Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sddm for openSUSE:Factory checked in at 2023-04-07 18:16:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sddm (Old) and /work/SRC/openSUSE:Factory/.sddm.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sddm" Fri Apr 7 18:16:24 2023 rev:62 rq:1077522 version:0.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sddm/sddm.changes 2023-02-22 15:21:04.957689806 +0100 +++ /work/SRC/openSUSE:Factory/.sddm.new.19717/sddm.changes 2023-04-07 18:16:27.960593713 +0200 @@ -1,0 +2,20 @@ +Tue Apr 4 09:00:00 UTC 2023 - Fabian Vogt <fv...@suse.com> + +- Replace proper_pam.diff with installation of source files: + * sddm.pam, sddm-autologin.pam, sddm-greeter.pam +- PAM services: + * Make use of substack for common-* + * Include postlogin-* + * Run pam_keyinit before common-session + * Deny password in sddm-greeter +- /run/sddm is owned by root:root +- Add patch to fix possible deadlock: + * 0001-Process-all-available-auth-messages-in-a-loop.patch +- Add missing dependencies on update-alternatives + +------------------------------------------------------------------- +Tue Apr 4 08:59:47 UTC 2023 - Stefan Schubert <sch...@suse.com> + +- Migration of PAM settings to /usr/lib/pam.d. + +------------------------------------------------------------------- Old: ---- proper_pam.diff New: ---- 0001-Process-all-available-auth-messages-in-a-loop.patch sddm-autologin.pam sddm-greeter.pam sddm.pam ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sddm.spec ++++++ --- /var/tmp/diff_new_pack.G4EPmz/_old 2023-04-07 18:16:28.804598574 +0200 +++ /var/tmp/diff_new_pack.G4EPmz/_new 2023-04-07 18:16:28.816598643 +0200 @@ -29,18 +29,21 @@ Source3: 10-theme.conf Source4: sddm-tmpfiles.conf Source5: system-user-sddm.conf +# PAM configuration +Source20: sddm.pam +Source21: sddm-autologin.pam +Source22: sddm-greeter.pam # Patch0-100: PATCH-FIX-UPSTREAM Patch0: 0001-Use-PAM-s-username.patch Patch1: 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch Patch2: 0004-Retry-starting-the-display-server.patch Patch3: 0001-disable-automatic-portal-launching.patch +Patch4: 0001-Process-all-available-auth-messages-in-a-loop.patch # Not merged yet: https://github.com/sddm/sddm/pull/997 Patch50: 0001-Remove-suffix-for-Wayland-session.patch # Not merged yet: https://github.com/sddm/sddm/pull/1230 Patch55: 0001-Redesign-Xauth-handling.patch # Patch100-?: PATCH-FIX-OPENSUSE -# Use openSUSE pam config -Patch100: proper_pam.diff Patch101: 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch Patch102: 0001-Set-XAUTHLOCALHOSTNAME-in-sessions.patch Patch103: 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch @@ -70,6 +73,9 @@ BuildRequires: pkgconfig(xcb-xkb) %systemd_requires %sysusers_requires +BuildRequires: update-alternatives +Requires(post): update-alternatives +Requires(postun):update-alternatives Requires(post): diffutils Requires: sddm-branding = %{version} Requires: xdm @@ -156,6 +162,18 @@ install -Dm 0644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/10-theme.conf install -Dm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/sddm.conf + # Install PAM config + rm -r %{buildroot}%{_sysconfdir}/pam.d # Remove sddm's config, for debian only + pam_dest="%{?_pam_vendordir}%{!?_pam_vendordir:%{_sysconfdir}/pam.d}" + install -Dm 0644 %{SOURCE20} %{buildroot}${pam_dest}/sddm + install -Dm 0644 %{SOURCE21} %{buildroot}${pam_dest}/sddm-autologin + install -Dm 0644 %{SOURCE22} %{buildroot}${pam_dest}/sddm-greeter + + # Make it compatible on older systems + %if 0%{?suse_version} < 1550 + sed -i'' '/postlogin-/d' %{buildroot}${pam_dest}/* + %endif + # Adjust paths to X session scripts in 00-general.conf sed -e 's-/usr/etc-%{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}-g' -i %{buildroot}%{_prefix}/lib/sddm/sddm.conf.d/00-general.conf @@ -176,6 +194,12 @@ %pre -f sddm.pre %service_add_pre sddm.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in pam.d/sddm pam.d/sddm-autologin pam.d/sddm-greeter ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif %post %service_add_post sddm.service @@ -200,6 +224,14 @@ %{_sbindir}/update-alternatives --install %{_prefix}/lib/X11/displaymanagers/default-displaymanager \ default-displaymanager %{_prefix}/lib/X11/displaymanagers/sddm 25 +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in pam.d/sddm pam.d/sddm-autologin pam.d/sddm-greeter ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + %preun %service_del_preun sddm.service @@ -250,9 +282,15 @@ %doc README* %config(noreplace) %{_sysconfdir}/sddm.conf %dir %{_sysconfdir}/sddm.conf.d/ +%if 0%{?suse_version} > 1500 +%{_pam_vendordir}/sddm +%{_pam_vendordir}/sddm-autologin +%{_pam_vendordir}/sddm-greeter +%else %config %{_sysconfdir}/pam.d/sddm %config %{_sysconfdir}/pam.d/sddm-autologin %config %{_sysconfdir}/pam.d/sddm-greeter +%endif %{_datadir}/dbus-1/system.d/sddm_org.freedesktop.DisplayManager.conf %dir %{_prefix}/lib/X11/displaymanagers/ %{_prefix}/lib/X11/displaymanagers/%{name} @@ -273,7 +311,7 @@ %{_datadir}/sddm/scripts/ %{_datadir}/sddm/themes/ %{_datadir}/sddm/translations/ -%ghost %attr(711,sddm,sddm) %dir %{_rundir}/sddm +%ghost %attr(711,root,root) %dir %{_rundir}/sddm %ghost %attr(750,sddm,sddm) %dir %{_localstatedir}/lib/sddm %{_mandir}/man*/sddm*%{ext_man} %{_unitdir}/sddm.service ++++++ 0001-Process-all-available-auth-messages-in-a-loop.patch ++++++ >From aaf9ee34dc0e2776a8177de14b5e6c880a5ffacf Mon Sep 17 00:00:00 2001 From: Fabian Vogt <fab...