commit: 7bf4c3b3b8cedd4960c163eccac57eb55883ab96
Author: Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com>
AuthorDate: Thu Nov 12 23:54:29 2015 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 15:22:53 2015 +0000
URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=7bf4c3b3
kde-plasma/plasma-workspace: USE=pam, fix setuid, block kdebase-pam:4
SUID optional per kcheckpass/README, only required for shadow based login
setuid code in upstream cmake does not work, do it manually instead if USE=-pam
Block kdebase-pam which sneakily sabotaged plasma-workspace in /etc/pam.d,
leading to broken screenlocker bugs like #564618
Package-Manager: portage-2.2.24
.../plasma-workspace-5.4.3-no-SUID-no-GUID.patch | 16 ++++++++++++++++
....4.3.ebuild => plasma-workspace-5.4.3-r1.ebuild} | 21 +++++++++++++++------
.../plasma-workspace-5.4.49.9999.ebuild | 21 +++++++++++++++------
3 files changed, 46 insertions(+), 12 deletions(-)
diff --git
a/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
new file mode 100644
index 0000000..a099b23
--- /dev/null
+++
b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
@@ -0,0 +1,16 @@
+diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt
+index
a63fa1403e897e70989dc2e1ba7eed4bc69cbb51..12d1bfb3c690eca1acf344045a92eb942669da83
100644
+--- a/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
++++ b/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
+@@ -22,10 +22,6 @@ endif ()
+
+ set_property(TARGET kcheckpass APPEND_STRING PROPERTY COMPILE_FLAGS "
-U_REENTRANT")
+ target_link_libraries(kcheckpass ${UNIXAUTH_LIBRARIES} ${SOCKET_LIBRARIES})
+-install(TARGETS kcheckpass DESTINATION ${KDE_INSTALL_LIBEXECDIR})
+-install(CODE "
+- set(KCP_PATH \"\$ENV{DESTDIR}${KDE_INSTALL_LIBEXECDIR}/kcheckpass\")
+- execute_process(COMMAND sh -c \"chown root '\${KCP_PATH}' && chmod +s
'\${KCP_PATH}'\")
+-")
++install(TARGETS kcheckpass DESTINATION ${LIBEXEC_INSTALL_DIR})
+
+ #EXTRA_DIST = README
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild
b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
similarity index 92%
rename from kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild
rename to kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
index 52f30c5..a0c34fd 100644
--- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
@@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils
DESCRIPTION="KDE Plasma workspace"
KEYWORDS=" ~amd64 ~x86"
-IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor"
+IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor"
COMMON_DEPEND="
- $(add_plasma_dep kwayland)
- $(add_plasma_dep kwin)
- $(add_plasma_dep libkscreen)
- $(add_plasma_dep libksysguard)
$(add_frameworks_dep baloo)
$(add_frameworks_dep kactivities)
$(add_frameworks_dep kauth)
@@ -58,6 +54,10 @@ COMMON_DEPEND="
$(add_frameworks_dep kxmlrpcclient)
$(add_frameworks_dep plasma)
$(add_frameworks_dep solid)
+ $(add_plasma_dep kwayland)
+ $(add_plasma_dep kwin)
+ $(add_plasma_dep libkscreen)
+ $(add_plasma_dep libksysguard)
dev-libs/wayland
dev-qt/qtconcurrent:5
dev-qt/qtdbus:5
@@ -70,7 +70,6 @@ COMMON_DEPEND="
dev-qt/qtx11extras:5
dev-qt/qtxml:5
media-libs/phonon[qt5]
- sys-libs/pam
sys-libs/zlib
x11-libs/libICE
x11-libs/libSM
@@ -88,6 +87,7 @@ COMMON_DEPEND="
)
geolocation? ( $(add_frameworks_dep networkmanager-qt) )
gps? ( sci-geosciences/gpsd )
+ pam? ( virtual/pam )
