~kennylevinsen/seatd

0.9.1 a month ago .tar.gz browse log

seatd 0.9.1

This release contains two important bugfixes:

- libseat could end up not servicing seat enable/disable events if they
  were received immediately after a response, leading to the session
  deadlocking in a deactivated state.

- Some protocol strings lacked validation of the NULL termination
  requirement.

  In seatd, this could lead to reading a fixed bit of stack memory past
  the end of the string as being part of it. seatd memory does not
  contain any secrets, and the resulting garbage string just leads to an
  early error.

  In libseat, a malicious seatd server could cause heap memory
  corruption in the display server using it, but doing so requires
  extensive pre-existing control of the system, such as controlling the
  display server execution and its environment, having filesystem
  access and having the ability to execute a malicious binary.

In addition, it contains the version number bump which had sadly failed
to make its way into the 0.9.0 tag.

Kenny Levinsen (7):
      Bump version to 0.9.0
      libseat/seatd: Remove read_and_execute
      libseat/seatd: Read remaining events after processing responses
      libseat/seatd: Cleanup of request error handling
      libseat/seatd: Set EINVAL if target session is invalid
      libseat/seatd: Set backend error if poll fails
      Bump version to 0.9.1

Martin Michaelis (2):
      seatd: Add validation of device path libseat/seatd: Add validation of seat_name
      seatd: Add strict message size comparison

0.9.0 a month ago .tar.gz browse log

seatd 0.9.0

This release contians 35 changes from 6 contributors.

Some highlights of this release:

- Improve session state tracking in the libseat logind backend, which
  could previously fail to notify the libseat client that the session
  had been deactivated.

- Do not trigger a VT switch when starting a logind session, allowing
  sessions to be started in the background.

- Improve error handling in some edgecases in the libseat seatd backend.

- Apply more aggressive security policies to the included systemd unit.

Adrien Demarez (1):
      seatd: fix small bug in assert

Jack Mitchell (1):
      seatd: fix double close of file handle

Kelvin C (10):
      systemd: lockdown the filesystem
      systemd: ensure no new privileges
      systemd: disable network access
      systemd: limit sys calls and arch
      systemd: limit access to kernel
      systemd: restrict namespace functionality
      systemd: restrict capabilities
      systemd: protect system clock
      systemd: protect hostname
      systemd: restrict access to devices

Kenny Levinsen (21):
      seatd: Avoid unnecessary asserts
      connection: Add overflow edge-case test
      libseat/seatd: Error on unexpected response
      libseat/seatd: Dispatch utility cleanup
      seatd: Add responses for switch and disable
      common: Allow inserting inited linked list elem
      seatd: Init client link after removal
      libseat/seatd: Fix wrong dispatch reference
      logind: Skip session activation
      seat: Merge close_client with remove_client
      seat: Minor cleanup in device reuse, error logging
      seat: Add a bit of documentation
      libseat/logind: Check initial active state
      libseat/logind: Better naming and signatures
      libseat/logind: Move session_get_type up to its family
      logind: Remove match signal on seat object
      logind: Iterate through entire PropertiesChanged
      logind: Remove drm device tracking
      ci: Disable logind smoketest for now
      seatd: Add support for hidraw devices
      seatd: Minor evdev ifdef cleanup

Morose (1):
      logind: Condition is always true

Simon Ser (1):
      build: show whether man pages are enabled in summary

0.8.0 1 year, 4 months ago .tar.gz browse log

seatd 0.8.0

Alyssa Ross (1):
      meson: fix seatdpath with absolute bindir

Anna (navi) Figueiredo Gomes (2):
      noop: Return seat0 as the seat name
      noop: Additional open flags for `open(2)`

Chia-I Wu (1):
      noop: initialize initial_setup

Jessica Clarke (1):
      drm: Support drm-subtree drivers on FreeBSD

Kenny Levinsen (1):
      Bump version to 0.8.0

Simon Ser (2):
      man: document SEATD_VTBOUND
      man: add missing arg in -n syntax

0.7.0 2 years ago .tar.gz browse log

seatd 0.7.0

This release contains 36 changes from 3 contributors.

