x11-misc/slock: Apply patch for CVE-2016-6866 (bug #591664).

Package-Manager: portage-2.3.0
author: Jeroen Roovers <jer@gentoo.org> 2016-08-19 16:46:08 +0200
committer: Jeroen Roovers <jer@gentoo.org> 2016-08-19 16:46:36 +0200
commit: 6dfb6b69f2527547cd08559811ff921e4da4ea0d (patch)
tree: 695012b2783fa7ec88095b21328b7e5fed80cf76 /x11-misc/slock
parent: dev-php/pecl-redis: Add unit tests (diff)
download: gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.tar.gz
gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.tar.bz2
gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.zip
2 files changed, 74 insertions, 0 deletions
diff --git a/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch b/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch
new file mode 100644
index 000000000000..a5043b90978b
--- /dev/null
+++ b/x11-misc/slock/files/slock-1.3-CVE-2016-6866.patch
@@ -0,0 +1,11 @@
+--- a/slock.c
++++ b/slock.c
+@@ -310,6 +310,8 @@
+ 
+ #ifndef HAVE_BSD_AUTH
+ 	pws = getpw();
++	if(strlen(pws) < 2)
++		die("This user has no password set.\n");
+ #endif
+ 
+ 	if (!(dpy = XOpenDisplay(0)))
diff --git a/x11-misc/slock/slock-1.3-r3.ebuild b/x11-misc/slock/slock-1.3-r3.ebuild
new file mode 100644
index 000000000000..5a73ccdf5cbd
--- /dev/null
+++ b/x11-misc/slock/slock-1.3-r3.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit fcaps savedconfig toolchain-funcs
+
+DESCRIPTION="simple X screen locker"
+HOMEPAGE="http://tools.suckless.org/slock"
+SRC_URI="http://dl.suckless.org/tools/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86 ~x86-fbsd"
+
+RDEPEND="
+	x11-libs/libX11
+	x11-libs/libXext
+	x11-libs/libXrandr
+"
+DEPEND="
+	${RDEPEND}
+	x11-proto/randrproto
+	x11-proto/xproto
+"
+
+src_prepare() {
+	eapply \
+		"${FILESDIR}"/${PN}-1.3-warning.patch \
+		"${FILESDIR}"/${PN}-1.3-CVE-2016-6866.patch
+
+	eapply_user
+
+	sed -i \
+		-e '/^CFLAGS/{s: -Os::g; s:= :+= :g}' \
+		-e '/^CC/d' \
+		-e '/^LDFLAGS/{s:-s::g; s:= :+= :g}' \
+		config.mk || die
+	sed -i \
+		-e 's|@${CC}|$(CC)|g' \
+		Makefile || die
+	if use elibc_FreeBSD; then
+		sed -i -e 's/-DHAVE_SHADOW_H//' config.mk || die
+	fi
+	restore_config config.h
+	tc-export CC
+}
+
+src_compile() { emake slock; }
+
+src_install() {
+	dobin slock
+	save_config config.h
+}
+
+pkg_postinst() {
+	# cap_dac_read_search used to be enough for shadow access
+	# but now slock wants to write to /proc/self/oom_score_adj
+	# and for that it needs:
+	fcaps cap_dac_override,cap_sys_resource /usr/bin/slock
+
+	savedconfig_pkg_postinst
+}
author	Jeroen Roovers <jer@gentoo.org>	2016-08-19 16:46:08 +0200
committer	Jeroen Roovers <jer@gentoo.org>	2016-08-19 16:46:36 +0200
commit	6dfb6b69f2527547cd08559811ff921e4da4ea0d (patch)
tree	695012b2783fa7ec88095b21328b7e5fed80cf76 /x11-misc/slock
parent	dev-php/pecl-redis: Add unit tests (diff)
download	gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.tar.gz gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.tar.bz2 gentoo-6dfb6b69f2527547cd08559811ff921e4da4ea0d.zip