subject:"Bug#773026\: screen does not lock on suspend \(jessie regression\)"

Bug#773026: screen does not lock on suspend (jessie regression)

2014-12-14 Thread Dmitry Shachnev

Hi,

On Sat, 13 Dec 2014 13:23:56 +0200, Faidon Liambotis wrote:
 Attached you will find a patch for the package to address this. The
 total debdiff is:
   configure.ac   |2 +-
   src/gs-listener-dbus.c |   33 +++--
   src/gs-listener-dbus.h |1 +
   src/gs-manager.c   |2 +-
   src/gs-monitor.c   |   16 
   5 files changed, 50 insertions(+), 4 deletions(-)
 ...and is easily readable and understood, as well as widely tested. I
 would definitely recommend including this in jessie.

I have committed this to SVN and have asked the current Uploaders on IRC
to review it. As soon as one of them replies to me, I will upload this.

--
Dmitry Shachnev

signature.asc
Description: OpenPGP digital signature

Bug#773026: screen does not lock on suspend (jessie regression)

2014-12-13 Thread Faidon Liambotis

Package: gnome-screensaver
Version: 3.6.1-2
Severity: grave
Tags: security patch

Dear maintainer,

After upgrading my desktop from wheezy to jessie (w/ GNOME Flashback
mode), I was surprised to find that closing the lid of my laptop
suspended the system, but upon resume the screen was not locked and no
password prompt was needed to actually resume working on my screen.

Suffice to say, I think that's a security issue and thus, release
critical.

I investigated this quite a bit; it looks like with jessie's version,
GNOME doesn't use ConsoleKit anymore, but the alternative codepath for
this, namely handling systemd-login events, has been turned off by
passing --without-systemd to configure, over two years ago, with no
justification in the changelog.

Even with systemd support, though, it seems that in the (very old)
upstream version only Lock events are being processed, not suspend
(PrepareForSleep) ones (like gnome-shell does).  gnome-screensaver is
abandoned upstream, so I assume the API plans changed along the way over
the past two and a half years.

Fortunately, Ubuntu has prepared a patch for this and a) is trivial
enough, b) has been released with several Ubuntu versions and hence is
tested in the wild. While at it, I also ported another couple of Ubuntu
patches that while not strictly needed, help considerably in this use
case (namely, a) adding support for non-systemd Linux systems and b) not
leaking screen contents on resume).

Attached you will find a patch for the package to address this. The
total debdiff is:
  configure.ac   |2 +-
  src/gs-listener-dbus.c |   33 +++--
  src/gs-listener-dbus.h |1 +
  src/gs-manager.c   |2 +-
  src/gs-monitor.c   |   16 
  5 files changed, 50 insertions(+), 4 deletions(-)
...and is easily readable and understood, as well as widely tested. I
would definitely recommend including this in jessie.

Best,
Faidon
diff -Nurp gnome-screensaver-3.6.1/debian/changelog gnome-screensaver-3.6.1-suspendlock/debian/changelog
--- gnome-screensaver-3.6.1/debian/changelog	2014-09-11 23:26:14.0 +0300
+++ gnome-screensaver-3.6.1-suspendlock/debian/changelog	2014-12-13 13:03:22.112670213 +0200
@@ -1,3 +1,20 @@
+gnome-screensaver (3.6.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Reenable support for locking the screen on suspend.
+- Build with systemd support by passing --with-systemd=auto to configure
+  and build-depending on libsystemd-login-dev. Use auto and a
+  [linux-any] dependency to keep compatibility with non-Linux systems.
+- 00git_logind_check.patch from Ubuntu/upstream, to make this dependent on
+  just logind, not systemd-as-pid1, as recommended by systemd upstream 
+  Debian systemd maintainers. Drops libsystemd-daemon-dev build-dep.
+- 31_lock_screen_on_suspend.patch from Ubuntu, to listen for logind's
+  PrepareForSleep signal, similarly to gnome-shell's behavior.
+- 14_no_fade_on_user_switch.patch from Ubuntu, as to not fade on screen
+  lock. Prevents leaking of the screen contents on resume from suspend.
+
+ -- Faidon Liambotis parav...@debian.org  Sat, 13 Dec 2014 11:32:25 +0200
+
 gnome-screensaver (3.6.1-2) unstable; urgency=medium
 
   * Team upload
diff -Nurp gnome-screensaver-3.6.1/debian/control gnome-screensaver-3.6.1-suspendlock/debian/control
--- gnome-screensaver-3.6.1/debian/control	2014-12-13 12:36:01.941262458 +0200
+++ gnome-screensaver-3.6.1-suspendlock/debian/control	2014-12-13 13:02:25.484828745 +0200
@@ -19,8 +19,7 @@ Build-Depends: cdbs,
libgtk-3-dev (= 3.0.0),
libgnome-desktop-3-dev (= 3.1.91),
libgnomekbd-dev (= 2.91.91),
-#   libsystemd-login-dev [linux-any],
-#   libsystemd-daemon-dev [linux-any],
+   libsystemd-login-dev [linux-any],
libxklavier-dev,
libx11-dev,
libxt-dev,
diff -Nurp gnome-screensaver-3.6.1/debian/control.in gnome-screensaver-3.6.1-suspendlock/debian/control.in
--- gnome-screensaver-3.6.1/debian/control.in	2014-09-11 23:21:50.0 +0300
+++ gnome-screensaver-3.6.1-suspendlock/debian/control.in	2014-12-13 13:02:17.124852278 +0200
@@ -15,8 +15,7 @@ Build-Depends: cdbs,
libgtk-3-dev (= 3.0.0),
libgnome-desktop-3-dev (= 3.1.91),
libgnomekbd-dev (= 2.91.91),
-#   libsystemd-login-dev [linux-any],
-#   libsystemd-daemon-dev [linux-any],
+   libsystemd-login-dev [linux-any],
libxklavier-dev,
libx11-dev,
libxt-dev,
diff -Nurp gnome-screensaver-3.6.1/debian/patches/00git_logind_check.patch gnome-screensaver-3.6.1-suspendlock/debian/patches/00git_logind_check.patch
--- gnome-screensaver-3.6.1/debian/patches/00git_logind_check.patch	1970-01-01 02:00:00.0 +0200
+++

Bug#773026: screen does not lock on suspend (jessie regression)

Bug#773026: screen does not lock on suspend (jessie regression)

2 matches

Site Navigation

Mail list logo

Footer information