Some highlights of this release are:
- Support for NetBSD and wscons devices
- Fix for a polling bug in the logind libseat backend

Breaking changes:
- Removal of SEATD_SOCK and runtime socket path configuration
- Removal of SEATD_LOGLEVEL, replaced by a command-line argument

Kenny Levinsen (25):
      libseat: Use SOCK_CLOEXEC and SOCK_NONBLOCK
      logind: Always send ping if data is queued
      seatd: Remove SOCK_PATH and improve cleanup
      seatd: Ensure socket gets unlinked on error
      seatd-launch: Do not unlink socket path
      seatd: Fix usage rendering
      seatd-launch: Minor readability improvements
      seatd: Command-line argument for loglevel
      seatd: Handle socket unlink errors
      seatd: Remove runtime socket path configuration
      seatd: Change default log-level to info
      meson: Only set libseat defines for libseat itself
      builtin: Close other end of socketpair after fork
      seatd: Shut down on client disconnect in builtin
      builtin: Remove deathsig and log start/stop
      meson: Fix meson warnings
      Bump version to 0.7.0
      ci: Set loglevel argument to debug
      readme: Mention NetBSD
      meson: library soversion arg should be string
      terminal: Revert FreeBSD behavior in set_keyboard
      wscons: Move to its own device type
      drm: Make dev_is_drm local to logind backend
      wscons: Fix STRLEN
      seatd-launch: Avoid argv[0] in help text

Simon Ser (9):
      seatd: avoid overwriting errno in set_nonblock error handling
      seatd: don't log errno on EVENT_ERROR
      build: don't use cc.get_supported_arguments for defines
      build: use list for logind dep
      build: don't use sh for scdoc
      build: use meson.override_dependency
      readme: add irc:// link
      seatd: handle client_create failure
      seatd: refuse to compile with missing get_peer impl

illiliti (2):
      Initial netbsd support
      ci: Add NetBSD

0.6.4 2 years ago .tar.gz browse log

seatd 0.6.4

This release contains a security fix for a vulnerability in the
seatd-launch executable.

A user could specify a socket path that collides with an existing file.
If seatd-launch had the SUID bit set and was owned by a privileged user,
this could be used to remove files that the calling user itself did not
have sufficient privileges to remove.

seatd and libseat are not affected by this vulnerability.

Kenny Levinsen (3):
      seatd-launch: Remove socket path command line arg
      seatd-launch: Use snprintf for socket path
      Bump version to 0.6.4

0.6.3 3 years ago .tar.gz browse log

seatd 0.6.3

This release fixes an issue where an interaction between how events
fired from libseat's seatd backend and libinput as of version 1.19 could
cause a compositor to segfault. It also introduces support in libseat's
logind backend for correctly opening an inactive seat while the logind
session is inactive.

Kenny Levinsen (8):
      seatd: Implement ping request to wake up later
      logind: Send ping to wake us up later
      clang-format: Fix alignment
      ci: Inline smoketest into build scripts
      logind: Improve error handling in open_seat
      ci: Add logind smoketest to arch
      logind: Set userdata for ping_handler
      Bump version to 0.6.3

Simon Ser (2):
      logind: check if session is active on startup
      examples/simpletest: check for libseat_dispatch failures

0.6.2 3 years ago .tar.gz browse log

seatd 0.6.2

This relase contains a security fix for a vulnerability in the
seatd-launch executable.

A user could manipulate the PATH environment variable to cause
seatd-launch to load a different executable than seatd. If seatd-launch
had the SUID bit set and was owned by a privileged user, this could be
used to mount a privilege escalation attack.

seatd and libseat are not affected by this vulnerability.

Kenny Levinsen (4):
      ci: Install seatd instead of manipulating PATH
      seatd-launch: Use absolute path for seatd
      seatd-launch: Specify exact environment to seatd
      Bump version to 0.6.2

0.6.1 3 years ago .tar.gz browse log

seatd 0.6.1

This bugfix release addresses usability issues with seatd-launch.

Jan Beich (1):
      seatd-launch: respect PATH when looking for command

Kenny Levinsen (4):
      man: Add seatd-launch(1) to SEE ALSO of seatd(1)
      seatd-launch: Use optind to find the command
      man/seatd-launch: Make mssage about root clearer
      Bump version to 0.6.1

Simon Ser (2):
      seatd-launch: exit with status >128 if child is signalled
      seatd-launch: print unlink/kill errors

0.6.0 3 years ago .tar.gz browse log

seatd 0.6.0

This release contains 54 changes from 6 contributors.

