lightdm-1.24.0 (rhbz#1488270)

Disable guest login as system default preset (CVE-2017-8900)
Modernize spec-file

.gitignore

 /lightdm-1.18.3.tar.xz
 /lightdm-1.22.0.tar.xz
+/lightdm-1.24.0.tar.xz

50-disable-guest.conf

+# Disable guest sessions due to them not being confined in systemd
+# CVE-2017-8900
+# https://bugs.launchpad.net/bugs/1663157
+[Seat:*]
+allow-guest=false

lightdm.spec

+# leaving this disabled, means greeters will have to
+# require lightdm too, instead of relying on -gobject,
+# -qt to pull it in.
+%bcond_with internal_deps
+
 # FIXME: most tests currently fail
-#global tests 1
+%bcond_with tests
+
 
-%global major 1.22
+%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10")
+%global major 1.24
 %global minor 0
 
 
-Name:    lightdm
-Summary: A cross-desktop Display Manager
-Version: %{major}.%{minor}
-Release: 6%{?dist}
+Name:		lightdm
+Summary:	A cross-desktop Display Manager
+Version:	%{major}.%{minor}
+Release:	1%{?dist}
 
 # library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
-License: (LGPLv2 or LGPLv3) and GPLv3+
-URL:     https://launchpad.net/%{name}/%{major}
-Source0: %{url}/%{version}/+download/%{name}-%{version}.tar.xz
+License:	(LGPLv2 or LGPLv3) and GPLv3+
+URL:		https://launchpad.net/%{name}/%{major}
+Source0:	%{url}/%{version}/+download/%{name}-%{version}.tar.xz
 
-Source1: lightdm.pam
-Source2: lightdm-autologin.pam
-Source3: lightdm-tmpfiles.conf
-Source4: lightdm.service
-Source5: lightdm.logrotate
-Source6: lightdm.rules
+Source10:	%{name}.pam
+Source11:	%{name}-autologin.pam
+Source12:	%{name}-tmpfiles.conf
+Source13:	%{name}.service
+Source14:	%{name}.logrotate
+Source15:	%{name}.rules
 
 ## .conf snippets
-# use logrotate?
-Source10: 50-backup-logs.conf
-Source11: 50-minimum-vt.conf
-Source12: 50-session-wrapper.conf
-Source13: 50-user-authority-in-system-dir.conf
-Source14: 50-xserver-command.conf
+Source20:	50-backup-logs.conf
+Source21:	50-minimum-vt.conf
+Source22:	50-session-wrapper.conf
+Source23:	50-user-authority-in-system-dir.conf
+Source24:	50-xserver-command.conf
+Source25:	50-disable-guest.conf
 
 ## Downstream patches:
 # hack in support for --nodaemon option
-Patch11: lightdm-1.10.2-nodaemon_option.patch
+Patch0:		%{name}-1.10.2-nodaemon_option.patch
 # disable saving to ~/.dmrc (runs afoul of selinux, http://bugzilla.redhat.com/963238 )
-Patch12: lightdm-1.9.8-no_dmrc_save.patch
+Patch1:		%{name}-1.9.8-no_dmrc_save.patch
 
