lp:lightdm/1.20

Created by Robert Ancell on 2016-10-15 and last modified on 2017-05-11
Get this branch:
bzr branch lp:lightdm/1.20
Members of LightDM Development Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
LightDM Development Team
Project:
Light Display Manager
Status:
Mature

Recent revisions

2414. By Robert Ancell on 2017-05-11

* SECURITY UPDATE: Guest session not confined (LP: #1663157)
  - debian/50-disable-guest.conf:
  - debian/lightdm.install:
    - Disable guest sessions by default, this can be overridden by custom
      configuration (e.g. /etc/lightdm/lightdm.conf)
  - CVE-2017-8900

2413. By Robert Ancell on 2017-04-04

Update debian/changelog

2412. By Tyler Hicks on 2017-04-04

Detect existing malicious guest user home dirs

It was discovered that a local attacker could watch for lightdm's
guest-account script to create a /tmp/guest-XXXXXX file and then quickly
create the lowercase representation of the guest user's home directory
before lightdm could. This allowed the attacker to have control of the
guest user's home directory and, subsequently, gain control of an
arbitrary directory in the filesystem which could lead to privilege
escalation.

This patch fixes the issue by detecting failures in creating a directory
for the guest user's home directory. If the file (directory, symlink,
etc.) already exists at the path, mkdir will fail and the script will
exit. This means that it is still possible for a local user to carry out
a denial of service on the guest user login feature.

2411. By Robert Ancell on 2017-02-21

Fix logic that checked if a session was being stopped

2410. By Robert Ancell on 2017-01-12

Use power management functions from ConsoleKit2 if available.

Suspend and hibernate functionality was removed from upower 0.99.0, so systems
not using systemd had now suspend/hibernate functionality. Support for this
was added into ConsoleKit2.

Most systems will either be systemd or ConsoleKit2 now, so we try the following:
1. Power management in logind
2. Power management in ConsoleKit
3. upower for suspend/resume (really only here to not break backwards
   compatibility)

Based on a patch for Gentoo by Fitzcarraldo.

2409. By Robert Ancell on 2017-01-12

Use liblightdm-gobject power methods instead of re-implementing in Qt, only run power fallback tests once

2408. By Robert Ancell on 2016-12-09

Fix incorrect unref in XDMCP code

2407. By Robert Ancell on 2016-12-08

Use SA_RESTART on signals so we don't get interrupted reads

2406. By Robert Ancell on 2016-10-20

Re-enable SIGPIPE for children so they have default behaviour

2405. By Robert Ancell on 2016-10-15

Releasing 1.20.0

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:lightdm
This branch contains Public information 
Everyone can see this information.