diff options
author | Sören Tempel <soeren+git@soeren-tempel.net> | 2016-12-02 18:33:54 +0100 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2016-12-22 23:28:12 +0100 |
commit | 3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71 (patch) | |
tree | cf7b0cb5e24118aaa7c2969400410c9fb9949d8e /community/slock | |
parent | 4099c94ce1b2a46591af48b8d8ec9695941d55ee (diff) | |
download | aports-3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71.tar.bz2 aports-3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71.tar.xz |
community/slock: upgrade to 1.4
Diffstat (limited to 'community/slock')
-rw-r--r-- | community/slock/0001-clear-passwords-with-explicit_bzero.patch | 146 | ||||
-rw-r--r-- | community/slock/APKBUILD | 20 | ||||
-rw-r--r-- | community/slock/CVE-2016-6866.patch | 43 |
3 files changed, 6 insertions, 203 deletions
diff --git a/community/slock/0001-clear-passwords-with-explicit_bzero.patch b/community/slock/0001-clear-passwords-with-explicit_bzero.patch deleted file mode 100644 index 69b6485c07..0000000000 --- a/community/slock/0001-clear-passwords-with-explicit_bzero.patch +++ /dev/null @@ -1,146 +0,0 @@ -From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001 -From: Hiltjo Posthuma <hiltjo@codemadness.org> -Date: Sun, 31 Jul 2016 13:43:00 +0200 -Subject: [PATCH] clear passwords with explicit_bzero - -Make sure to explicitly clear memory that is used for password input. memset -is often optimized out by the compiler. - -Brought to attention by the OpenBSD community, see: -https://marc.info/?t=146989502600003&r=1&w=2 -Thread subject: x11/slock: clear passwords with explicit_bzero - -Changes: - -- explicit_bzero.c import from libressl-portable. -- Makefile: add COMPATSRC for compatibility src. -- config.mk: add separate *BSD section in config.mk to simply uncomment it on - these platforms. ---- - Makefile | 6 +++--- - config.mk | 4 ++++ - explicit_bzero.c | 19 +++++++++++++++++++ - slock.c | 8 ++++++-- - util.h | 2 ++ - 5 files changed, 34 insertions(+), 5 deletions(-) - create mode 100644 explicit_bzero.c - create mode 100644 util.h - -diff --git a/Makefile b/Makefile -index 86b3437..8b3e248 100644 ---- a/Makefile -+++ b/Makefile -@@ -3,7 +3,7 @@ - - include config.mk - --SRC = slock.c -+SRC = slock.c ${COMPATSRC} - OBJ = ${SRC:.c=.o} - - all: options slock -@@ -35,8 +35,8 @@ clean: - dist: clean - @echo creating dist tarball - @mkdir -p slock-${VERSION} -- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \ -- slock-${VERSION} -+ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \ -+ explicit_bzero.c slock.1 slock-${VERSION} - @tar -cf slock-${VERSION}.tar slock-${VERSION} - @gzip slock-${VERSION}.tar - @rm -rf slock-${VERSION} -diff --git a/config.mk b/config.mk -index f93879e..3afc061 100644 ---- a/config.mk -+++ b/config.mk -@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr - CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H - CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} - LDFLAGS = -s ${LIBS} -+COMPATSRC = explicit_bzero.c - - # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH - # On OpenBSD and Darwin remove -lcrypt from LIBS -+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr -+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE -+#COMPATSRC = - - # compiler and linker - CC = cc -diff --git a/explicit_bzero.c b/explicit_bzero.c -new file mode 100644 -index 0000000..3e33ca8 ---- /dev/null -+++ b/explicit_bzero.c -@@ -0,0 +1,19 @@ -+/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ -+/* -+ * Public domain. -+ * Written by Matthew Dempsky. -+ */ -+ -+#include <string.h> -+ -+__attribute__((weak)) void -+__explicit_bzero_hook(void *buf, size_t len) -+{ -+} -+ -+void -+explicit_bzero(void *buf, size_t len) -+{ -+ memset(buf, 0, len); -+ __explicit_bzero_hook(buf, len); -+} -diff --git a/slock.c b/slock.c -index c9cdee2..a00fbb9 100644 ---- a/slock.c -+++ b/slock.c -@@ -23,6 +23,8 @@ - #include <bsd_auth.h> - #endif - -+#include "util.h" -+ - enum { - INIT, - INPUT, -@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws) - * timeout. */ - while (running && !XNextEvent(dpy, &ev)) { - if (ev.type == KeyPress) { -- buf[0] = 0; -+ explicit_bzero(&buf, sizeof(buf)); - num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); - if (IsKeypadKey(ksym)) { - if (ksym == XK_KP_Enter) -@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws) - XBell(dpy, 100); - failure = True; - } -+ explicit_bzero(&passwd, sizeof(passwd)); - len = 0; - break; - case XK_Escape: -+ explicit_bzero(&passwd, sizeof(passwd)); - len = 0; - break; - case XK_BackSpace: - if (len) -- --len; -+ passwd[len--] = 0; - break; - default: - if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { -diff --git a/util.h b/util.h -new file mode 100644 -index 0000000..6f748b8 ---- /dev/null -+++ b/util.h -@@ -0,0 +1,2 @@ -+#undef explicit_bzero -+void explicit_bzero(void *, size_t); --- -2.9.3 - diff --git a/community/slock/APKBUILD b/community/slock/APKBUILD index 2ebcc9759c..9aceb63b90 100644 --- a/community/slock/APKBUILD +++ b/community/slock/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> pkgname=slock -pkgver=1.3 -pkgrel=3 +pkgver=1.4 +pkgrel=0 pkgdesc="A simple screen locker for X" url="http://tools.suckless.org/slock/" arch="all" @@ -13,9 +13,7 @@ makedepends="libxext-dev libxrandr-dev linux-headers" install="" options="suid" subpackages="$pkgname-doc" -source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz - 0001-clear-passwords-with-explicit_bzero.patch - CVE-2016-6866.patch" +source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz" # secfixes: # 1.3-r3: @@ -39,12 +37,6 @@ package() { -C "$builddir" install || return 1 } -md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz -ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch -711f1a1810898958559b3f7515c81b72 CVE-2016-6866.patch" -sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz -4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch -ca37f6b759199128564599525176726af8a137247910bedd154fa5c95ba35f39 CVE-2016-6866.patch" -sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz -3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch -919cb98e6ae95855be5dd23fcfc122c5eb15272f16a6c1abbde2339247473aa3d7685461fb38f4e6cff5f12887a36859b081d06033d8cace5a2b762558e7357a CVE-2016-6866.patch" +md5sums="f91dd5ba50ce7bd1842caeca067086a3 slock-1.4.tar.gz" +sha256sums="b53849dbc60109a987d7a49b8da197305c29307fd74c12dc18af0d3044392e6a slock-1.4.tar.gz" +sha512sums="ad285360dd3f16a225159abaf2f82fabf2c675bd74478cf717f68cbe5941a6c620e3c88544ce675ce3ff19af4bb0675c9405685e0f74ee4e84f7d34c61a0532f slock-1.4.tar.gz" diff --git a/community/slock/CVE-2016-6866.patch b/community/slock/CVE-2016-6866.patch deleted file mode 100644 index f44bbbd540..0000000000 --- a/community/slock/CVE-2016-6866.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Tue, 30 Aug 2016 22:59:06 +0000 -Subject: fix CVE-2016-6866 - ---- -diff --git a/slock.c b/slock.c -index 847b328..8ed59ca 100644 ---- a/slock.c -+++ b/slock.c -@@ -123,7 +123,7 @@ readpw(Display *dpy) - readpw(Display *dpy, const char *pws) - #endif - { -- char buf[32], passwd[256]; -+ char buf[32], passwd[256], *encrypted; - int num, screen; - unsigned int len, color; - KeySym ksym; -@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) - #ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); - #else -- running = !!strcmp(crypt(passwd, pws), pws); -+ errno = 0; -+ if (!(encrypted = crypt(passwd, pws))) -+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ else -+ running = !!strcmp(encrypted, pws); - #endif - if (running) { - XBell(dpy, 100); -@@ -312,6 +316,8 @@ main(int argc, char **argv) { - - #ifndef HAVE_BSD_AUTH - pws = getpw(); -+ if (strlen(pws) < 2) -+ die("slock: failed to get user password hash.\n"); - #endif - - if (!(dpy = XOpenDisplay(NULL))) --- -cgit v0.9.0.3-65-g4555 |