x11-misc/slock: Apply patch for CVE-2016-6866 (bug #591664).

Package-Manager: portage-2.3.0
johu · Aug 19, 2016 · 6dfb6b6 · 6dfb6b6
1 parent 924f908
commit 6dfb6b6
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 0 deletions.
diff --git a/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch b/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch
@@ -0,0 +1,11 @@
+--- a/slock.c
++++ b/slock.c
+@@ -310,6 +310,8 @@
+
+ #ifndef HAVE_BSD_AUTH
+ 	pws = getpw();
++	if(strlen(pws) < 2)
++		die("This user has no password set.\n");
+ #endif
+
+ 	if (!(dpy = XOpenDisplay(0)))
diff --git a/x11-misc/slock/slock-1.3-r3.ebuild b/x11-misc/slock/slock-1.3-r3.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit fcaps savedconfig toolchain-funcs
+
+DESCRIPTION="simple X screen locker"
+HOMEPAGE="http://tools.suckless.org/slock"
+SRC_URI="http://dl.suckless.org/tools/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86 ~x86-fbsd"
+
+RDEPEND="
+	x11-libs/libX11
+	x11-libs/libXext
+	x11-libs/libXrandr
+"
+DEPEND="
+	${RDEPEND}
+	x11-proto/randrproto
+	x11-proto/xproto
+"
+
+src_prepare() {
+	eapply \
+		"${FILESDIR}"/${PN}-1.3-warning.patch \
+		"${FILESDIR}"/${PN}-1.3-CVE-2016-6866.patch
+
+	eapply_user
+
+	sed -i \
+		-e '/^CFLAGS/{s: -Os::g; s:= :+= :g}' \
+		-e '/^CC/d' \
+		-e '/^LDFLAGS/{s:-s::g; s:= :+= :g}' \
+		config.mk || die
+	sed -i \
+		-e 's|@${CC}|$(CC)|g' \
+		Makefile || die
+	if use elibc_FreeBSD; then
+		sed -i -e 's/-DHAVE_SHADOW_H//' config.mk || die
+	fi
+	restore_config config.h
+	tc-export CC
+}
+
+src_compile() { emake slock; }
+
+src_install() {
+	dobin slock
+	save_config config.h
+}
+
+pkg_postinst() {
+	# cap_dac_read_search used to be enough for shadow access
+	# but now slock wants to write to /proc/self/oom_score_adj
+	# and for that it needs:
+	fcaps cap_dac_override,cap_sys_resource /usr/bin/slock
+
+	savedconfig_pkg_postinst
+}