);
+                    break;
+                }
+                case AUTHENTICATED: {
+                    QString user;
+                    str >> user;
+                    if (!user.isEmpty()) {
+                        auth->setUser(user);
+                        Q_EMIT auth->authentication(user, true);
+                        str.reset();
+                        str << AUTHENTICATED << environment << cookie;
+                        str.send();
+                    }
+                    else {
+                        Q_EMIT auth->authentication(user, false);
+                    }
+                    break;
+                }
+                case SESSION_STATUS: {
+                    bool status;
+                    str >> status;
+                    Q_EMIT auth->sessionStarted(status);
                     str.reset();
-                    str << AUTHENTICATED << environment << cookie;
+                    str << SESSION_STATUS;
                     str.send();
+                    break;
                 }
-                else {
-                    Q_EMIT auth->authentication(user, false);
+                default: {
+                    Q_EMIT auth->error(QStringLiteral("Auth: Unexpected value 
received: %1").arg(m), ERROR_INTERNAL);
                 }
-                break;
-            }
-            case SESSION_STATUS: {
-                bool status;
-                str >> status;
-                Q_EMIT auth->sessionStarted(status);
-                str.reset();
-                str << SESSION_STATUS;
-                str.send();
-                break;
-            }
-            default: {
-                Q_EMIT auth->error(QStringLiteral("Auth: Unexpected value 
received: %1").arg(m), ERROR_INTERNAL);
             }
         }
     }
-- 
2.40.0


++++++ sddm-autologin.pam ++++++
#%PAM-1.0
auth     requisite      pam_nologin.so
auth     required       pam_permit.so
account  substack       common-account
account  include        postlogin-account
password substack       common-password
password include        postlogin-password
session  required       pam_loginuid.so
session  optional       pam_keyinit.so revoke force
session  substack       common-session
session  include        postlogin-session

++++++ sddm-greeter.pam ++++++
#%PAM-1.0
# PAM configuration used only for the greeter session
auth     required       pam_permit.so
account  required       pam_permit.so
password required       pam_deny.so
session  required       pam_loginuid.so
session  optional       pam_keyinit.so revoke
# We need pam_systemd, so can't use -nologin here.
session  substack       common-session

++++++ sddm.pam ++++++
#%PAM-1.0
auth     requisite      pam_nologin.so
auth     substack       common-auth
account  substack       common-account
account  include        postlogin-account
password substack       common-password
password include        postlogin-password
session  required       pam_loginuid.so
session  optional       pam_keyinit.so revoke force
session  substack       common-session
session  include        postlogin-session

Reply via email to