summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Campbell <zlg@gentoo.org>2016-01-10 01:42:09 -0800
committerDaniel Campbell <zlg@gentoo.org>2016-01-10 01:42:35 -0800
commitc174fed67ba441d51f8375b4dbe9ed74e861c547 (patch)
tree59b0f7b6b3c6b1ebd86ec7a8cb5557a602114acd /x11-misc
parentx11-misc/alock: Take ownership of package (diff)
downloadgentoo-c174fed67ba441d51f8375b4dbe9ed74e861c547.tar.gz
gentoo-c174fed67ba441d51f8375b4dbe9ed74e861c547.tar.bz2
gentoo-c174fed67ba441d51f8375b4dbe9ed74e861c547.zip
x11-misc/alock: revbump to 94-r1
* Fix printf issue on compiling * Remove dependency on libXxf86misc; it's deprecated * Correct strict-aliasing error * Correct handling of setuid() return value Patches will be presented to upstream for review Package-Manager: portage-2.2.26
Diffstat (limited to 'x11-misc')
-rw-r--r--x11-misc/alock/alock-94-r1.ebuild69
-rw-r--r--x11-misc/alock/files/check-setuid.patch31
-rw-r--r--x11-misc/alock/files/fix-aliasing.patch23
-rw-r--r--x11-misc/alock/files/no-xf86misc.patch129
-rw-r--r--x11-misc/alock/files/tidy-printf.patch23
5 files changed, 275 insertions, 0 deletions
diff --git a/x11-misc/alock/alock-94-r1.ebuild b/x11-misc/alock/alock-94-r1.ebuild
new file mode 100644
index 000000000000..ceaceb864a79
--- /dev/null
+++ b/x11-misc/alock/alock-94-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils toolchain-funcs
+
+DESCRIPTION="locks the local X display until a password is entered"
+HOMEPAGE="https://code.google.com/p/alock/
+ http://darkshed.net/projects/alock
+ https://github.com/mgumz/alock"
+SRC_URI="https://alock.googlecode.com/files/alock-svn-${PV}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="imlib pam"
+
+DEPEND="x11-libs/libX11
+ x11-libs/libXext
+ x11-libs/libXpm
+ x11-libs/libXrender
+ x11-libs/libXcursor
+ imlib? ( media-libs/imlib2[X] )
+ pam? ( virtual/pam )"
+RDEPEND="${DEPEND}"
+
+S=${WORKDIR}/${PN}-svn-${PV}
+
+src_prepare() {
+ epatch "${FILESDIR}"/implicit_pointer_conversion_fix_amd64.patch
+ epatch "${FILESDIR}"/check-setuid.patch
+ epatch "${FILESDIR}"/tidy-printf.patch
+ epatch "${FILESDIR}"/fix-aliasing.patch
+ epatch "${FILESDIR}"/no-xf86misc.patch
+}
+
+src_configure() {
+ tc-export CC
+
+ econf \
+ --prefix=/usr \
+ --with-all \
+ $(use_with pam) \
+ $(use_with imlib imlib2)
+}
+
+src_compile() {
+ # xmlto isn't required, so set to 'true' as dummy program
+ # alock.1 is suitable for a manpage
+ emake XMLTO=true
+}
+
+src_install() {
+ dobin src/alock
+ doman alock.1
+ dodoc {CHANGELOG,README,TODO}.txt
+
+ insinto /usr/share/alock/xcursors
+ doins contrib/xcursor-*
+
+ insinto /usr/share/alock/bitmaps
+ doins bitmaps/*
+
+ if ! use pam; then
+ # Sets suid so alock can correctly work with shadow
+ fperms 4755 /usr/bin/alock
+ fi
+}
diff --git a/x11-misc/alock/files/check-setuid.patch b/x11-misc/alock/files/check-setuid.patch
new file mode 100644
index 000000000000..d29beb072950
--- /dev/null
+++ b/x11-misc/alock/files/check-setuid.patch
@@ -0,0 +1,31 @@
+--- a/src/auth_pam.c
++++ b/src/auth_pam.c
