commit: 7bf4c3b3b8cedd4960c163eccac57eb55883ab96 Author: Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com> AuthorDate: Thu Nov 12 23:54:29 2015 +0000 Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> CommitDate: Sat Nov 14 15:22:53 2015 +0000 URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=7bf4c3b3
kde-plasma/plasma-workspace: USE=pam, fix setuid, block kdebase-pam:4 SUID optional per kcheckpass/README, only required for shadow based login setuid code in upstream cmake does not work, do it manually instead if USE=-pam Block kdebase-pam which sneakily sabotaged plasma-workspace in /etc/pam.d, leading to broken screenlocker bugs like #564618 Package-Manager: portage-2.2.24 .../plasma-workspace-5.4.3-no-SUID-no-GUID.patch | 16 ++++++++++++++++ ....4.3.ebuild => plasma-workspace-5.4.3-r1.ebuild} | 21 +++++++++++++++------ .../plasma-workspace-5.4.49.9999.ebuild | 21 +++++++++++++++------ 3 files changed, 46 insertions(+), 12 deletions(-) diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch new file mode 100644 index 0000000..a099b23 --- /dev/null +++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch @@ -0,0 +1,16 @@ +diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt +index a63fa1403e897e70989dc2e1ba7eed4bc69cbb51..12d1bfb3c690eca1acf344045a92eb942669da83 100644 +--- a/ksmserver/screenlocker/kcheckpass/CMakeLists.txt ++++ b/ksmserver/screenlocker/kcheckpass/CMakeLists.txt +@@ -22,10 +22,6 @@ endif () + + set_property(TARGET kcheckpass APPEND_STRING PROPERTY COMPILE_FLAGS " -U_REENTRANT") + target_link_libraries(kcheckpass ${UNIXAUTH_LIBRARIES} ${SOCKET_LIBRARIES}) +-install(TARGETS kcheckpass DESTINATION ${KDE_INSTALL_LIBEXECDIR}) +-install(CODE " +- set(KCP_PATH \"\$ENV{DESTDIR}${KDE_INSTALL_LIBEXECDIR}/kcheckpass\") +- execute_process(COMMAND sh -c \"chown root '\${KCP_PATH}' && chmod +s '\${KCP_PATH}'\") +-") ++install(TARGETS kcheckpass DESTINATION ${LIBEXEC_INSTALL_DIR}) + + #EXTRA_DIST = README diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild similarity index 92% rename from kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild rename to kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild index 52f30c5..a0c34fd 100644 --- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild +++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild @@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils DESCRIPTION="KDE Plasma workspace" KEYWORDS=" ~amd64 ~x86" -IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor" +IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor" COMMON_DEPEND=" - $(add_plasma_dep kwayland) - $(add_plasma_dep kwin) - $(add_plasma_dep libkscreen) - $(add_plasma_dep libksysguard) $(add_frameworks_dep baloo) $(add_frameworks_dep kactivities) $(add_frameworks_dep kauth) @@ -58,6 +54,10 @@ COMMON_DEPEND=" $(add_frameworks_dep kxmlrpcclient) $(add_frameworks_dep plasma) $(add_frameworks_dep solid) + $(add_plasma_dep kwayland) + $(add_plasma_dep kwin) + $(add_plasma_dep libkscreen) + $(add_plasma_dep libksysguard) dev-libs/wayland dev-qt/qtconcurrent:5 dev-qt/qtdbus:5 @@ -70,7 +70,6 @@ COMMON_DEPEND=" dev-qt/qtx11extras:5 dev-qt/qtxml:5 media-libs/phonon[qt5] - sys-libs/pam sys-libs/zlib x11-libs/libICE x11-libs/libSM @@ -88,6 +87,7 @@ COMMON_DEPEND=" ) geolocation? ( $(add_frameworks_dep networkmanager-qt) ) gps? ( sci-geosciences/gpsd ) + pam? ( virtual/pam ) prison? ( media-libs/prison:5 ) qalculate? ( sci-libs/libqalculate ) systemmonitor? ( @@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND} systemmonitor? ( $(add_plasma_dep ksysguard) ) !kde-base/freespacenotifier:4 !kde-base/libtaskmanager:4 + !