aboutsummaryrefslogtreecommitdiffstats
path: root/community/slock
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2016-12-02 18:33:54 +0100
committerSören Tempel <soeren+git@soeren-tempel.net>2016-12-22 23:28:12 +0100
commit3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71 (patch)
treecf7b0cb5e24118aaa7c2969400410c9fb9949d8e /community/slock
parent4099c94ce1b2a46591af48b8d8ec9695941d55ee (diff)
downloadaports-3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71.tar.bz2
aports-3a5787d2e7a58370f0227cfa7a5dd4cdf9640c71.tar.xz
community/slock: upgrade to 1.4
Diffstat (limited to 'community/slock')
-rw-r--r--community/slock/0001-clear-passwords-with-explicit_bzero.patch146
-rw-r--r--community/slock/APKBUILD20
-rw-r--r--community/slock/CVE-2016-6866.patch43
3 files changed, 6 insertions, 203 deletions
diff --git a/community/slock/0001-clear-passwords-with-explicit_bzero.patch b/community/slock/0001-clear-passwords-with-explicit_bzero.patch
deleted file mode 100644
index 69b6485c07..0000000000
--- a/community/slock/0001-clear-passwords-with-explicit_bzero.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001
-From: Hiltjo Posthuma <hiltjo@codemadness.org>
-Date: Sun, 31 Jul 2016 13:43:00 +0200
-Subject: [PATCH] clear passwords with explicit_bzero
-
-Make sure to explicitly clear memory that is used for password input. memset
-is often optimized out by the compiler.
-
-Brought to attention by the OpenBSD community, see:
-https://marc.info/?t=146989502600003&r=1&w=2
-Thread subject: x11/slock: clear passwords with explicit_bzero
-
-Changes:
-
-- explicit_bzero.c import from libressl-portable.
-- Makefile: add COMPATSRC for compatibility src.
-- config.mk: add separate *BSD section in config.mk to simply uncomment it on
- these platforms.
----
- Makefile | 6 +++---
- config.mk | 4 ++++
- explicit_bzero.c | 19 +++++++++++++++++++
- slock.c | 8 ++++++--
- util.h | 2 ++
- 5 files changed, 34 insertions(+), 5 deletions(-)
- create mode 100644 explicit_bzero.c
- create mode 100644 util.h
-
-diff --git a/Makefile b/Makefile
-index 86b3437..8b3e248 100644
---- a/Makefile
-+++ b/Makefile
-@@ -3,7 +3,7 @@
-
- include config.mk
-
--SRC = slock.c
-+SRC = slock.c ${COMPATSRC}
- OBJ = ${SRC:.c=.o}
-
- all: options slock
-@@ -35,8 +35,8 @@ clean:
- dist: clean
- @echo creating dist tarball
- @mkdir -p slock-${VERSION}
-- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
-- slock-${VERSION}
-+ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
-+ explicit_bzero.c slock.1 slock-${VERSION}
- @tar -cf slock-${VERSION}.tar slock-${VERSION}
- @gzip slock-${VERSION}.tar
- @rm -rf slock-${VERSION}
-diff --git a/config.mk b/config.mk
-index f93879e..3afc061 100644
---- a/config.mk
-+++ b/config.mk
-@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
- CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
- CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
- LDFLAGS = -s ${LIBS}
-+COMPATSRC = explicit_bzero.c
-
- # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
- # On OpenBSD and Darwin remove -lcrypt from LIBS
-+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
-+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
-+#COMPATSRC =
-
- # compiler and linker
- CC = cc
-diff --git a/explicit_bzero.c b/explicit_bzero.c
-new file mode 100644
-index 0000000..3e33ca8
---- /dev/null
-+++ b/explicit_bzero.c
-@@ -0,0 +1,19 @@
-+/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
-+/*
-+ * Public domain.
-+ * Written by Matthew Dempsky.