+@@ -138,7 +138,12 @@
+
+ /* we can be installed setuid root to support shadow passwords,
+ and we don't need root privileges any longer. --marekm */
+- setuid(getuid());
++ int retval;
++ retval = setuid(getuid());
++ /* if setuid's return value isn't checked, it's a security issue */
++ if (retval != 0) {
++ return 0;
++ }
+
+ return 1;
+ }
+--- a/src/auth_passwd.c
++++ a/src/auth_passwd.c
+@@ -68,7 +68,11 @@
+
+ /* we can be installed setuid root to support shadow passwords,
+ and we don't need root privileges any longer. --marekm */
+- setuid(getuid());
++ int retval;
++ retval = setuid(getuid());
++ if (retval != 0) {
++ return 0;
++ }
+
+ if (strlen(pwd_entry->pw_passwd) < 13) {
+ perror("password entry has no pwd\n");
diff --git a/x11-misc/alock/files/fix-aliasing.patch b/x11-misc/alock/files/fix-aliasing.patch
new file mode 100644
index 000000000000..a4462c256943
--- /dev/null
+++ b/x11-misc/alock/files/fix-aliasing.patch
@@ -0,0 +1,23 @@
+--- a/src/auth_sha2.c
++++ b/src/auth_sha2.c
+@@ -511,7 +517,8 @@
+ *context->buffer = 0x80;
+ }
+ /* Set the bit count: */
+- *(u_int64_t *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
++ /* Use memcpy so we're not casting or aliasing */
++ memcpy(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount, sizeof (context->bitcount));
+
+ /* Final transform: */
+ sha256_transform(context, context->buffer);
+@@ -789,8 +796,8 @@
+ *context->buffer = 0x80;
+ }
+ /* Store the length of input data (in bits): */
+- *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
+- *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
++ memcpy(&context->buffer+SHA512_SHORT_BLOCK_LENGTH, &context->bitcount+1, sizeof (context->bitcount+1));
++ memcpy(&context->buffer+SHA512_SHORT_BLOCK_LENGTH+8, &context->bitcount, sizeof (context->bitcount));
+
+ /* Final transform: */
+ sha512_transform(context, context->buffer);
diff --git a/x11-misc/alock/files/no-xf86misc.patch b/x11-misc/alock/files/no-xf86misc.patch
new file mode 100644
index 000000000000..7ce3326000f8
--- /dev/null
+++ b/x11-misc/alock/files/no-xf86misc.patch
@@ -0,0 +1,129 @@
+--- a/configure
++++ b/configure
+@@ -163,44 +163,6 @@
+ exit 1
+ }
+
+-check_xf86misc() {
+-
+- cat << EOF > tmp.c
+-#include <X11/Xlib.h>
+-#include <X11/extensions/xf86misc.h>
+-int main() {
+- XF86MiscSetGrabKeysState(NULL, True);
+- return 0;
+-}
+-EOF
+- msg_chkfor "extensions/xf86misc.h"
+- if ${CC} ${CFLAGS} -c tmp.c -o /dev/null 2>&3
+- then
+- echo "ok."
+- msg_chkfor "xf86misc"
+- if ${CC} ${CFLAGS} tmp.c -o /dev/null ${LDFLAGS} -lX11 -lXxf86misc 2>&3
+- then
+- echo "ok."
+- echo "#_______________________" >&4
+- echo "WITH_XF86MISC:=1" >&4
+- echo "LIBS += -lXxf86misc" >&4
+- echo "" >&4
+- return
+- fi
+- fi
+- echo "no."
+- echo " "
+- echo "!!! WARNING !!!"
+- echo " if the xserver is configured to allow"
+- echo " 'AllowDeactivateGrabs' or 'AllowClosedownGrabs'"
+- echo " people can bypass alock !!! consider"
+- echo " to install the xf86misc extension!"
+- echo "!!! WARNING !!!"
