diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure gdm-2.20.6/ChangeLog gdm-2.20.7/ChangeLog --- gdm-2.20.6/ChangeLog 2008-05-13 02:26:43.000000000 +0200 +++ gdm-2.20.7/ChangeLog 2008-06-30 19:53:31.000000000 +0200 @@ -1,3 +1,54 @@ +2008-06-30 Brian Cameron + + * Release 2.20.7: + * configure.ac: Updated to new release version + * NEWS: Updated. + +2008-06-24 Brian Cameron + + * configure.ac: Fix setting of variable so it is bourne-shell + compliant, so it does not cause an error running on Solaris. + +2008-06-19 Brian Cameron + + * configure.ac: Set default HOST_GDM_RBAC_SYSCMD_KEYS to also + include the RBAC key for Suspend, when building on Solaris. + Patch by Simon Zheng. + +2008-06-16 Brian Cameron + + * daemon/slave.c: When processing BaseXsession, only accept the + first word. Since the slave calls g_access with this value, + it will fail if there is more than one word or even trailing + space in this configuration value. Makes the code a bit more + robust. + +2008-06-10 Brian Cameron + + * daemon/verify.h: Remove gdm_verify_check prototype since + this function does not exist anymore. + +2008-06-10 Brian Cameron + + * daemon/verify-pam.c: Clean up the libaudit calls so + that we just log the failed login attempt once in + the pamerr block rather than at each failure point. + Add libaudit logging when autologin is being used. + +2008-06-03 Brian Cameron + + * daemon/gdm-daemon-config.c: Free the pointer array via + g_free instead of g_ptr_array_free. Fixes an error where + an assertion was being triggered when GDM is exiting. + Further fix for bug #517526. Patch by Frederic Crozat + . + +2008-05-22 Brian Cameron + + * daemon/getvt.c: Change 3rd argument of XInternAtom to True, + so that the XFree86_VT Atom is not created if it does not + exist. + 2008-05-12 Brian Cameron * Release 2.20.6: diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/configure.ac /tmp/tlbIyo0yzH/gdm-2.20.7/configure.ac --- gdm-2.20.6/configure.ac 2008-05-13 02:26:43.000000000 +0200 +++ gdm-2.20.7/configure.ac 2008-06-30 19:53:31.000000000 +0200 @@ -2,7 +2,7 @@ AC_INIT(daemon/gdm.h) AM_CONFIG_HEADER(config.h) -AM_INIT_AUTOMAKE(gdm,2.20.6) +AM_INIT_AUTOMAKE(gdm,2.20.7) AC_CONFIG_MACRO_DIR([m4]) AM_MAINTAINER_MODE AC_GNU_SOURCE @@ -1075,7 +1075,7 @@ HOST_XSESSION_SHELL=/bin/ksh HOST_SOUND_PROGRAM=/usr/bin/audioplay HOST_GDMGNOMESESSIONCMD=/usr/dt/config/Xsession.jds - HOST_GDM_RBAC_SYSCMD_KEYS="HALT:solaris.system.shutdown;REBOOT:solaris.system.shutdown" + HOST_GDM_RBAC_SYSCMD_KEYS="HALT:solaris.system.shutdown;REBOOT:solaris.system.shutdown;SUSPEND:solaris.system.power.suspend.ram" HOST_UTMP_LINE_ATTACHED="/dev/dtlocal" HOST_UTMP_LINE_REMOTE="/dev/dtremote" HOST_UTMP_PSEUDO_DEVICE="true" @@ -1099,7 +1099,7 @@ HOST_REBOOT_COMMAND="/usr/bin/reboot;/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now" HOST_SUSPEND_COMMAND="/usr/bin/zzz" HOST_XSESSION_SHELL=/bin/sh - HOST_SOUND_PROGRAM=$(prefix)/bin/play + HOST_SOUND_PROGRAM="$real_gdm_prefix/bin/play" HOST_GDMGNOMESESSIONCMD=gnome-session HOST_UTMP_LINE_ATTACHED="/dev/console" HOST_UTMP_LINE_REMOTE="" diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/COPYING /tmp/tlbIyo0yzH/gdm-2.20.7/COPYING --- gdm-2.20.6/COPYING 2008-05-13 02:27:22.000000000 +0200 +++ gdm-2.20.7/COPYING 2008-06-30 19:55:11.000000000 +0200 @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -305,7 +305,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. @@ -313,7 +313,7 @@ If the program is interactive, make it output a short notice like this when it starts in an interactive mode: - Gnomovision version 69, Copyright (C) year name of author + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/daemon/gdm-daemon-config.c /tmp/tlbIyo0yzH/gdm-2.20.7/daemon/gdm-daemon-config.c --- gdm-2.20.6/daemon/gdm-daemon-config.c 2008-05-13 02:25:54.000000000 +0200 +++ gdm-2.20.7/daemon/gdm-daemon-config.c 2008-06-30 19:53:13.000000000 +0200 @@ -1433,7 +1433,7 @@ g_strfreev (value_list); } - g_ptr_array_free ((GPtrArray*) keys, TRUE); + g_free (keys); } static gboolean diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/daemon/getvt.c /tmp/tlbIyo0yzH/gdm-2.20.7/daemon/getvt.c --- gdm-2.20.6/daemon/getvt.c 2008-05-13 02:25:54.000000000 +0200 +++ gdm-2.20.7/daemon/getvt.c 2008-06-30 19:53:13.000000000 +0200 @@ -59,7 +59,7 @@ if (display == NULL) return -1; - prop = XInternAtom (display, "XFree86_VT", False); + prop = XInternAtom (display, "XFree86_VT", True); if (prop == None) { gdm_debug ("no XFree86_VT atom\n"); return -1; diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/daemon/slave.c /tmp/tlbIyo0yzH/gdm-2.20.7/daemon/slave.c --- gdm-2.20.6/daemon/slave.c 2008-05-13 02:25:54.000000000 +0200 +++ gdm-2.20.7/daemon/slave.c 2008-06-30 19:53:13.000000000 +0200 @@ -3854,9 +3854,10 @@ if (sessionexec != NULL) { const char *basexsession = gdm_daemon_config_get_value_string (GDM_KEY_BASE_XSESSION); + char **bxvec = g_strsplit (basexsession, " ", -1); /* cannot be possibly failsafe */ - if G_UNLIKELY (g_access (basexsession, X_OK) != 0) { + if G_UNLIKELY (bxvec == NULL || g_access (bxvec[0], X_OK) != 0) { gdm_error (_("%s: Cannot find or run the base Xsession script. Running the GNOME failsafe session instead."), "session_child_run"); session = GDM_SESSION_FAILSAFE_GNOME; @@ -3870,7 +3871,7 @@ * we really DON'T care about leaks, we are going to * exec in just a bit */ - g_string_append (fullexec, basexsession); + g_string_append (fullexec, bxvec[0]); g_string_append (fullexec, " "); #ifdef HAVE_TSOL @@ -3879,6 +3880,7 @@ #endif g_string_append (fullexec, sessionexec); } + g_strfreev (bxvec); } if (strcmp (session, GDM_SESSION_FAILSAFE_GNOME) == 0) { diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/daemon/verify.h /tmp/tlbIyo0yzH/gdm-2.20.7/daemon/verify.h --- gdm-2.20.6/daemon/verify.h 2008-05-13 02:25:54.000000000 +0200 +++ gdm-2.20.7/daemon/verify.h 2008-06-30 19:53:13.000000000 +0200 @@ -28,7 +28,6 @@ const char *username, gboolean allow_retry); void gdm_verify_cleanup (GdmDisplay *d); -void gdm_verify_check (void); void gdm_verify_select_user (const char *user); /* used in pam */ diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/daemon/verify-pam.c /tmp/tlbIyo0yzH/gdm-2.20.7/daemon/verify-pam.c --- gdm-2.20.6/daemon/verify-pam.c 2008-05-13 02:25:54.000000000 +0200 +++ gdm-2.20.7/daemon/verify-pam.c 2008-06-30 19:53:13.000000000 +0200 @@ -992,8 +992,6 @@ /* Start authentication session */ did_we_ask_for_password = FALSE; if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) { - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); if ( ! ve_string_empty (selected_user)) { pam_handle_t *tmp_pamh; @@ -1113,9 +1111,6 @@ if (( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_ROOT) || ( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! d->attached)) && pwent != NULL && pwent->pw_uid == 0) { - - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); gdm_error (_("Root login disallowed on display '%s'"), d->name); gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX, @@ -1149,8 +1144,6 @@ break; case PAM_NEW_AUTHTOK_REQD : if ((pamerr = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) { - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); gdm_error (_("Authentication token change failed for user %s"), login); gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX, _("\nThe change of the authentication token failed. " @@ -1168,24 +1161,18 @@ #endif /* HAVE_ADT */ break; case PAM_ACCT_EXPIRED : - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); gdm_error (_("User %s no longer permitted to access the system"), login); gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX, _("\nThe system administrator has disabled your account.")); error_msg_given = TRUE; goto pamerr; case PAM_PERM_DENIED : - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); gdm_error (_("User %s not permitted to gain access at this