community/slock: upgrade to 1.4

3a5787d2 · Sören Tempel · 4099c94c · 4099c94c · 3a5787d2 · 4099c94c
Commit 3a5787d2 authored 8 years ago by Sören Tempel
--- a/community/slock/0001-clear-passwords-with-explicit_bzero.patch
+++ b/community/slock/0001-clear-passwords-with-explicit_bzero.patch
-From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001
-From: Hiltjo Posthuma <hiltjo@codemadness.org>
-Date: Sun, 31 Jul 2016 13:43:00 +0200
-Subject: [PATCH] clear passwords with explicit_bzero
-
-Make sure to explicitly clear memory that is used for password input. memset
-is often optimized out by the compiler.
-
-Brought to attention by the OpenBSD community, see:
-https://marc.info/?t=146989502600003&r=1&w=2
-Thread subject: x11/slock: clear passwords with explicit_bzero
-
-Changes:
-
- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
-  these platforms.
---
- Makefile         |  6 +++---
- config.mk        |  4 ++++
- explicit_bzero.c | 19 +++++++++++++++++++
- slock.c          |  8 ++++++--
- util.h           |  2 ++
- 5 files changed, 34 insertions(+), 5 deletions(-)
- create mode 100644 explicit_bzero.c
- create mode 100644 util.h
-
-diff --git a/Makefile b/Makefile
-index 86b3437..8b3e248 100644
--- a/Makefile
-+++ b/Makefile
-@@ -3,7 +3,7 @@
- 
- include config.mk
- 
-SRC = slock.c
-+SRC = slock.c ${COMPATSRC}
- OBJ = ${SRC:.c=.o}
- 
- all: options slock
-@@ -35,8 +35,8 @@ clean:
- dist: clean
- 	@echo creating dist tarball
- 	@mkdir -p slock-${VERSION}
-	@cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
-		slock-${VERSION}
-+	@cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
-+		explicit_bzero.c slock.1 slock-${VERSION}
- 	@tar -cf slock-${VERSION}.tar slock-${VERSION}
- 	@gzip slock-${VERSION}.tar
- 	@rm -rf slock-${VERSION}
-diff --git a/config.mk b/config.mk
-index f93879e..3afc061 100644
--- a/config.mk
-+++ b/config.mk
-@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
- CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
- CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
- LDFLAGS = -s ${LIBS}
-+COMPATSRC = explicit_bzero.c
- 
- # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
- # On OpenBSD and Darwin remove -lcrypt from LIBS
-+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
-+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
-+#COMPATSRC =
- 
- # compiler and linker
- CC = cc
-diff --git a/explicit_bzero.c b/explicit_bzero.c
-new file mode 100644
-index 0000000..3e33ca8
--- /dev/null
-+++ b/explicit_bzero.c
-@@ -0,0 +1,19 @@
-+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
-+/*
-+ * Public domain.
-+ * Written by Matthew Dempsky.
-+ */
-+
-+#include <string.h>
-+
-+__attribute__((weak)) void
-+__explicit_bzero_hook(void *buf, size_t len)
-+{
-+}
-+
-+void
-+explicit_bzero(void *buf, size_t len)
-+{
-+	memset(buf, 0, len);
-+	__explicit_bzero_hook(buf, len);
-+}
-diff --git a/slock.c b/slock.c
-index c9cdee2..a00fbb9 100644
--- a/slock.c
-+++ b/slock.c
-@@ -23,6 +23,8 @@
- #include <bsd_auth.h>
- #endif
- 
-+#include "util.h"
-+
- enum {
- 	INIT,
- 	INPUT,
-@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
- 	 * timeout. */
- 	while (running && !XNextEvent(dpy, &ev)) {
- 		if (ev.type == KeyPress) {
-			buf[0] = 0;
-+			explicit_bzero(&buf, sizeof(buf));
- 			num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
- 			if (IsKeypadKey(ksym)) {
- 				if (ksym == XK_KP_Enter)
-@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
- 					XBell(dpy, 100);
- 					failure = True;
- 				}
-+				explicit_bzero(&passwd, sizeof(passwd));
- 				len = 0;
- 				break;
- 			case XK_Escape:
-+				explicit_bzero(&passwd, sizeof(passwd));
- 				len = 0;
- 				break;
- 			case XK_BackSpace:
- 				if (len)
-					--len;
-+					passwd[len--] = 0;
- 				break;
- 			default:
- 				if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
-diff --git a/util.h b/util.h
-new file mode 100644
-index 0000000..6f748b8
--- /dev/null
-+++ b/util.h
-@@ -0,0 +1,2 @@
-+#undef explicit_bzero
-+void explicit_bzero(void *, size_t);
-- 
-2.9.3
-
--- a/community/slock/APKBUILD
+++ b/community/slock/APKBUILD
 # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
 # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
 pkgname=slock
-pkgver=1.3
-pkgrel=3
+pkgver=1.4
+pkgrel=0
 pkgdesc="A simple screen locker for X"
 url="http://tools.suckless.org/slock/"
 arch="all"
@@ -13,9 +13,7 @@ makedepends="libxext-dev libxrandr-dev linux-headers"
 install=""
 options="suid"
 subpackages="$pkgname-doc"
-source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz
-	0001-clear-passwords-with-explicit_bzero.patch
-	CVE-2016-6866.patch"
+source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz"