@ritter-vogt.de> Date: Tue, 4 Apr 2023 16:36:21 +0200 Subject: [PATCH] Process all available auth messages in a loop When QLocalSocket::readyRead is emitted, it's important to read all available data. Otherwise the event loop is reentered while data is still available and readyRead won't be emitted again. This can happen in practice if sddm-helper sends a message which does not need a reply (e.g. INFO) followed by another message before the daemon processed the first one. In that case the daemon would never process the second one, potentially leaving sddm-helper waiting for a reply. (cherry picked from commit 48a98c7ba45b49cf443ac46f0d218f044933c603) --- src/auth/Auth.cpp | 92 ++++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 45 deletions(-) diff --git a/src/auth/Auth.cpp b/src/auth/Auth.cpp index c2228ae..9e132af 100644 --- a/src/auth/Auth.cpp +++ b/src/auth/Auth.cpp @@ -152,55 +152,57 @@ namespace SDDM { Auth *auth = qobject_cast<Auth*>(parent()); Msg m = MSG_UNKNOWN; SafeDataStream str(socket); - str.receive(); - str >> m; - switch (m) { - case ERROR: { - QString message; - Error type = ERROR_NONE; - str >> message >> type; - Q_EMIT auth->error(message, type); - break; - } - case INFO: { - QString message; - Info type = INFO_NONE; - str >> message >> type; - Q_EMIT auth->info(message, type); - break; - } - case REQUEST: { - Request r; - str >> r; - request->setRequest(&r); - break; - } - case AUTHENTICATED: { - QString user; - str >> user; - if (!user.isEmpty()) { - auth->setUser(user); - Q_EMIT auth->authentication(user, true); + while (socket->bytesAvailable() > 0) { + str.receive(); + str >> m; + switch (m) { + case ERROR: { + QString message; + Error type = ERROR_NONE; + str >> message >> type; + Q_EMIT auth->error(message, type); + break; + } + case INFO: { + QString message; + Info type = INFO_NONE; + str >> message >> type; + Q_EMIT auth->info(message, type); + break; + } + case REQUEST: { + Request r; + str >> r; + request->setRequest(&r); + break; + } + case AUTHENTICATED: { + QString user; + str >> user; + if (!user.isEmpty()) { + auth->setUser(user); + Q_EMIT auth->authentication(user, true); + str.reset(); + str << AUTHENTICATED << environment << cookie; + str.send(); + } + else { + Q_EMIT auth->authentication(user, false); + } + break; + } + case SESSION_STATUS: { + bool status; + str >> status; + Q_EMIT auth->sessionStarted(status); str.reset(); - str << AUTHENTICATED << environment << cookie; + str << SESSION_STATUS; str.send(); + break; } - else { - Q_EMIT auth->authentication(user, false); + default: { + Q_EMIT auth->error(QStringLiteral("Auth: Unexpected value received: %1").arg(m), ERROR_INTERNAL); } - break; - } - case SESSION_STATUS: { - bool status; - str >> status; - Q_EMIT auth->sessionStarted(status); - str.reset(); - str << SESSION_STATUS; - str.send(); - break; - } - default: { - Q_EMIT auth->error(QStringLiteral("Auth: Unexpected value received: %1").arg(m), ERROR_INTERNAL); } } } -- 2.40.0 ++++++ sddm-autologin.pam ++++++ #%PAM-1.0 auth requisite pam_nologin.so auth required pam_permit.so account substack common-account account include postlogin-account password substack common-password password include postlogin-password session required pam_loginuid.so session optional pam_keyinit.so revoke force session substack common-session session include postlogin-session ++++++ sddm-greeter.pam ++++++ #%PAM-1.0 # PAM configuration used only for the greeter session auth required pam_permit.so account required pam_permit.so password required pam_deny.so session required pam_loginuid.so session optional pam_keyinit.so revoke # We need pam_systemd, so can't use -nologin here. session substack common-session ++++++ sddm.pam ++++++ #%PAM-1.0 auth requisite pam_nologin.so auth substack common-auth account substack common-account account include postlogin-account password substack common-password password include postlogin-password session required pam_loginuid.so session optional pam_keyinit.so revoke force session substack common-session session include postlogin-session