 ## upstreamable patches
 # search for moc-qt5, use -qt=5|4 (instead of --qt=qt4|qt5)
-Patch51:  lightdm-1.18-qtchooser.patch
-
-# patch51
-BuildRequires: gettext
-BuildRequires: gnome-common
-BuildRequires: gtk-doc itstool
-BuildRequires: intltool
-BuildRequires: libgcrypt-devel
-BuildRequires: pam-devel
-BuildRequires: pkgconfig(audit)
-BuildRequires: pkgconfig(dbus-glib-1)
-BuildRequires: pkgconfig(gio-2.0) >= 2.26
-BuildRequires: pkgconfig(gio-unix-2.0)
-BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(gmodule-export-2.0)
-BuildRequires: pkgconfig(gobject-2.0)
-%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10")
-BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5
-BuildRequires: pkgconfig(libxklavier)
-BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork)
-BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui)
-BuildRequires: pkgconfig(x11)
-BuildRequires: pkgconfig(xcb)
-BuildRequires: pkgconfig(xdmcp)
-BuildRequires: systemd
-BuildRequires: vala vala-tools
-
-Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
-Requires: accountsservice
-Requires: dbus-x11
-%if 0%{?rhel} > 6 || 0%{?fedora} > 18
-Requires: polkit-js-engine
+Patch2:		%{name}-1.18-qtchooser.patch
+
+BuildRequires:	gettext
+BuildRequires:	gnome-common
+BuildRequires:	gtk-doc itstool
+BuildRequires:	intltool
+BuildRequires:	libgcrypt-devel
+BuildRequires:	pam-devel
+BuildRequires:	pkgconfig(audit)
+BuildRequires:	pkgconfig(dbus-glib-1)
+BuildRequires:	pkgconfig(gio-2.0) >= 2.26
+BuildRequires:	pkgconfig(gio-unix-2.0)
+BuildRequires:	pkgconfig(glib-2.0)
+BuildRequires:	pkgconfig(gmodule-export-2.0)
+BuildRequires:	pkgconfig(gobject-2.0)
+BuildRequires:	pkgconfig(gobject-introspection-1.0) >= 0.9.5
+BuildRequires:	pkgconfig(libxklavier)
+BuildRequires:	pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork)
+BuildRequires:	pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui)
+BuildRequires:	pkgconfig(x11)
+BuildRequires:	pkgconfig(xcb)
+BuildRequires:	pkgconfig(xdmcp)
+BuildRequires:	systemd
+BuildRequires:	vala vala-tools
+
+Requires:	%{name}-gobject%{?_isa} = %{version}-%{release}
+Requires:	accountsservice
+Requires:	dbus-x11
+%if 0%{?fedora} || 0%{?rhel} >= 7
+Requires:	polkit-js-engine
 %endif
-Requires: systemd
-%{?systemd_requires}
-Requires: xorg-x11-xinit
+Requires:	systemd
+Requires:	xorg-x11-xinit
 
-Requires(pre): shadow-utils
+%if %{with internal_deps}
+Requires:	%{name}-greeter = 1.2
+%endif
+
+%{?systemd_requires}
 
-# beware of bootstrapping -- rex
-# leaving this here, means greeters will have to require lightdm too,
-# instead of relying on -gobject, -qt to pull it in
-Requires: lightdm-greeter = 1.2
+Requires(pre):	shadow-utils
 
 # needed for anaconda to boot into runlevel 5 after install
-Provides: service(graphical-login) = lightdm
+Provides:	service(graphical-login) = %{name}
 
 %description
 Lightdm is a display manager that:
@@ -91,219 +96,252 @@ Lightdm is a display manager that:
 * Supports different display technologies
 * Is lightweight - low memory usage and fast performance
 
+
 %package gobject
-Summary: LightDM GObject client library
-# omit base package, to allow for easier bootstrapping
-# requires greeters to manually
-# Requires: lightdm
-#Requires: %{name} = %{version}-%{release}
-Requires: glib2%{?_isa} >= %{glib2_version}
+Summary:	LightDM GObject client library
+
+%if !%{with internal_deps}
+Requires:	%{name}%{?_isa} = %{version}-%{release}
+%endif
+Requires:	glib2%{?_isa} >= %{glib2_version}
+
 %description gobject
 This package contains a GObject based library for LightDM clients to use to
 interface with LightDM.
 
+
 %package gobject-devel
-Summary: Development files for %{name}-gobject
-Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
+Summary:	Development files for %{name}-gobject
+Requires:	%{name}-gobject%{?_isa} = %{version}-%{release}
 %description gobject-devel
 %{summary}.
 
+
 %package qt
 Summary: LightDM Qt4 client library
-# see comment in -gobject above
-#Requires: %{name} = %{version}-%{release}
-%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}}
+
+%if !%{with internal_deps}
+Requires:	%{name}%{?_isa} = %{version}-%{release}
+%endif
+%{?_qt4_version:Requires:	qt4%{?_isa} >= %{_qt4_version}}
+
 %description qt
 This package contains a Qt4-based library for LightDM clients to use to interface
 with LightDM.
 
+
 %package qt-devel
-Summary: Development files for %{name}-qt
-Requires: %{name}-qt%{?_isa} = %{version}-%{release}
+Summary:	Development files for %{name}-qt
+Requires:	%{name}-qt%{?_isa} = %{version}-%{release}
+
 %description qt-devel
 %{summary}.
 