 # secfixes:
 #   1.3-r3:
@@ -39,12 +37,6 @@ package() {
 		-C "$builddir" install || return 1
 }

-md5sums="825aaeccba9b3b3c1f3d249d47c1396a  slock-1.3.tar.gz
-ca1f6e27e0b86101964c3a0d196d6520  0001-clear-passwords-with-explicit_bzero.patch
-711f1a1810898958559b3f7515c81b72  CVE-2016-6866.patch"
-sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18  slock-1.3.tar.gz
-4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905  0001-clear-passwords-with-explicit_bzero.patch
-ca37f6b759199128564599525176726af8a137247910bedd154fa5c95ba35f39  CVE-2016-6866.patch"
-sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f  slock-1.3.tar.gz
-3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38  0001-clear-passwords-with-explicit_bzero.patch
-919cb98e6ae95855be5dd23fcfc122c5eb15272f16a6c1abbde2339247473aa3d7685461fb38f4e6cff5f12887a36859b081d06033d8cace5a2b762558e7357a  CVE-2016-6866.patch"
+md5sums="f91dd5ba50ce7bd1842caeca067086a3  slock-1.4.tar.gz"
+sha256sums="b53849dbc60109a987d7a49b8da197305c29307fd74c12dc18af0d3044392e6a  slock-1.4.tar.gz"
+sha512sums="ad285360dd3f16a225159abaf2f82fabf2c675bd74478cf717f68cbe5941a6c620e3c88544ce675ce3ff19af4bb0675c9405685e0f74ee4e84f7d34c61a0532f  slock-1.4.tar.gz"
--- a/community/slock/CVE-2016-6866.patch
+++ b/community/slock/CVE-2016-6866.patch
-From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Tue, 30 Aug 2016 22:59:06 +0000
-Subject: fix CVE-2016-6866
-
---
-diff --git a/slock.c b/slock.c
-index 847b328..8ed59ca 100644
--- a/slock.c
-+++ b/slock.c
-@@ -123,7 +123,7 @@ readpw(Display *dpy)
- readpw(Display *dpy, const char *pws)
- #endif
- {
-	char buf[32], passwd[256];
-+	char buf[32], passwd[256], *encrypted;
- 	int num, screen;
- 	unsigned int len, color;
- 	KeySym ksym;
-@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
- #ifdef HAVE_BSD_AUTH
- 				running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
- #else
-				running = !!strcmp(crypt(passwd, pws), pws);
-+				errno = 0;
-+				if (!(encrypted = crypt(passwd, pws)))
-+					fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
-+				else
-+					running = !!strcmp(encrypted, pws);
- #endif
- 				if (running) {
- 					XBell(dpy, 100);
-@@ -312,6 +316,8 @@ main(int argc, char **argv) {
- 
- #ifndef HAVE_BSD_AUTH
- 	pws = getpw();
-+	if (strlen(pws) < 2)
-+		die("slock: failed to get user password hash.\n");
- #endif
- 
- 	if (!(dpy = XOpenDisplay(NULL)))
--
-cgit v0.9.0.3-65-g4555