time"), login); gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX, _("\nThe system administrator has disabled access to the system temporarily.")); error_msg_given = TRUE; goto pamerr; default : - /* Log the failed login attempt */ - log_to_audit_system(login, d->hostname, d->name, AU_FAILED); if (gdm_slave_action_pending ()) gdm_error (_("Couldn't set acct. mgmt for %s"), login); goto pamerr; @@ -1237,8 +1224,6 @@ gdm_error (_("Couldn't open session for %s"), login); goto pamerr; } - /* Login succeeded */ - log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS); /* Workaround to avoid gdm messages being logged as PAM_pwdb */ gdm_log_shutdown (); @@ -1269,6 +1254,12 @@ audit_success_login (pw_change, pwent); #endif /* HAVE_ADT */ + /* + * Login succeeded. + * This function is a no-op if libaudit is not present. + */ + log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS); + return login; pamerr: @@ -1276,6 +1267,12 @@ audit_fail_login (d, pw_change, pwent, pamerr); #endif /* HAVE_ADT */ + /* + * Log the failed login attempt. + * This function is a no-op if libaudit is not present. + */ + log_to_audit_system(login, d->hostname, d->name, AU_FAILED); + /* The verbose authentication is turned on, output the error * message from the PAM subsystem */ if ( ! error_msg_given && @@ -1585,14 +1582,25 @@ audit_success_login (pw_change, pwent); #endif /* HAVE_ADT */ + /* + * Login succeeded. + * This function is a no-op if libaudit is not present + */ + log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS); + return TRUE; setup_pamerr: - #ifdef HAVE_ADT audit_fail_login (d, pw_change, pwent, pamerr); #endif /* HAVE_ADT */ + /* + * Log the failed login attempt. + * This function is a no-op if libaudit is not present + */ + log_to_audit_system(login, d->hostname, d->name, AU_FAILED); + did_setcred = FALSE; opened_session = FALSE; if (pamh != NULL) { diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/debian/changelog /tmp/tlbIyo0yzH/gdm-2.20.7/debian/changelog --- gdm-2.20.6/debian/changelog 2008-07-04 16:52:49.000000000 +0200 +++ gdm-2.20.7/debian/changelog 2008-07-04 16:52:49.000000000 +0200 @@ -1,3 +1,17 @@ +gdm (2.20.7-0ubuntu1) hardy-proposed; urgency=low + + * New upstream version (lp: #245539): + - When GDM checks the XFree86_VT atom, it does not set it if it + does not already exist. + - Free a pointer array via g_free instead of g_ptr_array_free, avoiding + an assert on shutdown. + - When reading in the BaseXsession configuration value, it now only + accepts the first word as the script name and ignores the rest. + Previously if you had any trailing spaces or other arguments, it + would cause GDM to fail to read any value for the script. + + -- Sebastien Bacher Fri, 04 Jul 2008 16:23:52 +0200 + gdm (2.20.6-0ubuntu2) hardy-proposed; urgency=low * debian/gdm.postinst: On upgrades, fix rc.d symlink priority from 13 to 30, diff -Nru --exclude config.guess --exclude config.sub --exclude docs --exclude po --exclude configure /tmp/3ZLeKvaj9e/gdm-2.20.6/NEWS /tmp/tlbIyo0yzH/gdm-2.20.7/NEWS --- gdm-2.20.6/NEWS 2008-05-13 02:26:43.000000000 +0200 +++ gdm-2.20.7/NEWS 2008-06-30 19:53:31.000000000 +0200 @@ -1,5 +1,24 @@ Ahh news... +2.20.7 Stuff: + +- When GDM checks the XFree86_VT atom, it does not set it if it + does not already exist. (Brian Cameron, Simon Zheng) + +- Free a pointer array via g_free instead of g_ptr_array_free, avoiding + an assert on shutdown. (Frederic Crozat) + +- When reading in the BaseXsession configuration value, it now only + accepts the first word as the script name and ignores the rest. + Previously if you had any trailing spaces or other arguments, it + would cause GDM to fail to read any value for the script. (Brian + Cameron) + +- Translation updates (Theppitak Karoonboonyanan, Priit Laes, Nickolay + V. Shmyrev, Clytie Siddall) + +- Use RBAC for Suspend when on Solaris. (Simon Zheng) + 2.20.6 Stuff: - Fix two related bugs that were causing GDM to crash regularly on exit.