+
 %package qt5
-Summary: LightDM Qt5 client library
-# see comment in -gobject above
-#Requires: %{name} = %{version}-%{release}
-%{?_qt5:Requires: %{?_qt5}%{?_isa} >= %{_qt5_version}}
+Summary:	LightDM Qt5 client library
+
+%if !%{with internal_deps}
+Requires:	%{name}%{?_isa} = %{version}-%{release}
+%endif
+%{?_qt5:Requires:	%{?_qt5}%{?_isa} >= %{_qt5_version}}
+
 %description qt5
 This package contains a Qt5-based library for LightDM clients to use to interface
 with LightDM.
 
+
 %package qt5-devel
-Summary: Development files for %{name}-qt5
-Requires: %{name}-qt5%{?_isa} = %{version}-%{release}
+Summary:	Development files for %{name}-qt5
+Requires:	%{name}-qt5%{?_isa} = %{version}-%{release}
+
 %description qt5-devel
 %{summary}.
 
 
 %prep
-%setup -q
-
-%patch11 -p1 -b .nodaemon_option
-%patch12 -p1 -b .no_dmrc_save
-
-%patch51 -p1 -b .qtchooser
+%autosetup -p 1
 
 # rpath hack
-sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
+%{__sed} -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
 
 
 %build
-%configure \
-  --disable-silent-rules \
-  --disable-static \
-  --enable-gtk-doc \
-  --enable-libaudit \
-  --enable-liblightdm-qt \
-  --enable-liblightdm-qt5 \
-  --enable-introspection \
-  %{?tests:--enable-tests}%{!?tests:--disable-tests} \
-  --enable-vala \
-  --with-greeter-user=lightdm \
-  --with-greeter-session=lightdm-greeter
-
+%configure					\
+	--disable-silent-rules			\
+	--disable-static			\
+	--enable-gtk-doc			\
+	--enable-libaudit			\
+	--enable-lib%{name}-qt			\
+	--enable-lib%{name}-qt5			\
+	--enable-introspection			\
+%if %{with tests}
+	--enable-tests				\
+%else
+	--disable-tests				\
+%endif
+	--enable-vala				\
+	--with-greeter-user=%{name}		\
+	--with-greeter-session=%{name}-greeter
 %make_build
 
 
 %install
-%make_install INSTALL='install -p'
+%make_install
+
+# We need to own these
+%{__mkdir_p} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/		\
+		%{buildroot}%{_datadir}/%{name}/%{name}.conf.d/		\
+		%{buildroot}%{_datadir}/%{name}/remote-sessions/	\
+		%{buildroot}%{_datadir}/xgreeters/			\
+		%{buildroot}%{_localstatedir}/cache/%{name}/		\
+		%{buildroot}%{_localstatedir}/run/%{name}/		\
+		%{buildroot}%{_localstatedir}/log/%{name}/		\
+		%{buildroot}%{_localstatedir}/lib/%{name}/		\
+		%{buildroot}%{_localstatedir}/lib/%{name}-data/
 
-## unpackaged files
 # libtool cruft
-find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete
-find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete
+%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete
+%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete
+
 # We don't ship AppAmor
-rm -rfv %{buildroot}%{_sysconfdir}/apparmor.d/
+%{__rm} -rfv %{buildroot}%{_sysconfdir}/apparmor.d/
+
 # omit upstart support
-rm -rfv %{buildroot}%{_sysconfdir}/init
+%{__rm} -rfv %{buildroot}%{_sysconfdir}/init
 
 # install pam file
-install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/lightdm
-install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/lightdm-autologin
-
-install -Dpm 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/tmpfiles.d/lightdm.conf
-
-# We need to own these
-mkdir -p %{buildroot}%{_sysconfdir}/lightdm/lightdm.conf.d/
-mkdir -p %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/
-mkdir -p %{buildroot}%{_datadir}/lightdm/remote-sessions/
-mkdir -p %{buildroot}%{_datadir}/xgreeters/
-mkdir -p %{buildroot}%{_localstatedir}/cache/lightdm/
-mkdir -p %{buildroot}%{_localstatedir}/run/lightdm/
-mkdir -p %{buildroot}%{_localstatedir}/log/lightdm/
-mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm/
-mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm-data/
+%{__install} -Dpm 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/%{name}
+%{__install} -Dpm 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/%{name}-autologin
+%{__install} -Dpm 0644 %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
+%{__install} -Dpm 0644 %{SOURCE13} %{buildroot}%{_unitdir}/%{name}.service
+%{__install} -Dpm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+%{__install} -Dpm 0644 %{SOURCE15} %{buildroot}%{_datadir}/polkit-1/rules.d/%{name}.rules
+%{__install} -pm 0644 %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23}	\
+	%{SOURCE24} %{SOURCE25} %{buildroot}%{_datadir}/%{name}/%{name}.conf.d/
 