+- echo " "
+-}
+-
+-
+-
+
+ check_xlib() {
+
+@@ -431,7 +393,6 @@
+ check_docs
+ check_tools
+ check_xlib
+-check_xf86misc
+ check_xlogo16
+ [ "$CHECK_XPM" -eq 1 ] && check_xpm
+ [ "$CHECK_XRENDER" -eq 1 ] && check_xrender
+--- a/src/GNUmakefile
++++ b/src/GNUmakefile
+@@ -46,7 +46,7 @@
+
+ ######################
+
+-MODULES = PAM PASSWD HASH XRENDER XCURSOR XF86MISC IMLIB2 XPM
++MODULES = PAM PASSWD HASH XRENDER XCURSOR IMLIB2 XPM
+ STAND_ALONES = $(subst auth_,,$(SRC_HASH:.c=))
+
+ $(foreach module,$(MODULES),$(eval $(call funcAddModule,$(module))))
+--- a/src/alock.c
++++ b/src/alock.c
+@@ -24,10 +24,6 @@
+ #include <unistd.h>
+ #include <poll.h>
+
+-#ifdef HAVE_XF86MISC
+-#include <X11/extensions/xf86misc.h>
+-#endif
+-
+ /*----------------------------------------------*\
+ \*----------------------------------------------*/
+
+@@ -405,11 +401,6 @@
+ struct aXInfo xinfo;
+ struct aOpts opts;
+
+-#if HAVE_XF86MISC
+- int xf86misc_major = -1;
+- int xf86misc_minor = -1;
+-#endif
+-
+ int arg = 0;
+ const char* cursor_args = NULL;
+ const char* background_args = NULL;
+@@ -587,23 +578,6 @@
+ }
+ }
+
+-#if HAVE_XF86MISC
+- {
+- if (XF86MiscQueryVersion(xinfo.display, &xf86misc_major, &xf86misc_minor) == True) {
+-
+- if (xf86misc_major >= 0 &&
+- xf86misc_minor >= 5 &&
+- XF86MiscSetGrabKeysState(xinfo.display, False) == MiscExtGrabStateLocked) {
+-
+- printf("%s", "alock: cant disable xserver hotkeys to remove grabs.\n");
+- exit(EXIT_FAILURE);
+- }
+-
+- printf("%s", "disabled AllowDeactivateGrabs and AllowClosedownGrabs\n.");
+- }
+- }
+-#endif
+-
+ /* TODO: think about it: do we really need NR_SCREEN cursors ? we grab the
+ * pointer on :*.0 anyway ... */
+ if (XGrabPointer(xinfo.display, xinfo.window[0], False, None,
+@@ -621,13 +595,6 @@
+ opts.cursor->deinit(&xinfo);
+ opts.background->deinit(&xinfo);
+
+-#if HAVE_XF86MISC
+- if (xf86misc_major >= 0 && xf86misc_minor >= 5) {
+- XF86MiscSetGrabKeysState(xinfo.display, True);
+- XFlush(xinfo.display);
+- }
+-#endif
+-
+ XCloseDisplay(xinfo.display);
+
+ return EXIT_SUCCESS;
diff --git a/x11-misc/alock/files/tidy-printf.patch b/x11-misc/alock/files/tidy-printf.patch
new file mode 100644
index 000000000000..06a8a37ba7df
--- /dev/null
+++ b/x11-misc/alock/files/tidy-printf.patch
@@ -0,0 +1,23 @@
+--- a/src/cursor_xcursor.c
++++ a/src/cursor_xcursor.c
+@@ -37,17 +37,17 @@
+ return 0;
+
+ if (!args || strlen(args) < 13) {
+- printf("%s", "alock: error, missing arguments for [xcursor].\n");
++ printf("alock: error, missing arguments for [xcursor].\n");
+ return 0;
+ }
+
+ if (strstr(args, "xcursor:") != args || strstr(&args[8], "file=") != &args[8]) {
+- printf("%s", "alock: error, wrong arguments for [xcursor].\n");
++ printf("alock: error, wrong arguments for [xcursor].\n");
+ return 0;
+ }
+
+ if (!(cursor = XcursorFilenameLoadCursor(xinfo->display, &args[13]))) {
+- printf("%s", "alock: error, couldnt load [%s]\n", &args[13]);
++ printf("alock: error, couldnt load [%s]\n", &args[13]);
+ return 0;
+ }
+