~ruther/guix-local

f3a53f3c8feedfad2a33462225dca8ea077b151b — Alex Griffin 9 years ago 8efd807 
gnu: slock: Update to 1.4.

* gnu/packages/suckless.scm (slock): Update to 1.4.
[source] Remove CVE-2016-6866 patch (no longer needed).
* gnu/packages/patches/slock-CVE-2016-6866.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.

Signed-off-by: Leo Famulari <leo@famulari.name>
patch browse .tar.gz 
3 files changed, 3 insertions(+), 55 deletions(-)

M gnu/local.mk
D gnu/packages/patches/slock-CVE-2016-6866.patch
M gnu/packages/suckless.scm

M gnu/local.mk => gnu/local.mk +0 -1
@@ 851,7 851,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/slim-sigusr1.patch			\
  %D%/packages/patches/slim-reset.patch				\
  %D%/packages/patches/slim-login.patch				\
  %D%/packages/patches/slock-CVE-2016-6866.patch		\
  %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
  %D%/packages/patches/soprano-find-clucene.patch		\
  %D%/packages/patches/steghide-fixes.patch			\


D gnu/packages/patches/slock-CVE-2016-6866.patch => gnu/packages/patches/slock-CVE-2016-6866.patch +0 -51
@@ 1,51 0,0 @@
Fix CVE-2016-6866.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866
https://security-tracker.debian.org/tracker/CVE-2016-6866

Copied from upstream source repository:
http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29

From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
From: Markus Teich <markus.teich@stusta.mhn.de>
Date: Tue, 30 Aug 2016 22:59:06 +0000
Subject: fix CVE-2016-6866

---
diff --git a/slock.c b/slock.c
index 847b328..8ed59ca 100644
--- a/slock.c
+++ b/slock.c
@@ -123,7 +123,7 @@ readpw(Display *dpy)
 readpw(Display *dpy, const char *pws)
 #endif
 {
-	char buf[32], passwd[256];
+	char buf[32], passwd[256], *encrypted;
 	int num, screen;
 	unsigned int len, color;
 	KeySym ksym;
@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
 #ifdef HAVE_BSD_AUTH
 				running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
 #else
-				running = !!strcmp(crypt(passwd, pws), pws);
+				errno = 0;
+				if (!(encrypted = crypt(passwd, pws)))
+					fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+				else
+					running = !!strcmp(encrypted, pws);
 #endif
 				if (running) {
 					XBell(dpy, 100);
@@ -312,6 +316,8 @@ main(int argc, char **argv) {
 
 #ifndef HAVE_BSD_AUTH
 	pws = getpw();
+	if (strlen(pws) < 2)
+		die("slock: failed to get user password hash.\n");
 #endif
 
 	if (!(dpy = XOpenDisplay(NULL)))
--
cgit v0.9.0.3-65-g4555


M gnu/packages/suckless.scm => gnu/packages/suckless.scm +3 -3
@@ 6,6 6,7 @@
;;; Copyright © 2015 Dmitry Bogatov <KAction@gnu.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
;;;
;;; This file is part of GNU Guix.
;;;


@@ 106,15 107,14 @@ numbers of user-defined menu items efficiently.")
(define-public slock
  (package
    (name "slock")
    (version "1.3")
    (version "1.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://dl.suckless.org/tools/slock-"
                                  version ".tar.gz"))
              (patches (search-patches "slock-CVE-2016-6866.patch"))
              (sha256
               (base32
                "065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s"))))
                "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m"))))
    (build-system gnu-build-system)
    (arguments
     '(#:tests? #f ; no tests