1. 22 May, 2019 1 commit
  2. 05 Apr, 2019 1 commit
  3. 16 Mar, 2019 1 commit
    • Iain Lane's avatar
      libgdm: Always de-duplicate · e2a1c7f6
      Iain Lane authored
      I put this inside an `#ifdef ENABLE_WAYLAND_SUPPORT` before, which would
      mean that it's not called if that's not defined.
      e2a1c7f6
  4. 15 Mar, 2019 2 commits
    • Ray Strode's avatar
      Merge branch 'deduplicate-after-collecting' into 'master' · 187c8515
      Ray Strode authored
      libgdm: Remove duplicate sessions once, after all sessions have been processed
      
      Closes #473
      
      See merge request !65
      187c8515
    • Iain Lane's avatar
      libgdm: Remove duplicate sessions once, after all sessions have been processed · beee85a6
      Iain Lane authored
      We add sessions to a hash table keyed on the basename without extension,
      and while we're adding them we de-duplicate based on the translated name
      (the text that will be visible in the switcher).
      
      This has a problem. In this situation:
      
      ```
      laney@disco:~$ tree /usr/share/{wayland-,x}sessions/
      /usr/share/wayland-sessions/
      ├── gnome.desktop
      └── ubuntu-wayland.desktop
      /usr/share/xsessions/
      ├── gnome.desktop -> gnome-xorg.desktop
      ├── gnome-xorg.desktop
      └── ubuntu.desktop
      ```
      
      We process the X sessions first, and then the Wayland sessions. The
      deduplication might end up removing `xsessions/gnome-xorg` and leaving
      `xsessions/gnome`. Then when we come to process the Wayland sessions, we
      will clobber `xsessions/gnome` with `wayland-sessions/gnome`, as they
      have the same ID.
      
      When everything is working, it is actually *intentional* that
      `xsessions/gnome` gets clobbered, so that you end up seeing "GNOME"
      (wayland) and "GNOME on Xorg" in the switcher, and not (e.g.) "GNOME on
      Xorg" twice, and you have the correct fallback behaviour in case you ever
      enable/disable Wayland.
      
      Instead of filtering while we add things, we can add all the sessions we
      find (clobbering duplicate IDs as before), and then process the list
      once at the end, removing sessions with duplicated visible names at that
      point.
      
      Closes: #473
      beee85a6
  5. 13 Mar, 2019 4 commits
  6. 26 Feb, 2019 3 commits
  7. 25 Feb, 2019 1 commit
    • Iain Lane's avatar
      build: Don't dist generated files · 28262a83
      Iain Lane authored
      Various generated files are ending up being disted, which is wrong
      becuase they leak the maintainer's prefix into the tarball and are
      generated anyway during build.
      28262a83
  8. 23 Feb, 2019 1 commit
  9. 21 Feb, 2019 5 commits
  10. 16 Feb, 2019 3 commits
  11. 10 Feb, 2019 1 commit
  12. 07 Feb, 2019 3 commits
    • Ray Strode's avatar
      Merge branch 'wip/timed-login-fix' into 'master' · a50f60b1
      Ray Strode authored
      address timedlogin bug leading to wrong session getting unlocked
      
      Closes #460
      
      See merge request !58
      a50f60b1
    • Iain Lane's avatar
      GdmManager: Don't perform timed login if session gets started · 92c2a577
      Iain Lane authored
      At the moment it's possible for the login screen to initiate
      a timed login operation shortly after a user successfully starts
      their session.
      
      GDM won't complete the timed login operation, since a session is
      already running, but will erroneously overwrite the username
      associated with the session, misattributing the users session
      to the timed login user.
      
      Later, attempts to log in as the timed user will instead unlock the
      session for the other user, since that session is now associated
      with the timed login user.
      
      This commit refuses timed login requests on sessions that are
      already running, so the username doesn't get corrupted.
      
      CVE-2019-3825
      
      Closes #460
      92c2a577
    • Iain Lane's avatar
      session: Don't allow greeter operations on an running session · efb0361b
      Iain Lane authored
      If a client has a reference to a session that starts running,
      refuse to allow further operations on the session.
      
      CVE-2019-3825
      efb0361b
  13. 06 Feb, 2019 2 commits
  14. 04 Feb, 2019 1 commit
  15. 01 Feb, 2019 1 commit
  16. 20 Jan, 2019 1 commit
  17. 07 Jan, 2019 5 commits
  18. 03 Jan, 2019 1 commit
  19. 25 Dec, 2018 3 commits