-+ */
-+
-+#include <string.h>
-+
-+__attribute__((weak)) void
-+__explicit_bzero_hook(void *buf, size_t len)
-+{
-+}
-+
-+void
-+explicit_bzero(void *buf, size_t len)
-+{
-+ memset(buf, 0, len);
-+ __explicit_bzero_hook(buf, len);
-+}
-diff --git a/slock.c b/slock.c
-index c9cdee2..a00fbb9 100644
---- a/slock.c
-+++ b/slock.c
-@@ -23,6 +23,8 @@
- #include <bsd_auth.h>
- #endif
-
-+#include "util.h"
-+
- enum {
- INIT,
- INPUT,
-@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
- * timeout. */
- while (running && !XNextEvent(dpy, &ev)) {
- if (ev.type == KeyPress) {
-- buf[0] = 0;
-+ explicit_bzero(&buf, sizeof(buf));
- num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
- if (IsKeypadKey(ksym)) {
- if (ksym == XK_KP_Enter)
-@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
- XBell(dpy, 100);
- failure = True;
- }
-+ explicit_bzero(&passwd, sizeof(passwd));
- len = 0;
- break;
- case XK_Escape:
-+ explicit_bzero(&passwd, sizeof(passwd));
- len = 0;
- break;
- case XK_BackSpace:
- if (len)
-- --len;
-+ passwd[len--] = 0;
- break;
- default:
- if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
-diff --git a/util.h b/util.h
-new file mode 100644
-index 0000000..6f748b8
---- /dev/null
-+++ b/util.h
-@@ -0,0 +1,2 @@
-+#undef explicit_bzero
-+void explicit_bzero(void *, size_t);
---
-2.9.3
-
diff --git a/community/slock/APKBUILD b/community/slock/APKBUILD
index 2ebcc9759c..9aceb63b90 100644
--- a/community/slock/APKBUILD
+++ b/community/slock/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=slock
-pkgver=1.3
-pkgrel=3
+pkgver=1.4
+pkgrel=0
pkgdesc="A simple screen locker for X"
url="http://tools.suckless.org/slock/"
arch="all"
@@ -13,9 +13,7 @@ makedepends="libxext-dev libxrandr-dev linux-headers"
install=""
options="suid"
subpackages="$pkgname-doc"
-source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz
- 0001-clear-passwords-with-explicit_bzero.patch
- CVE-2016-6866.patch"
+source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz"
# secfixes:
# 1.3-r3:
@@ -39,12 +37,6 @@ package() {
-C "$builddir" install || return 1
}
-md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz
-ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch
-711f1a1810898958559b3f7515c81b72 CVE-2016-6866.patch"
-sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz
-4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch
-ca37f6b759199128564599525176726af8a137247910bedd154fa5c95ba35f39 CVE-2016-6866.patch"
-sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz
-3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch
-919cb98e6ae95855be5dd23fcfc122c5eb15272f16a6c1abbde2339247473aa3d7685461fb38f4e6cff5f12887a36859b081d06033d8cace5a2b762558e7357a CVE-2016-6866.patch"
+md5sums="f91dd5ba50ce7bd1842caeca067086a3 slock-1.4.tar.gz"
+sha256sums="b53849dbc60109a987d7a49b8da197305c29307fd74c12dc18af0d3044392e6a slock-1.4.tar.gz"
+sha512sums="ad285360dd3f16a225159abaf2f82fabf2c675bd74478cf717f68cbe5941a6c620e3c88544ce675ce3ff19af4bb0675c9405685e0f74ee4e84f7d34c61a0532f slock-1.4.tar.gz"
diff --git a/community/slock/CVE-2016-6866.patch b/community/slock/CVE-2016-6866.patch
deleted file mode 100644
index f44bbbd540..0000000000
--- a/community/slock/CVE-2016-6866.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Tue, 30 Aug 2016 22:59:06 +0000
-Subject: fix CVE-2016-6866
-
----
-diff --git a/slock.c b/slock.c
-index 847b328..8ed59ca 100644
---- a/slock.c
-+++ b/slock.c
-@@ -123,7 +123,7 @@ readpw(Display *dpy)
- readpw(Display *dpy, const char *pws)
- #endif
- {
-- char buf[32], passwd[256];
-+ char buf[32], passwd[256], *encrypted;
- int num, screen;
- unsigned int len, color;
- KeySym ksym;
-@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
- #ifdef HAVE_BSD_AUTH
- running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
- #else
-- running = !!strcmp(crypt(passwd, pws), pws);
-+ errno = 0;
-+ if (!(encrypted = crypt(passwd, pws)))
-+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
-+ else
-+ running = !!strcmp(encrypted, pws);
- #endif
- if (running) {
- XBell(dpy, 100);
-@@ -312,6 +316,8 @@ main(int argc, char **argv) {
-
- #ifndef HAVE_BSD_AUTH
- pws = getpw();
-+ if (strlen(pws) < 2)
-+ die("slock: failed to get user password hash.\n");
- #endif
-
- if (!(dpy = XOpenDisplay(NULL)))
---
-cgit v0.9.0.3-65-g4555