Some highlights of this release are:
- s6-style readiness notification support for seatd
- seatd-launch, which handles starting seatd and a consumer together,
  has been introduced as a superior alternative to the builtin libseat
  backend and as a convenient way to use seatd outside a service manager
- The builtin backend no longer blocks root from using it
- Meson options have been renamed to indicate what component they target
- Various fixes and improvements

Fabrice Fontaine (1):
      meson.build: fix build with gcc < 7

Greg Depoire--Ferrer (2):
      Revert "libseat: Check euid before using builtin"
      libseat: Update builtin backend root requirement documentation

Jan Beich (1):
      client: enable cr_pid on FreeBSD >= 12.3

Kenny Levinsen (34):
      meson: Fix logind backend auto mode
      meson: Minor cleanup
      Correct minor misspellings
      meson: Disable examples by default
      ci: Reduce test runs from 5 to 2
      ci: Remove unnecessary env vars
      contrib: Add Documentation to systemd unit
      readme: Remove alpha label
      Avoid a clang-format quirk
      ci: Use 'auto' for arch linux logind
      meson: make 'logind' var always available
      contrib/systemd: Use a different group
      meson: Support building builtin without seatd
      readme: Update discuss section
      libseat/seatd: Return executed events
      libseat/seatd: Add dispatch_pending_and_execute
      libseat: Rename dispatch_background in backends
      seatd: We shouldn't poll if predispatch > 0
      seatd: s6-style readiness notification support
      seatd: Only set UID/GID when specified
      seatd-launch: Add seatd launch wrapper
      ci: Use seatd-launch
      ci: Fix meson flags
      seatd-launch: Command line argument support
      seatd: Improve socket permission error handling
      seatd: Use path in chmod/chown operations
      logind: Remove redundant null check
      libseat: Fix build of builtin backend
      seat: Avoid holding a tty fd
      seat: Allow new clients when active is pending ack
      seatd-launch: Set socket permissions directly
      man: Add simple seatd-launch(1) page
      seatd-launch: Fix chmod error goto
      Bump version to 0.6.0

Simeon Schaub (1):
      link with rt

Simon Ser (15):
      Add no-op session
      meson: declare libseat dependency
      build: add explicit logind provider option, auto-detect by default
      build: fix logind feature summary when auto-detected
      build: don't explicitly search for sh
      build: don't allow "auto" for seatd, builtin, server and examples
      build: disable logind on -Dauto_features=disabled -Dlogind=auto
      build: set pkgconfig/dependency variables for features
      libseat/seatd: downgrade ENOENT log to info
      build: add prefix to libseat options
      seatd-launch: propagate child exit status
      seatd-launch: don't use gotos in child processes
      seatd-launch: check for getpwuid errors
      Make libseat_seat_listener const
      Add .editorconfig

0.5.0 3 years ago .tar.gz browse log

seatd 0.5.0

Aleksei Bavshin (1):
      meson: ignore 'man-pages' if 'server' is disabled

Isaac Freund (1):
      libseat: log error when failing to open socket

Kenny Levinsen (29):
      ci: Clean up build manifests
      poller: Retry poll immediately on EINTR
      client: More robust handling of client links
      terminal: Improve logging
      logind: switch_session should return 0 on success
      client: Do not use SOL_SOCKET for LOCAL_PEERCRED
      client: Use cr_pid if available
      client: Fix typo in cr_pid usage
      simpletest: Close fd after closing device
      logind: Send ReleaseControl when closing seat
      seat: Remove unused arg from seat_deactive_device
      client: Replace pending_disable with state enum
      seatd: Tear down VT when disabled client closes
      libseat: Fix typo in doc string
      logind: Fix return values from close_device/get_fd
      seatd: Set errno in seat_add_client
      Convert a few debug logs to error logs
      seatd: Clean up debug logs a bit
      client: Remove link if seat_add_client succeeds
      seatd: Close cur_ttyfd in seat_destroy
      clang-format
      log: Remove function name from log
      Normalize log texts a bit
      log: Include debug logs in release builds
      meson: Clean up test declarations a bit
      meson: Make summary prettier
      meson: Fix indentation
      ci: Add clang-extra-tools to alpine
      Bump version to 0.5.0

Simon Ser (1):
      libseat/backend/logind: stop waiting for CanGraphical
1 / 2