diff --git a/community/slock/APKBUILD b/community/slock/APKBUILD
index dcc42b520bca9344fcadffc9520fc94f6bc23d3a..2ebcc9759c38edf22999b08dc2eeb623abf3149e 100644
--- a/community/slock/APKBUILD
+++ b/community/slock/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=slock
pkgver=1.3
-pkgrel=2
+pkgrel=3
pkgdesc="A simple screen locker for X"
url="http://tools.suckless.org/slock/"
arch="all"
@@ -14,7 +14,12 @@ install=""
options="suid"
subpackages="$pkgname-doc"
source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz
- 0001-clear-passwords-with-explicit_bzero.patch"
+ 0001-clear-passwords-with-explicit_bzero.patch
+ CVE-2016-6866.patch"
+
+# secfixes:
+# 1.3-r3:
+# - CVE-2016-6866
builddir="$srcdir/$pkgname-$pkgver"
prepare() {
@@ -35,8 +40,11 @@ package() {
}
md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz
-ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch"
+ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch
+711f1a1810898958559b3f7515c81b72 CVE-2016-6866.patch"
sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz
-4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch"
+4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch
+ca37f6b759199128564599525176726af8a137247910bedd154fa5c95ba35f39 CVE-2016-6866.patch"
sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz
-3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch"
+3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch
+919cb98e6ae95855be5dd23fcfc122c5eb15272f16a6c1abbde2339247473aa3d7685461fb38f4e6cff5f12887a36859b081d06033d8cace5a2b762558e7357a CVE-2016-6866.patch"
diff --git a/community/slock/CVE-2016-6866.patch b/community/slock/CVE-2016-6866.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f44bbbd5405547841361a7f641521432a4b4447b
--- /dev/null
+++ b/community/slock/CVE-2016-6866.patch
@@ -0,0 +1,43 @@
+From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
+From: Markus Teich <markus.teich@stusta.mhn.de>
+Date: Tue, 30 Aug 2016 22:59:06 +0000
+Subject: fix CVE-2016-6866
+
+---
+diff --git a/slock.c b/slock.c
+index 847b328..8ed59ca 100644
+--- a/slock.c
++++ b/slock.c
+@@ -123,7 +123,7 @@ readpw(Display *dpy)
+ readpw(Display *dpy, const char *pws)
+ #endif
+ {
+- char buf[32], passwd[256];
++ char buf[32], passwd[256], *encrypted;
+ int num, screen;
+ unsigned int len, color;
+ KeySym ksym;
+@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
+ #ifdef HAVE_BSD_AUTH
+ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
+ #else
+- running = !!strcmp(crypt(passwd, pws), pws);
++ errno = 0;
++ if (!(encrypted = crypt(passwd, pws)))
++ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
++ else
++ running = !!strcmp(encrypted, pws);
+ #endif
+ if (running) {
+ XBell(dpy, 100);
+@@ -312,6 +316,8 @@ main(int argc, char **argv) {
+
+ #ifndef HAVE_BSD_AUTH
+ pws = getpw();
++ if (strlen(pws) < 2)
++ die("slock: failed to get user password hash.\n");
+ #endif
+
+ if (!(dpy = XOpenDisplay(NULL)))
+--
+cgit v0.9.0.3-65-g4555