<kde-base/kcheckpass-4.11.22-r1:4 !kde-base/kcminit:4 + !kde-base/kdebase-pam:4 !kde-base/kdebase-startkde:4 !kde-base/klipper:4 !kde-base/krunner:4 @@ -127,6 +129,7 @@ PATCHES=( "${FILESDIR}/${PN}-5.4-startkde-script.patch" "${FILESDIR}/${PN}-5.4-consolekit2.patch" "${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110 + "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch" ) RESTRICT="test" @@ -164,6 +167,7 @@ src_prepare() { src_configure() { local mycmakeargs=( + $(cmake-utils_use_find_package pam) $(cmake-utils_use_find_package dbus dbusmenu-qt5) $(cmake-utils_use_find_package gps libgps) $(cmake-utils_use_find_package prison) @@ -185,6 +189,11 @@ src_install() { insinto /etc/plasma/shutdown doins "${FILESDIR}/agent-shutdown.sh" + + if ! use pam; then + chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die + chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die + fi } pkg_postinst () { diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild index 7b58192..1cd19ef 100644 --- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild +++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild @@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils DESCRIPTION="KDE Plasma workspace" KEYWORDS="" -IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor" +IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor" COMMON_DEPEND=" - $(add_plasma_dep kwayland) - $(add_plasma_dep kwin) - $(add_plasma_dep libkscreen) - $(add_plasma_dep libksysguard) $(add_frameworks_dep baloo) $(add_frameworks_dep kactivities) $(add_frameworks_dep kauth) @@ -58,6 +54,10 @@ COMMON_DEPEND=" $(add_frameworks_dep kxmlrpcclient) $(add_frameworks_dep plasma) $(add_frameworks_dep solid) + $(add_plasma_dep kwayland) + $(add_plasma_dep kwin) + $(add_plasma_dep libkscreen) + $(add_plasma_dep libksysguard) dev-libs/wayland dev-qt/qtconcurrent:5 dev-qt/qtdbus:5 @@ -70,7 +70,6 @@ COMMON_DEPEND=" dev-qt/qtx11extras:5 dev-qt/qtxml:5 media-libs/phonon[qt5] - sys-libs/pam sys-libs/zlib x11-libs/libICE x11-libs/libSM @@ -88,6 +87,7 @@ COMMON_DEPEND=" ) geolocation? ( $(add_frameworks_dep networkmanager-qt) ) gps? ( sci-geosciences/gpsd ) + pam? ( virtual/pam ) prison? ( media-libs/prison:5 ) qalculate? ( sci-libs/libqalculate ) systemmonitor? ( @@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND} systemmonitor? ( $(add_plasma_dep ksysguard) ) !kde-base/freespacenotifier:4 !kde-base/libtaskmanager:4 + !<kde-base/kcheckpass-4.11.22-r1:4 !kde-base/kcminit:4 + !kde-base/kdebase-pam:4 !kde-base/kdebase-startkde:4 !kde-base/klipper:4 !kde-base/krunner:4 @@ -127,6 +129,7 @@ PATCHES=( "${FILESDIR}/${PN}-5.4-startkde-script.patch" "${FILESDIR}/${PN}-5.4-consolekit2.patch" "${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110 + "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch" ) RESTRICT="test" @@ -164,6 +167,7 @@ src_prepare() { src_configure() { local mycmakeargs=( + $(cmake-utils_use_find_package pam) $(cmake-utils_use_find_package dbus dbusmenu-qt5) $(cmake-utils_use_find_package gps libgps) $(cmake-utils_use_find_package prison) @@ -185,6 +189,11 @@ src_install() { insinto /etc/plasma/shutdown doins "${FILESDIR}/agent-shutdown.sh" + + if ! use pam; then + chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die + chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die + fi } pkg_postinst () {