 %find_lang %{name} --with-gnome
 
-install -m644 -p -D %{SOURCE4} %{buildroot}%{_unitdir}/lightdm.service
-install -m644 -p -D %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/lightdm
-install -m644 -p -D %{SOURCE6} %{buildroot}%{_datadir}/polkit-1/rules.d/lightdm.rules
-install -m644 -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} \
-  %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/
 
 %check
-# FIXME: most of these currently fail :( -- rex
-%if 0%{?tests:1}
-make check ||:
+%if %{with tests}
+%make_build check ||:
 %endif
 
 
 %pre
-getent group lightdm >/dev/null || groupadd -r lightdm
-getent passwd lightdm >/dev/null || \
-  /usr/sbin/useradd -g lightdm -M -d /var/lib/lightdm -s /sbin/nologin -r lightdm
+%{_bindir}/getent group %{name} >/dev/null || %{_sbindir}/groupadd -r %{name}
+%{_bindir}/getent passwd %{name} >/dev/null || %{_sbindir}/useradd -g %{name}	\
+	-M -d /var/lib/%{name} -s /sbin/nologin -r %{name}
 exit 0
 
+
 %post
-%{?systemd_post:%systemd_post lightdm.service}
+%{?systemd_post:%systemd_post %{name}.service}
+
+
+%post gobject -p /sbin/ldconfig
+
+
+%post qt -p /sbin/ldconfig
+
+
+%post qt5 -p /sbin/ldconfig
+
 
 %preun
-%{?systemd_preun:%systemd_preun lightdm.service}
+%{?systemd_preun:%systemd_preun %{name}.service}
+
 
 %postun
 %{?systemd_postun}
 
+
+%postun gobject -p /sbin/ldconfig
+
+
+%postun qt -p /sbin/ldconfig
+
+
+%postun qt5 -p /sbin/ldconfig
+
+
 %files -f %{name}.lang
 %license COPYING.GPL3
 %doc NEWS
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.DisplayManager.conf
-%config(noreplace) %{_sysconfdir}/pam.d/lightdm*
-%dir %{_sysconfdir}/lightdm/
-%dir %{_sysconfdir}/lightdm/lightdm.conf.d
-%config(noreplace) %{_sysconfdir}/lightdm/keys.conf
-%config(noreplace) %{_sysconfdir}/lightdm/lightdm.conf
-%config(noreplace) %{_sysconfdir}/lightdm/users.conf
+%config(noreplace) %{_sysconfdir}/pam.d/%{name}*
+%config(noreplace) %{_sysconfdir}/%{name}/keys.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/%{name}/users.conf
+%dir %{_sysconfdir}/%{name}/
+%dir %{_sysconfdir}/%{name}/%{name}.conf.d
 %dir %{_sysconfdir}/logrotate.d/
-%{_sysconfdir}/logrotate.d/lightdm
+%dir %attr(-,%{name},%{name}) %{_localstatedir}/cache/%{name}/
+%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}/
+%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}-data/
+%dir %attr(-,%{name},%{name}) %{_localstatedir}/log/%{name}/
+%dir %{_datadir}/bash-completion/
+%dir %{_datadir}/bash-completion/completions/
+%dir %{_datadir}/xgreeters/
+%ghost %dir %{_localstatedir}/run/%{name}
+%{_sysconfdir}/logrotate.d/%{name}
 %{_bindir}/dm-tool
-%{_sbindir}/lightdm
-%{_libexecdir}/lightdm-guest-session
-%{_datadir}/lightdm/
+%{_sbindir}/%{name}
+%{_libexecdir}/%{name}-guest-session
+%{_datadir}/%{name}/
 %{_libdir}/girepository-1.0/LightDM-1.typelib
 %{_mandir}/man1/dm-tool.1*
-%{_mandir}/man1/lightdm*
-%dir %attr(-,lightdm,lightdm) %{_localstatedir}/cache/lightdm/
-%{_unitdir}/lightdm.service
-%{_datadir}/polkit-1/rules.d/lightdm.rules
-%dir %{_datadir}/bash-completion/
-%dir %{_datadir}/bash-completion/completions/
+%{_mandir}/man1/%{name}*
+%{_unitdir}/%{name}.service
+%{_datadir}/polkit-1/rules.d/%{name}.rules
 %{_datadir}/bash-completion/completions/dm-tool
-%{_datadir}/bash-completion/completions/lightdm
-%dir %{_datadir}/xgreeters/
-
-# because of systemd
-%{_prefix}/lib/tmpfiles.d/lightdm.conf
-%ghost %dir %{_localstatedir}/run/lightdm
+%{_datadir}/bash-completion/completions/%{name}
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
 
