[gentoo-commits] repo/gentoo:master commit in: x11-misc/slock/files/, x11-misc/slock/

[Jeroen Roovers]

commit:     6dfb6b69f2527547cd08559811ff921e4da4ea0d
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 19 14:46:08 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Aug 19 14:46:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6dfb6b69

x11-misc/slock: Apply patch for CVE-2016-6866 (bug #591664).

Package-Manager: portage-2.3.0

 x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch | 11 ++++
 x11-misc/slock/slock-1.3-r3.ebuild                 | 63 ++++++++++++++++++++++
 2 files changed, 74 insertions(+)

diff --git a/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch 
b/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch
new file mode 100644
index 0000000..a5043b9
--- /dev/null
+++ b/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch
@@ -0,0 +1,11 @@
+--- a/slock.c
++++ b/slock.c
+@@ -310,6 +310,8 @@
+ 
+ #ifndef HAVE_BSD_AUTH
+       pws = getpw();
++      if(strlen(pws) < 2)
++              die("This user has no password set.\n");
+ #endif
+ 
+       if (!(dpy = XOpenDisplay(0)))

diff --git a/x11-misc/slock/slock-1.3-r3.ebuild 
b/x11-misc/slock/slock-1.3-r3.ebuild
new file mode 100644
index 0000000..5a73ccd
--- /dev/null
+++ b/x11-misc/slock/slock-1.3-r3.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit fcaps savedconfig toolchain-funcs
+
+DESCRIPTION="simple X screen locker"
+HOMEPAGE="http://tools.suckless.org/slock";
+SRC_URI="http://dl.suckless.org/tools/${P}.tar.gz";
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86 ~x86-fbsd"
+
+RDEPEND="
+       x11-libs/libX11
+       x11-libs/libXext
+       x11-libs/libXrandr
+"
+DEPEND="
+       ${RDEPEND}
+       x11-proto/randrproto
+       x11-proto/xproto
+"
+
+src_prepare() {
+       eapply \
+               "${FILESDIR}"/${PN}-1.3-warning.patch \
+               "${FILESDIR}"/${PN}-1.3-CVE-2016-6866.patch
+
+       eapply_user
+
+       sed -i \
+               -e '/^CFLAGS/{s: -Os::g; s:= :+= :g}' \
+               -e '/^CC/d' \
+               -e '/^LDFLAGS/{s:-s::g; s:= :+= :g}' \
+               config.mk || die
+       sed -i \
+               -e 's|@${CC}|$(CC)|g' \
+               Makefile || die
+       if use elibc_FreeBSD; then
+               sed -i -e 's/-DHAVE_SHADOW_H//' config.mk || die
+       fi
+       restore_config config.h
+       tc-export CC
+}
+
+src_compile() { emake slock; }
+
+src_install() {
+       dobin slock
+       save_config config.h
+}
+
+pkg_postinst() {
+       # cap_dac_read_search used to be enough for shadow access
+       # but now slock wants to write to /proc/self/oom_score_adj
+       # and for that it needs:
+       fcaps cap_dac_override,cap_sys_resource /usr/bin/slock
+
+       savedconfig_pkg_postinst
+}