commit: c174fed67ba441d51f8375b4dbe9ed74e861c547 Author: Daniel Campbell <zlg <AT> gentoo <DOT> org> AuthorDate: Sun Jan 10 09:42:09 2016 +0000 Commit: Daniel Campbell <zlg <AT> gentoo <DOT> org> CommitDate: Sun Jan 10 09:42:35 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c174fed6
x11-misc/alock: revbump to 94-r1 * Fix printf issue on compiling * Remove dependency on libXxf86misc; it's deprecated * Correct strict-aliasing error * Correct handling of setuid() return value Patches will be presented to upstream for review Package-Manager: portage-2.2.26 x11-misc/alock/alock-94-r1.ebuild | 69 +++++++++++++++++ x11-misc/alock/files/check-setuid.patch | 31 ++++++++ x11-misc/alock/files/fix-aliasing.patch | 23 ++++++ x11-misc/alock/files/no-xf86misc.patch | 129 ++++++++++++++++++++++++++++++++ x11-misc/alock/files/tidy-printf.patch | 23 ++++++ 5 files changed, 275 insertions(+) diff --git a/x11-misc/alock/alock-94-r1.ebuild b/x11-misc/alock/alock-94-r1.ebuild new file mode 100644 index 0000000..ceaceb8 --- /dev/null +++ b/x11-misc/alock/alock-94-r1.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils toolchain-funcs + +DESCRIPTION="locks the local X display until a password is entered" +HOMEPAGE="https://code.google.com/p/alock/ + http://darkshed.net/projects/alock + https://github.com/mgumz/alock"; +SRC_URI="https://alock.googlecode.com/files/alock-svn-${PV}.tar.bz2"; + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="imlib pam" + +DEPEND="x11-libs/libX11 + x11-libs/libXext + x11-libs/libXpm + x11-libs/libXrender + x11-libs/libXcursor + imlib? ( media-libs/imlib2[X] ) + pam? ( virtual/pam )" +RDEPEND="${DEPEND}" + +S=${WORKDIR}/${PN}-svn-${PV} + +src_prepare() { + epatch "${FILESDIR}"/implicit_pointer_conversion_fix_amd64.patch + epatch "${FILESDIR}"/check-setuid.patch + epatch "${FILESDIR}"/tidy-printf.patch + epatch "${FILESDIR}"/fix-aliasing.patch + epatch "${FILESDIR}"/no-xf86misc.patch +} + +src_configure() { + tc-export CC + + econf \ + --prefix=/usr \ + --with-all \ + $(use_with pam) \ + $(use_with imlib imlib2) +} + +src_compile() { + # xmlto isn't required, so set to 'true' as dummy program + # alock.1 is suitable for a manpage + emake XMLTO=true +} + +src_install() { + dobin src/alock + doman alock.1 + dodoc {CHANGELOG,README,TODO}.txt + + insinto /usr/share/alock/xcursors + doins contrib/xcursor-* + + insinto /usr/share/alock/bitmaps + doins bitmaps/* + + if ! use pam; then + # Sets suid so alock can correctly work with shadow + fperms 4755 /usr/bin/alock + fi +} diff --git a/x11-misc/alock/files/check-setuid.patch b/x11-misc/alock/files/check-setuid.patch new file mode 100644 index 0000000..d29beb0 --- /dev/null +++ b/x11-misc/alock/files/check-setuid.patch @@ -0,0 +1,31 @@ +--- a/src/auth_pam.c ++++ b/src/auth_pam.c +@@ -138,7 +138,12 @@ + + /* we can be installed setuid root to support shadow passwords, + and we don't need root privileges any longer. --marekm */ +- setuid(getuid()); ++ int retval; ++ retval = setuid(getuid()); ++ /* if setuid's return value isn't checked, it's a security issue */ ++ if (retval != 0) { ++ return 0; ++ } + + return 1; + } +--- a/src/auth_passwd.c ++++ a/src/auth_passwd.c +@@ -68,7 +68,11 @@ + + /* we can be installed setuid root to support shadow passwords, + and we don't need root privileges any longer. --marekm */ +- setuid(getuid()); ++ int retval; ++ retval = setuid(getuid()); ++ if (retval != 0) { ++ return 0; ++ } + + if (strlen(pwd_entry->pw_passwd) < 13) { + perror("password entry has no pwd\n"); diff --git a/x11-misc/alock/files/fix-aliasing.patch b/x11-misc/alock/files/fix-aliasing.patch new file mode 100644 index 0000000..a4462c2 --- /dev/null +++ b/x11-misc/alock/files/fix-aliasing.patch @@ -0,0 +1,23 @@ +--- a/src/auth_sha2.c ++++ b/src/auth_sha2.c +@@ -511,7 +517,8 @@ + *context->buffer = 0x80; + } + /* Set the bit count: */ +- *(u_int64_t *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; ++ /* Use memcpy so we're not casting or aliasing */ ++ memcpy(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount, sizeof (context->bitcount)); + + /* Final transform: */ + sha256_transform(context, context->buffer); +@@ -789,8 +796,8 @@ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits): */ +- *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; +- *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; ++ memcpy(&context->buffer+SHA512_SHORT_BLOCK_LENGTH, &context->bitcount+1, sizeof (context->bitcount+1)); ++ memcpy(&context->buffer+SHA512_SHORT_BLOCK_LENGTH+8, &context->bitcount, sizeof (context->bitcount)); + + /* Final transform: */ + sha512_transform(context, context->buffer); diff --git a/x11-misc/alock/files/no-xf86misc.patch b/x11-misc/alock/files/no-xf86misc.patch new file mode 100644 index 0000000..7ce3326 --- /dev/null +++ b/x11-misc/alock/files/no-xf86misc.patch @@ -0,0 +1,129 @@ +--- a/configure ++++ b/configure +@@ -163,44 +163,6 @@ + exit 1 + } + +-check_xf86misc() { +- +- cat << EOF > tmp.c +-#include <X11/Xlib.h> +-#include <X11/extensions/xf86misc.h> +-int main() { +- XF86MiscSetGrabKeysState(NULL, True); +- return 0; +-} +-EOF +- msg_chkfor "extensions/xf86misc.h" +- if ${CC} ${CFLAGS} -c tmp.c -o /dev/null 2>&3 +- then +- echo "ok." +- msg_chkfor "xf86misc" +- if ${CC} ${CFLAGS} tmp.c -o /dev/null ${LDFLAGS} -lX11 -lXxf86misc 2>&3 +- then +- echo "ok." +- echo "#_______________________" >&4 +- echo "WITH_XF86MISC:=1" >&4 +- echo "LIBS += -lXxf86misc" >&4 +- echo "" >&4 +- return +- fi +- fi +- echo "no." +- echo " " +- echo "!!! WARNING !!!" +- echo " if the xserver is configured to allow" +- echo " 'AllowDeactivateGrabs' or 'AllowClosedownGrabs'" +- echo " people can bypass alock !!! consider" +- echo " to install the xf86misc extension!" +- echo "!!! WARNING !!!" +- echo " " +-} +- +- +- + + check_xlib() { + +@@ -431,7 +393,6 @@ + check_docs + check_tools + check_xlib +-check_xf86misc + check_xlogo16 + [ "$CHECK_XPM" -eq 1 ] && check_xpm + [ "$CHECK_XRENDER" -eq 1 ] && check_xrender +--- a/src/GNUmakefile ++++ b/src/GNUmakefile +@@ -46,7 +46,7 @@ + + ###################### + +-MODULES = PAM PASSWD HASH XRENDER XCURSOR XF86MISC IMLIB2 XPM ++MODULES = PAM PASSWD HASH XRENDER XCURSOR IMLIB2 XPM + STAND_ALONES = $(subst auth_,,$(SRC_HASH:.c=)) + + $(foreach module,$(MODULES),$(eval $(call funcAddModule,$(module)))) +--- a/src/alock.c ++++ b/src/alock.c +@@ -24,10 +24,6 @@ + #include <unistd.h> + #include <poll.h> + +-#ifdef HAVE_XF86MISC +-#include <X11/extensions/xf86misc.h> +-#endif +- + /*----------------------------------------------*\ + \*----------------------------------------------*/ + +@@ -405,11 +401,6 @@ + struct aXInfo xinfo; + struct aOpts opts; + +-#if HAVE_XF86MISC +- int xf86misc_major = -1; +- int xf86misc_minor = -1; +-#endif +- + int arg = 0; + const char* cursor_args = NULL; + const char* background_args = NULL; +@@ -587,23 +578,6 @@ + } + } + +-#if HAVE_XF86MISC +- { +- if (XF86MiscQueryVersion(xinfo.display, &xf86misc_major, &xf86misc_minor) == True) { +- +- if (xf86misc_major >= 0 && +- xf86misc_minor >= 5 && +- XF86MiscSetGrabKeysState(xinfo.display, False) == MiscExtGrabStateLocked) { +- +- printf("%s", "alock: cant disable xserver hotkeys to remove grabs.\n"); +- exit(EXIT_FAILURE); +- } +- +- printf("%s", "disabled AllowDeactivateGrabs and AllowClosedownGrabs\n."); +- } +- } +-#endif +- + /* TODO: think about it: do we really need NR_SCREEN cursors ? we grab the + * pointer on :*.0 anyway ... */ + if (XGrabPointer(xinfo.display, xinfo.window[0], False, None, +@@ -621,13 +595,6 @@ + opts.cursor->deinit(&xinfo); + opts.background->deinit(&xinfo); + +-#if HAVE_XF86MISC +- if (xf86misc_major >= 0 && xf86misc_minor >= 5) { +- XF86MiscSetGrabKeysState(xinfo.display, True); +- XFlush(xinfo.display); +- } +-#endif +- + XCloseDisplay(xinfo.display); + + return EXIT_SUCCESS; diff --git a/x11-misc/alock/files/tidy-printf.patch b/x11-misc/alock/files/tidy-printf.patch new file mode 100644 index 0000000..06a8a37 --- /dev/null +++ b/x11-misc/alock/files/tidy-printf.patch @@ -0,0 +1,23 @@ +--- a/src/cursor_xcursor.c ++++ a/src/cursor_xcursor.c +@@ -37,17 +37,17 @@ + return 0; + + if (!args || strlen(args) < 13) { +- printf("%s", "alock: error, missing arguments for [xcursor].\n"); ++ printf("alock: error, missing arguments for [xcursor].\n"); + return 0; + } + + if (strstr(args, "xcursor:") != args || strstr(&args[8], "file=") != &args[8]) { +- printf("%s", "alock: error, wrong arguments for [xcursor].\n"); ++ printf("alock: error, wrong arguments for [xcursor].\n"); + return 0; + } + + if (!(cursor = XcursorFilenameLoadCursor(xinfo->display, &args[13]))) { +- printf("%s", "alock: error, couldnt load [%s]\n", &args[13]); ++ printf("alock: error, couldnt load [%s]\n", &args[13]); + return 0; + } +