-%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm/
-%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm-data/
-%dir %attr(-,lightdm,lightdm) %{_localstatedir}/log/lightdm/
-
-%post gobject -p /sbin/ldconfig
-%postun gobject -p /sbin/ldconfig
 
 %files gobject
 %license COPYING.LGPL2 COPYING.LGPL3
-%{_libdir}/liblightdm-gobject-1.so.0*
+%{_libdir}/lib%{name}-gobject-1.so.0*
+
 
 %files gobject-devel
-%doc %{_datadir}/gtk-doc/html/lightdm-gobject-1/
-%{_includedir}/lightdm-gobject-1/
-%{_libdir}/liblightdm-gobject-1.so
-%{_libdir}/pkgconfig/liblightdm-gobject-1.pc
+%doc %{_datadir}/gtk-doc/html/%{name}-gobject-1/
+%{_includedir}/%{name}-gobject-1/
+%{_libdir}/lib%{name}-gobject-1.so
+%{_libdir}/pkgconfig/lib%{name}-gobject-1.pc
 %{_datadir}/gir-1.0/LightDM-1.gir
-%{_datadir}/vala/vapi/liblightdm-gobject-1.*
+%{_datadir}/vala/vapi/lib%{name}-gobject-1.*
 
-%post qt -p /sbin/ldconfig
-%postun qt -p /sbin/ldconfig
 
 %files qt
 %license COPYING.LGPL2 COPYING.LGPL3
-%{_libdir}/liblightdm-qt-3.so.0*
+%{_libdir}/lib%{name}-qt-3.so.0*
+
 
 %files qt-devel
-%{_includedir}/lightdm-qt-3/
-%{_libdir}/liblightdm-qt-3.so
-%{_libdir}/pkgconfig/liblightdm-qt-3.pc
+%{_includedir}/%{name}-qt-3/
+%{_libdir}/lib%{name}-qt-3.so
+%{_libdir}/pkgconfig/lib%{name}-qt-3.pc
 
-%post qt5 -p /sbin/ldconfig
-%postun qt5 -p /sbin/ldconfig
 
 %files qt5
 %license COPYING.LGPL2 COPYING.LGPL3
-%{_libdir}/liblightdm-qt5-3.so.0*
+%{_libdir}/lib%{name}-qt5-3.so.0*
+
 
 %files qt5-devel
-%{_includedir}/lightdm-qt5-3/
-%{_libdir}/liblightdm-qt5-3.so
-%{_libdir}/pkgconfig/liblightdm-qt5-3.pc
+%{_includedir}/%{name}-qt5-3/
+%{_libdir}/lib%{name}-qt5-3.so
+%{_libdir}/pkgconfig/lib%{name}-qt5-3.pc
 
 
 %changelog
+* Tue Sep 05 2017 Björn Esser <besser82@fedoraproject.org> - 1.24.0-1
+- lightdm-1.24.0 (rhbz#1488270)
+- Disable guest login as system default preset (CVE-2017-8900)
+- Modernize spec-file
+
 * Thu Aug 31 2017 Björn Esser <besser82@fedoraproject.org> - 1.22.0-6
 - Start lightdm after dbus.service
 

sources

-SHA512 (lightdm-1.22.0.tar.xz) = 58be4428465dda66be8ba1cf4718ece40888af810bfd83d8ae059b3f5432ab7053373af2ecdcafd5e1fade77f0194eae7ded7d6c28e9c4be4aef56d9b432f0cc
+SHA512 (lightdm-1.24.0.tar.xz) = 30bad8887928f22bf2cc7ce8d7a323637dec669d47d69fb326cfcf1bb5ee9e52c1232cf680af94a25cf90a9de13d9b5ff73307c1dc8829422600d350401555b8