prison? ( media-libs/prison:5 )
qalculate? ( sci-libs/libqalculate )
systemmonitor? (
@@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND}
systemmonitor? ( $(add_plasma_dep ksysguard) )
!kde-base/freespacenotifier:4
!kde-base/libtaskmanager:4
+ !<kde-base/kcheckpass-4.11.22-r1:4
!kde-base/kcminit:4
+ !kde-base/kdebase-pam:4
!kde-base/kdebase-startkde:4
!kde-base/klipper:4
!kde-base/krunner:4
@@ -127,6 +129,7 @@ PATCHES=(
"${FILESDIR}/${PN}-5.4-startkde-script.patch"
"${FILESDIR}/${PN}-5.4-consolekit2.patch"
"${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110
+ "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch"
)
RESTRICT="test"
@@ -164,6 +167,7 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
+ $(cmake-utils_use_find_package pam)
$(cmake-utils_use_find_package dbus dbusmenu-qt5)
$(cmake-utils_use_find_package gps libgps)
$(cmake-utils_use_find_package prison)
@@ -185,6 +189,11 @@ src_install() {
insinto /etc/plasma/shutdown
doins "${FILESDIR}/agent-shutdown.sh"
+
+ if ! use pam; then
+ chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ fi
}
pkg_postinst () {
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
index 7b58192..1cd19ef 100644
--- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
@@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils
DESCRIPTION="KDE Plasma workspace"
KEYWORDS=""
-IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor"
+IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor"
COMMON_DEPEND="
- $(add_plasma_dep kwayland)
- $(add_plasma_dep kwin)
- $(add_plasma_dep libkscreen)
- $(add_plasma_dep libksysguard)
$(add_frameworks_dep baloo)
$(add_frameworks_dep kactivities)
$(add_frameworks_dep kauth)
@@ -58,6 +54,10 @@ COMMON_DEPEND="
$(add_frameworks_dep kxmlrpcclient)
$(add_frameworks_dep plasma)
$(add_frameworks_dep solid)
+ $(add_plasma_dep kwayland)
+ $(add_plasma_dep kwin)
+ $(add_plasma_dep libkscreen)
+ $(add_plasma_dep libksysguard)
dev-libs/wayland
dev-qt/qtconcurrent:5
dev-qt/qtdbus:5
@@ -70,7 +70,6 @@ COMMON_DEPEND="
dev-qt/qtx11extras:5
dev-qt/qtxml:5
media-libs/phonon[qt5]
- sys-libs/pam
sys-libs/zlib
x11-libs/libICE
x11-libs/libSM
@@ -88,6 +87,7 @@ COMMON_DEPEND="
)
geolocation? ( $(add_frameworks_dep networkmanager-qt) )
gps? ( sci-geosciences/gpsd )
+ pam? ( virtual/pam )
prison? ( media-libs/prison:5 )
qalculate? ( sci-libs/libqalculate )
systemmonitor? (
@@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND}
systemmonitor? ( $(add_plasma_dep ksysguard) )
!kde-base/freespacenotifier:4
!kde-base/libtaskmanager:4
+ !<kde-base/kcheckpass-4.11.22-r1:4
!kde-base/kcminit:4
+ !kde-base/kdebase-pam:4
!kde-base/kdebase-startkde:4
!kde-base/klipper:4
!kde-base/krunner:4
@@ -127,6 +129,7 @@ PATCHES=(
"${FILESDIR}/${PN}-5.4-startkde-script.patch"
"${FILESDIR}/${PN}-5.4-consolekit2.patch"
"${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110
+ "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch"
)
RESTRICT="test"
@@ -164,6 +167,7 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
+ $(cmake-utils_use_find_package pam)
$(cmake-utils_use_find_package dbus dbusmenu-qt5)
$(cmake-utils_use_find_package gps libgps)
$(cmake-utils_use_find_package prison)
@@ -185,6 +189,11 @@ src_install() {
insinto /etc/plasma/shutdown
doins "${FILESDIR}/agent-shutdown.sh"
+
+ if ! use pam; then
+ chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ fi
}
pkg_postinst () {
